550 Bad HELO - Host impersonating domain name

Djunity

Verified User
Joined
Mar 9, 2008
Messages
243
Location
Holland
Hi All,

Ok we got the strange issue with one of or reseller customers.
He used to have all his domains on 1 account on 1 reseller server.
Becouse of update to php5.3+ we moved on of his domains to another server.
Now if he sends from the new server an email to an email adres on the old server he gets the message bounced back with error
550 Bad HELO - Host impersonating domain name

We have double check all the obvious stuff (also found on google) but cant seem to find the issue.
I also have to point out that this problem only happens when he sends to old server to external email address there are no problems.

What am i missing ?
 
Is the hostname of the server the same as the domain name.

Use /usr/local/directadmin/scripts/hostname.sh to change the server hostname
 
Hi scsi,

Nope that i allready checked that on both server in direct admin both have the correct hostname aka example server1.serverhost.com and server2.serverhost.com
The domains we talk about are both not the server hostname domains but customer domains.
 
Hi,

No both are diffrent domains aka server1 has domain1.com and server2 has domain2.com so thats not the issue.
 
Ok,

presuming domainA is on ServerA and domainB is on serverB

Are you sure that serverB have not DNS of domainA and viceversa?

Regards
 
i rechecked true directadmin dns control and yes the domains are not found on the other server.

i manually checked /etc/virtual and /var/named for data of the domain of the other server but it doesn't exist.

So are there maybe other locations that domain data could remain if the deletion of a domain in directadmin didn't completely deletes all data ?

My bes quess at first was that there was still data in /etc/virtual but its not.
 
Dns is on remote box we use multi cluster.

Both server have been restarted after the issue occured.
 
Actually ive no more ideas, the more good one would be the scsi one about the hostname but you did check that (actually run the scsi command provided would not cause issue, so, test it out if you didnt).

Regards
 
Actually ive no more ideas, the more good one would be the scsi one about the hostname but you did check that (actually run the scsi command provided would not cause issue, so, test it out if you didnt).
I've got an idea:

First verify the hostname the sending server says it's connecting as, on the receiving server. If they're not as y9ou expect, figure that out (information is in the logs).

If they are different, then try the test shown here (aol.com) to make sure the IP# of the sending server is as you think it is.

Then try a manual test of exim using exim -bh from the command line to see what line in exim.conf on the recipient server is coming up with the error.

Jeff
 
Check your RDNS, make sure it's correct for both servers and not the same.
If you need to change the rdns, wait until it returns correct data from both servers and try again to mail from b to a.
 
Check your RDNS, make sure it's correct for both servers and not the same.
If you need to change the rdns, wait until it returns correct data from both servers and try again to mail from b to a.

nope that was the first thing i checked they are correct
 
I did some more testing sending from duivenvlucht.nl to other servers of or own doesn't give any problem.

I sended an email from duivenvlucht.nl to my personal email account here is the full source:
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Sat, 08 Mar 2014 15:08:32 +0100
Received: from [2001:15c8:6::2:2eb] (helo=server2.whitelabel-reseller.nl)
by server.123hostingservice.nl with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80)
(envelope-from <[email protected]>)
id 1WMHvU-00035p-0B
for [email protected]; Sat, 08 Mar 2014 15:08:32 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=duivenvlucht.nl; s=x;
h=Message-ID:Subject:To:From:Date:MIME-Version; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;
b=kp3aUf5Wx47n6y1AsFbm5WclBEtNFjnA1Rx3eg8gkW6FKMnS/GM9bUV6+RMFwH/zW/l4QJv/n2WA9ho/Y1Cas9u9KN1jrCH0zedEfs+5XapOORskU061Dgr0mmCmTfKdq2PvMqO7S/HKrwaTRE+FlbefhIfnw6tSl7Kr7SxF8j2GILRkFRhA0/EmNLT/HjWtgPWCn353CP0QqySd6pidHiOudE9nSDcZIEhmeymLi4+qavT9LGYWyVWPiEsY/H6RS6Mvtrzv9W1FmAC+BmAUQ2m3UspKd4pV0X98BY+J/r2EMQP3RqONiJACayl1UTYxBGV51Rjw8MQt95CzNQyWgQ==;
Received: from localhost ([127.0.0.1] helo=server2.whitelabel-reseller.nl)
by server2.whitelabel-reseller.nl with esmtpa (Exim 4.76)
(envelope-from <[email protected]>)
id 1WMHv9-0000Pp-OI
for [email protected]; Sat, 08 Mar 2014 15:08:11 +0100
MIME-Version: 1.0
Date: Sat, 08 Mar 2014 15:08:11 +0100
From: [email protected]
To: [email protected]
Subject: test
Message-ID: <[email protected]>
X-Sender: [email protected]
User-Agent: Roundcube Webmail/0.9.2
X-Antivirus-Scanner: Seems clean. You should still use an Antivirus Scanner
X-Antivirus-Scanner: Seems clean. You should still use an Antivirus Scanner

so the only issue there is is that duivenvlucht.nl cant email to poelmanpigeons.nl but can to other servers.

here the source of a rejected email from duivenvlucht.nl
Return-path: <>
Envelope-to: [email protected]
Delivery-date: Sat, 08 Mar 2014 15:18:53 +0100
Received: from mail by server2.whitelabel-reseller.nl with local (Exim 4.76)
id 1WMI5V-0000kO-Ih
for [email protected]; Sat, 08 Mar 2014 15:18:53 +0100
X-Failed-Recipients: [email protected]
Auto-Submitted: auto-replied
From: Mail Delivery System <[email protected]>
To: [email protected]
Subject: Mail delivery failed: returning message to sender
Message-Id: <[email protected]>
Date: Sat, 08 Mar 2014 15:18:53 +0100

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
SMTP error from remote mail server after HELO server2.whitelabel-reseller.nl:
host mail.poelmanpigeons.nl [2001:15c8:6::2:230]:
550 Bad HELO - Host impersonating domain name [server2.whitelabel-reseller.nl]

------ This is a copy of the message, including all the headers. ------

Return-path: <[email protected]>
Received: from localhost ([127.0.0.1] helo=server2.whitelabel-reseller.nl)
by server2.whitelabel-reseller.nl with esmtpa (Exim 4.76)
(envelope-from <[email protected]>)
id 1WMI5V-0000kI-De
for [email protected]; Sat, 08 Mar 2014 15:18:53 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Sat, 08 Mar 2014 15:18:53 +0100
From: [email protected]
To: [email protected]
Subject: test
Message-ID: <[email protected]>
X-Sender: [email protected]
User-Agent: Roundcube Webmail/0.9.2
X-Antivirus-Scanner: Seems clean. You should still use an Antivirus Scanner

test
 
Well here i can see that is an IPv6 issue...

You do have the SPF record for IPv4 but NOT for IPv6 and that's why it fail...

Create the right IPv6 SPF record and you'll be fine, or disable IPv6 (if you dont need it).

Regards
 
Hi Sellerone,

You mean adding ip6:2001:15c8:0006:0000:0000:0000:0002:02fc to the SPF1 txt record ?

But why would it be an issue for this particular domains and not the rest ?
We have ipv6 enabled on all or servers and by default directadmin doesnt add the ip6: to the spf with the linked ip function gona request is tho but its not there yet
 
nope that was the first thing i checked they are correct

Ik don't think so...

Try a 'nslookup -query=AAAA server2.whitelabel-reseller.nl' to make sure you have an AAAA record for server2.whitelabel-reseller.nl and check if you have rdns on that ipv6 record.
Or disable ipv6 and sent using ipv4.

From over here it doesn't look like you have a AAAA record with your ipv6 server address and you don't have the rdns for ipv6 set correctly.
 
Back
Top