Re: [exim] where does the HELO hostname get set?

Top Page

Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] where does the HELO hostname get set?
Rick Pasotto wrote:
> I have been running exim on my debian machine for many years without a
> problem. Now the one recipient won't accept mail from me and gives the
> below explanation which I only partially understand.
>
> I think the problem will be resolved if I can get exim to respond with
> 'niof.net' to HELO rather than 'mnr.niof.net'. mnr is the machine name
> but the domain is niof.net. At the present time it is the only machine
> in that domain.
>
> I know just enough to muddle my way through and would appreciate if
> someone could help me understand what's going on and what I need to do
> to fix it.


You have been belssed with a very rare gift - a far-end that has given
you polite, accurate, and specific advice.

Be thankful for that, and act on it!

- FIRST:

-- chose the identity you will use, EX: 'niof.net' or 'mail.niof.net'

- THEN either:

--- set the box hostname to the above choice (AND NOT 'mnr.niof.net')

and/or

--- set Exim's 'helo_data' to that choice, and insure the appropriate
transport(s) actually *use* it.

That's only halfway home, because the far-end sees that in the HELO, but
ID's the IP based on a DNS lookup - and *wants* a PTR RR from the
IP-block holder of record - NOT from your own DNS:

THEN ALSO

-- insure there are DNS records (A, MX, and PTR for your choice, AND
that they match the IP you use for the MTA.

CRITICAL ITEM:

-- get your *IP-block holder* (datacenter, ISP, or other upstream) to
enter a RTR RR for the above 'choice' on the IP used. [1]

Miss any of those, and *our* servers will not be at all 'polite' or
helpful because we will 'ass u me' you are a WinZombie or LinDiot.

HTH,

Bill


[1] If you cannot get that, then said upstream may provide, and require
you to use, their mailhost for outbound traffic. Too few bandwidth
purchasers bother to READ their terms of service, which often prohibit
operating a mailserver.


>
> On Wed, Nov 12, 2008 at 02:35:18AM +0000, Support Team wrote:
>> This error message indicates company's email server misconfiguration.
>> The problem is that hostname, used by the server to represent itself
>> to remote side (to our spam filtering system in this particular case),
>> is invalid. Mail standards require HELO greeting to be sent from valid
>> (existent) FQDN hostname (IE names like "localhost" or "myserver"
>> doesn't comply with RFC). In your case servers (I see several mail
>> sources in MTA logs on our side) send FQDN HELO, but A records,
>> corresponding to HELO hostname, are missing from DNS. Please see
>> example reject message from filter's log and DNS query transcript
>> below.
>>
>> You have 2 possible options at this point. You can either correct HELO
>> hostname in your MTA configuration files, or add "A" records,
>> corresponding to your current HELO hostnames, to your domain's DNS
>> zone.
>>
>> Also please note, that reverse DNS records for your mail relay IPs
>> must exist. We don't check direct/reverse DNS correspondence, but we
>> reject mail sources with inexistent PTR records.
>>
>> Please let us know if we can be in any further assistance.
>>
>> ##########################
>> $ dig mnr.niof.net
>>
>> ; <<>> DiG 9.4.2-P2 <<>> mnr.niof.net
>> ;; global options: printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38288
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;mnr.niof.net.                  IN      A

>>
>> ;; AUTHORITY SECTION:
>> niof.net.               10659   IN      SOA     ns03.domaincontrol.com. dns.jomax.net. 2007101000 28800 7200 604800 759

>>
>> ;; Query time: 2 msec
>> ;; SERVER: 10.1.1.251#53(10.1.1.251)
>> ;; WHEN: Wed Nov 12 04:34:58 2008
>> ;; MSG SIZE rcvd: 98
>> ##########################
>