HELO should be a FQDN or address literal

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,789
Location
A Coruña, Spain
Hi,

ive found one of the problem that cause issue to my customer in exim.conf SpamBlocker edition.

Here the problem:

Code:
# 1st deny checks if it's a hostname or IPV4 address with dots or IPV6 address
    deny message = HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
         !authenticated = *
         condition   = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
         condition   = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
One of my customer wasnt able to send email cause is hostname (fastweb italia dynamic ip) contain the ip in the hostname.

here the reject log of exim:

Code:
>cat rejectlog.1 | grep casasbk.it
2010-05-18 16:28:20 H=93-45-220-184.ip104.fastwebnet.it (acer1) [93.45.220.184] F=<antonio.sepe@casasbk.it> rejected RCPT <escolari@credem.it>: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
I think the problem is the sender hostname for sure (93-45-220-184.ip104.fastwebnet.it) but there is no way to have different hostname and most of italian isp use this kind of hostname, so, how i should modify that rule for make it work with this kind of hostname?

Thanks all for reply
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
No, the problem is the HELO, which is acer1.

As indicated in the Readme file for SpamBlocker3, most users will need to use authenticated submission over port 587.

You can remove or comment out the entire stanza (your first code block) and restart DirectAdmin. It may result in a much greater amount of spam coming on to the server.

Jeff
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
What I've always told my clients is to use plain-text authentication on port 587. That seems to work.

Jeff
 

interfasys

Verified User
Joined
Oct 31, 2003
Messages
2,099
Location
Switzerland
The added bonus of using port 587 is that your customers can bypass the default 3s delay that is imposed by the default config.
 

Evo--

Verified User
Joined
May 17, 2010
Messages
9
We've got quite the same problem, partial because pophosts are used to be authenticated. Now I recon it will work if I add hosts = !+relay_hosts, but I wonder if I'd still have this problem when users use port 25.
I ask this because you specifically say port 587.
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
I specify port 587 because it's the official mail submission port. We've been using shortcuts (using port 25) for years but today, needing to block spam as much as possible, we should follow the rules.

Many ISPs worldwide already block port 25 off their networks, and eventually all responsible ISPs will. So I support doing it right.

You can test/make/try any changes you want.

Jeff
 
Top