Hi,
When using the smtp proxy, some destinations are not reachable and I get the following bounce:

This is the mail system at host mymailhost.mydomain.tld.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<other@mydomain.tld>: host mx1.otherIspDomain.tld[***.yyy.zzz.146] said:
550-Verification failed for <me@mydomain.tld> 550-Previous (cached) callout
verification failure 550 Sender verification error (recipient) for
me@mydomain.tld (in reply to MAIL FROM command)


Mails do arrive great when disabling the smtp proxy and delivering mail through Astaro to my server with P/DNAT

Is this a bug? I need all the fine features of Astaro to filter incoming mail traffic but do not like to fail on targets.

How can this problem be solved?

Rgd. Adrie

Have you checked to make sure that your domain has the correct reverse DNS entry?

I have to admit that I'm confused. The first half of your post indicates that emails you send get bounced back to you. The second half talks about how you force the Astaro to deliver emails that would be blocked by the spam filter. Rather than disable the SMTP Proxy, why not whitelist the improperly-configured domain for RDNS/HELO?

Cheers- Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

I have the forward and reverse dns records. The domain is <rcan_dot_nl>

The problem is indeed about bounced emails. However the receiving ispmailserver validates the mailsender by verifying the sender, in this case me_at_rcan_dot_nl, BY querying the Astaro, being the smtpproxy. The smtpproxy does not know about me_at_rcan_dot_nl and the message is then rejected. I think the Astaro should query the inside mailserver.

As you can see white-listing will not do.

Sorry, I obviously didn't read your original post closely enough. I guess that the other company needs to either whitelist your domain or they need to upgrade/patch their mailserver.

Whether you want to allow Sender Verify requests is another story, and I don't know if Astaro can be configured to pass those requests. We stopped using it for reasons you can find in these Forums by searching on Sender Verify.

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

Bob,
Solved the issue. By disabling BATV in the "Advanced anti-spam features" at the bottom of the ant-spam tab the mails get to the proper destination. Without the option the isp-mailserver allows the mail in.

Thx for the support.

I don't think you should have to do that, but if you don't mind losing that functionality and you don't want to ask the other people to whitelist your domain.

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

The problem is that that the "other side" does sender address verification using the header sender ("From:" header). This is incompatible with BATV, and also with some mailing list implementations and some "robot" email. They should use the envelope sender instead.

You should be able to create an exception for BATV using a *@theirdomain.com mask entry, instead of turning it off entirely.

__________________
Tom Kistner
Product Development & Administrator
Astaro AG

So, Tom, you're saying that if he leaves BATV enabled, but adds an exception for '*@theirdomain.com' for BATV, then the Astaro will send the verification his correspondant is requesting?

Cool - Thanks!

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!