Exim4 whitelist/blacklist

It seems exim4 whitelist does not work. Does it?
Here is the log:

2019-09-05 16:07:44 H=(bad.remote.addr.net) [195.195.25.95] X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no F=[[email protected]](mailto:[email protected]) rejected RCPT [[email protected]](mailto:[email protected]): Sender verify failed

Then I added the email address and IP of the sender server to the whitelist /etc/exim4/white-blocks.conf
Unfortunately, this didn’t help.
I know that this e-mail address is incorrect, the mail domain is incorrect, but I really need to receive mail from it.
The admin on the other side is unavailable and it is impossible to reconfigure sending mail.
Yesterday, before migrating to hestiacp, the whitelist worked fine.
What am I doing wrong?
Thanks a lot!

Looks like the issue is basicly the sender verification which is set in exim4 configuration: https://github.com/hestiacp/hestiacp/blob/55551036006853c831798a49f7c666690a295785/install/deb/exim/exim4.conf.template#L142

The whitelist function itself is for spam detection or/and blacklists, the sender verify will be triggered always. You could now rewrite this function to also honor the ip whitelist for sender verification, a short google search gave me a lot of results, here a untested example: http://bohwaz.net/p/Exim-whitelist-senders-to-pass-the-sender-verify-callout

It looks but…
On the old server running ispmanager 5, the config also has this line.
require verify = sender
And everything worked fine there.
Well, thank you.

I did it!

Below this acl_check_rcpt: replace accept hosts = : with this code:

    accept  hosts = +relay_from_hosts
            !authenticated = *
            set acl_m6 = whitelisted

    accept  domains = +local_domains : +relay_to_domains
            condition = ${lookup{$sender_address}wildlsearch{/etc/exim4/whitelist}{yes}{no}}
            set acl_m6 = whitelisted
            logwrite = Accepted from $sender_address to [email protected]$domain by whitelist.

    accept  domains = +local_domains : +relay_to_domains
            hosts = net-lsearch;/etc/exim4/whitelist
            set acl_m6 = whitelisted
            logwrite = Accepted from $sender_address to [email protected]$domain by whitelist.

    deny    condition = ${lookup{$sender_address}wildlsearch{/etc/exim4/blacklist}{yes}{no}}
            set acl_m6 = blacklisted
            logwrite = Rejected from $sender_address to [email protected]$domain by blacklist.

    deny    hosts = net-lsearch;/etc/exim4/blacklist
            set acl_m6 = blacklisted
            logwrite = Rejected from $sender_address to [email protected]$domain by blacklist.
1 Like