Bypass HELO should be a FQDN or address literal

[goodytwoshoes]

Good day all.
We have a user who does business with a company who apparently have very untrained email support personel.
The problem being that when their email server connects to deliver mail it does so from a .local domain
emailing them works, its when they email us where the problem comes in.

They get the error "550 R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)550 R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)"

Without spending too much time to help them fix their email relay, is there a place where we can permit this .local domain's mail to deliver while they are trying to fix their email system ?

I took a guess in adding the domain to /etc/virtual/whitelist_senders but it didnt help.

Ive been digging around on forums, found a reference to adding it exim.conf like:
acl_smtp_helo = ... accept hosts = example.com ... deny
which is at the moment set to acl_smtp_helo = acl_check_helo
which then calls to :
acl_check_helo:
.include_if_exists /etc/exim.acl_check_helo.pre.conf
.include_if_exists /etc/exim.acl_check_helo.post.conf
Both files are empty.

I havent really tried to skip this for a sender so im a little lost as to where to add 'accept hosts = example.com' or if it should be done elsewhere.

Can anyone shed some light on this for me please ? Perhaps a directadmin custom conf file i need to edit ?

 

[zEitEr]

Hello,

In order to bypass the HELO check you will need to get acl_m_is_whitelisted=1 for the sender. It can be done by whitelisting the sender_host_address in either of the following list:

- local domains whitelist - /etc/virtual/whitelist_domains
- local hosts whitelist - /etc/virtual/whitelist_hosts
- local hosts IP whitelist - /etc/virtual/whitelist_hosts_ip
- local sender whitelist - /etc/virtual/whitelist_senders

According to the Exim documentation, $sender_host_address - When a message is received from a remote host, this variable contains that host's IP address.

And an remote host IP should be added into /etc/virtual/whitelist_hosts_ip. One IP per line.

If a file is missing, you will need to create it first.

 

[goodytwoshoes]

Thanks zEitEr,
The sender is using an ip
for the sake of privacy im going to call the ip 1.2.3.4

Heres what ive set and recycled exim for the ip but still seems to be rejected

exim.conf: accept hosts = <;; @[]; 127.0.0.0/8 ; ::1 ; 1.2.3.4 ; @
virtual/whitelist_hosts_ip:1.2.3.4
virtual/whitelist_hosts:1.2.3.4

Still getting the error message

2024-04-25 09:09:07 H=(sensored) [1.2.3.4] X=TLS1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256 CV=no F=<sensored@sensored> rejected RCPT <[email protected]>: R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
2024-04-25 09:09:57 H=(sensored) [1.2.3.4] X=TLS1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256 CV=no F=<sensored@sensored> rejected RCPT <[email protected]>: R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)

Anything else I might check ?

 

[Active8]

Digged an old post of mine :

Found a post that can help other people
------------------------------------------------------
Hi i've faced the same problem, i've solved it by editing exim.conf in the mail server like this

just after #EDIT#16
hostlist relay_hosts = net-lsearch;/etc/virtual/pophost

i've added this line

hostlist allowed_helo = net-lsearch;/etc/virtual/allowed_helo

and changed #EDIT#25 from this

# deny if the HELO pretends to be one of the domains hosted on the server
deny message = HELO_IS_LOCAL_DOMAIN
condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}}
hosts = ! +relay_hosts
accept

to this

# deny if the HELO pretends to be one of the domains hosted on the server
deny message = HELO_IS_LOCAL_DOMAIN
condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}}
hosts = ! +relay_hosts
hosts = ! +allowed_helo
accept

finally i've added the first server ip in /etc/virtual/allowed_helo and restarted exim

 

[goodytwoshoes]

Digged an old post of mine :

this fixed it, thanks alot

 

[zEitEr]

if you directly modify the file /etc/exim.conf, the changes will be lost as soon as you update exim or exim config. You will need to either copy the file under custombuild custom folder for exim.conf and forget about its updates, or use POST hooks of custombuild.