When your qmail server encounters the "550 Sender Verify Failed" error with responses like:
550-Verification failed for <johnathan@aprimatic.es>
550-No Such User Here
550 Sender verify failed
This indicates the receiving MTA is performing callback verification (also called sender address verification). Many modern mail servers implement this anti-spam measure where they temporarily connect back to your mail server to verify the sender address exists.
First, verify your server's response to VRFY commands:
telnet your.mail.server 25
VRFY johnathan@yourdomain.com
If this returns 250 OK but remote servers get different results, consider:
- Firewall rules blocking verification attempts
- DNS issues (split-horizon DNS or propagation delays)
- qmail configuration problems with rcpthosts
- Greylisting temporarily rejecting verification attempts
To test if the remote host can reach your mail server:
# From the problematic remote server:
telnet your.mail.server 25
HELO verify.example.com
MAIL FROM: <verification@their.domain>
RCPT TO: <johnathan@yourdomain.com>
Monitor your mail logs during this test. Common locations:
/var/log/mail.log
/var/log/qmail/smtpd/current
For qmail, ensure proper rcpthosts configuration:
# /var/qmail/control/rcpthosts must contain:
yourdomain.com
.yourdomain.com # for subdomains
Check your qmail-smtpd run script for any restrictions:
# Typical startup line should include:
/var/qmail/bin/qmail-smtpd /var/qmail/bin/relayctrl /var/qmail/bin/authlib \
/bin/true /var/qmail/bin/sys-checkpwd /bin/true 2>&1
While not directly related to callback verification, having proper SPF records can help:
# DNS TXT record example:
"v=spf1 a mx ip4:your.server.ip ~all"
This tells other servers your authorized sending IPs, which can prevent some verification failures.
One case involved a split-horizon DNS where internal DNS returned correct records but external DNS hadn't propagated. The solution was:
# Force DNS refresh and verify:
dig +trace yourdomain.com MX
named-checkconf
rndc reload
After DNS propagation completed (typically 24-48 hours), callback verification started working properly.
When your qmail server attempts to send emails to certain domains, you encounter the following error:
550-Verification failed for <johnathan@aprimatic.es>
550-No Such User Here
550 Sender verify failed
This indicates the recipient's mail server performs callback verification (also known as sender address verification) and rejects your message because it can't verify your sender address.
When you test manually via telnet and get 250 ok responses, but the remote server fails verification, several possibilities exist:
- The remote server's verification attempt is being blocked by your firewall
- Your mail server responds differently to verification attempts from certain IP ranges
- DNS issues prevent the remote server from properly connecting back
To check if the remote host can properly route to your server:
# Check DNS records from remote perspective
dig +short yourdomain.com MX
dig +short yourdomain.com A
# Test SMTP connectivity from remote network (if possible)
telnet your.mail.server 25
For qmail servers, consider these configuration adjustments:
# In /var/qmail/control/rcpthosts
# Ensure your domain is properly listed
yourdomain.com
# In /var/qmail/control/badmailfrom
# Avoid listing addresses that need to send externally
#! @yourdomain.com
If you control both ends, here's how to implement proper verification in a Python script:
import smtplib
from email.mime.text import MIMEText
def verify_email(sender, recipient):
try:
msg = MIMEText("Verification test")
msg['From'] = sender
msg['To'] = recipient
with smtplib.SMTP('mail.example.com', 25) as server:
server.set_debuglevel(1)
server.verify(sender)
server.send_message(msg)
return True
except smtplib.SMTPResponseException as e:
print(f"Verification failed: {e}")
return False
Use these commands to verify network accessibility:
# Check if your mail server's port is accessible globally
nmap -Pn -p 25 your.mail.server
# Verify reverse DNS matches
host $(dig +short your.mail.server)
Ensure these qmail settings are correct:
/var/qmail/control/mecontains your FQDN/var/qmail/control/defaultdomainis set/var/qmail/control/plusdomainis configured- SPF records exist in your DNS