Exim: Helo Invalid (forged)

Nov 29, 2007

I seem to be having a problem with domain forwarding in cPanel.

I have 3 cPanel accounts:

1) foobar.com.np with a POP3 account and forwarders for info@foobar.com.np. Works fine.

2) foobar.com with domain forwarding to foobar.com.np. Works fine too when I send an email to info@foobar.com.

3) foo.com.np with domain forwarding to foobar.com.np. Doesn't work! When I send a message to info@foo.com.np I get the following message in my Exim log:

Code:
2007-11-29 04:11:32 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IxgMm-0007DW-0m
2007-11-29 04:11:32 1IxgMm-0007DW-0m ** info@foo.com.np R=lookuphost T=remote_smtp: SMTP error from remote mail server after MAIL FROM:<noreply@********.com> SIZE=2059: host foo.com.np [74.86.*.*]: 554 5.7.1 Helo invalid(forged)
2007-11-29 04:11:32 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1IxgMm-0007DW-0m
2007-11-29 04:11:32 1IxgMm-0007Da-Bd <= <> R=1IxgMm-0007DW-0m U=mailnull P=local S=2006 T="Mail delivery failed: returning message to sender"
2007-11-29 04:11:32 1IxgMm-0007DW-0m Completed
...
As you can see, this domain forwarder is not functioning like the other one (foobar.com) since the domain forwarder for foobar.com DOES actually work:

Code:
2007-11-29 03:58:21 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IxgA0-0002Gs-Vb
2007-11-29 03:58:21 1IxgA0-0002Gs-Vb => info <info@foobar.com> R=virtual_user T=virtual_userdelivery
2007-11-29 03:58:22 1IxgA0-0002Gs-Vb => *******@gmail.com <info@foobar.com> R=lookuphost T=remote_smtp H=gmail-smtp-in.l.google.com [209.85.133.27]
2007-11-29 03:58:22 1IxgA0-0002Gs-Vb -> *******@gmail.com <info@foobar.com> R=lookuphost T=remote_smtp H=gmail-smtp-in.l.google.com [209.85.133.27]
2007-11-29 03:58:22 1IxgA0-0002Gs-Vb Completed
It looks like Exim doesn't know that emails sent to info@foo.com.np should be a local delivery. I checked the file "/etc/vdomainaliases/foo.com.np" and it says:

Code:
foo.com.np: foobar.com.np

So that should be correct...

View 3 Replies


ADVERTISEMENT

SMTP Server :: 550 Access Denied - Invalid HELO Name (See RFC2821 4.1.1.1)

Apr 21, 2009

Everytime I send an email from my out look or on the webmail I get the following error, its on my small vps running cpanel.

I have already re installed the mail server, installed a diffrent mail server, and also gone in the config and took this out in whm with no joy.

Code:
550 Access denied - Invalid HELO name (See RFC2821 4.1.1.1)

View 12 Replies View Related

HELO Verify In Exim

Jan 6, 2007

!verify = helo
!verify = reverse_host_lookup
in exim acl and drop message if helo is not passed.
But one issue is this validates for users even having account in the server and trying to send mail using server account to someone else

I want to put validation for only incoming mails "to" this server

What i dont want is to validate the mails that authenticated smtp users send

View 0 Replies View Related

How To Fix: 451 4.1.8 Possibly Forged Hostname

Jun 17, 2009

one of my clients told me he tried to send an email to somebody and he receives this error:

The addresses to which the message has not yet been delivered are:

a.......u@a.......t.ro
Delay reason: SMTP error from remote mail server after MAIL FROM:<a.......r@i.....s.ro>:
host mail.a.....t.ro [82.77.203.xx]: 451 4.1.8 Possibly forged hostname for 67.222.136.xx

No action is required on your part. Delivery attempts will continue for some time, and this warning may be repeated at intervals if the message remains undelivered. Eventually the mail delivery software will give up, and when that happens, the message will be returned to you.
Last message received on 17.06.2009 at 16:10

Any ideea what might be? he's having this problem only when tries to send an email to that email address, and I'm not sure if it's a problem on our server or on their server

View 13 Replies View Related

How To Change Outgoing HELO

Jun 30, 2009

Problem: I am using to my Centos/Exim/Cpanel server to relay emails. The person who receives my email sees a helo that captures my ISP IP address and lastly the mail server for my domain along with its IP.

My ISP (Verizon) IP is constantly being flagged as a spam source by a variety of RBL's.

My domains have never sent spam and I only send a low volume of emails.

How can I remove my ISP helo IP address from being added to my outgoing email so that the only IP is the IP of domain sending the email?

Example Header:

Quote:

Received: from c-99-172-221-252.hlvd.va.verizon.net ([99.172.221.252]:3389 helo=[127.0.0.1]) <-- remove this part
by server.myserver.com with esmtpa (Exim 4.69)
(envelope-from <email@mydomain.com>)
id 1MLoYc-0004Ol-20
for friend@hotmail.com; Tue, 30 Jun 2009 21:24:18 -0400

View 1 Replies View Related

Sendmail :: Sorry, Your Helo Has Been Denied

Jan 8, 2008

I am on a VPS and set everything up myself. When I try and email a friend, I get it bounced back with the following message (with his email filtered):

<<< 550-5.7.1 {mx078} Sorry, your helo has been denied. <<< 550 5.7.1 [url] 550 5.1.1 <**********@gmx.co.uk>... User unknown

I'm pretty sure the user isn't unknown, I have checked and it is his email address. Can anyone tell me what is wrong, and if the problem is on my end or his, and if my end how I might go about fixing it?

View 5 Replies View Related

Checking HELO Greeting Where

Apr 3, 2008

I'd like to look at what my HELO configuration is but don't know how or where to look.

I am using a dedicated Linux/cPanel server. I'd like to make sure the HELO is configured correctly. My mailing software is EXIM.

View 1 Replies View Related

Helo Message Not Matching

Aug 28, 2007

I have a dedicated linux/cpanel server running various websites with the shared ip and one website with a dedicated ip.

But when sending mail through sendmail from the dedicated ip website the ip in the helo greeting is not matching the ip of the sender, it is using the main shared ip rather than the dedicated ip which is producing a 550 error from some receiving mail servers. I have racked my brains trying to figure this out and was wondering if anyone else has/had a similar experience and found a solution.

By the way the helo greeting sent in mail from the shared ip websites is fine...

View 2 Replies View Related

Controlling Helo Response In Mail Server

Jun 6, 2008

Im trying to troubleshoot the exim install that was included with cpanel. I read that the helo response being localhost instead of a fully qualified domain can lead to mail be directed to the bulk mail folder.

Looking at the mail headers, this is indeed set this way:

Received: from www.mydomain.com ([my_ip_addr] helo=localhost)

How is this response determined and how can I have it be a fully qualified domain name instead?

View 2 Replies View Related

Helo Error - Not Acepting Remote Emails

Jul 5, 2008

domain1.com has two servers:

#Server PHP - hosts php and handles apache/mysql requests.
#Server 2 - handles mail and dns requests.

Yesterday we moved mail from # server 2 to a new mail server, a cPanel one, all mailboxes are created, users can send and recieve email using webmail, mail clients, etc.

But.. while trying to send mails using PHP authenticated from the #Server PHP/Apache/MySQL , we got this error from the mail servers:

Code:
We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. SMTP -> FROM SERVER: SMTP -> FROM SERVER: SMTP -> ERROR: HELO not accepted from server: SMTP -> get_lines(): $data was "" SMTP -> get_lines(): $str is "220-srv247.serverhost.com
This was working when mails were recieved/sent in Sendmail (an Ensim box), now with Exim 4.x on a cPanel box we got this issue.

Already added IP address from #server php into all Exim whitelists, also added the IP to /etc/alwaysrely, but didn't help.

Im using RHE 5.2 on the mail server and latest Release build.

View 3 Replies View Related

Plesk 12.x / Linux :: Helo Strings - IP Banned

Jul 13, 2015

I formatted my server and installed CENTOS 7 and PLESK 12. I have problems with cbl.abuseat.org. My ip enters in blacklist. I sent email to the support of abuseat.org and abuseat reply:

Please fix your HELO strings.

I check the my configuration and I think is correct:

- Reverse lookup is ok
- Hostname is ok (server.domain.tld)

But I have the file in /etc/sysconfig/network empty. There is only written: # Created by anaconda

Also, is correct the my etc/hosts file?

127.0.0.1 server.domain.tld server localhost4 localhost4.localdomain4
:: 1 server.domain.tld server localhost6 localhost6.localdomain6

View 12 Replies View Related

Plesk 12.x / Linux :: Recurring Listing On CBL For Using Several Different EHLO / HELO Names

Jan 14, 2015

I've been plagued by CBL listing for quite some time now, on a linux server with Plesk 12.After months of a fierce fight against every possible malware on the about 120 various websites on this server, extensively monitoring clients emails, enabling restrictive policies and finally even hiring a private security firm to investigate the problems further, we were sure that not a single spam message was sent by our server in any way.

So we finally contacted CBL, exposed the issue and got this answer:The CBL attempts to detect compromised machines in a number of ways based upon the email that the CBL's mail servers receive.During this it tries distinguish whether the connections represent real mail servers by ensuring that each connection is claiming a plausible machine name for itself (via SMTP HELO), and not listing any IP that corresponds to a real mail server (or several mail servers if the IP address is a NAT firewall with multiple mail servers behind it). 54.194.XX.XXX was found to be using several different EHLO/HELO names during multiple connections on or about:

2015:01:09 ~16:30 UTC+/- 15 minutes (approximately 3 days, 21 hours, 14 minutes ago).

The names seen included: xxx1.xx, xxx2.xx, xxx3.xx, xxx4.xx, xx.xxx5.xx, veniceberg.com..Note that the above list may include one or more names that are not fully qualified DNS names (FQDNs). Host names (ie: Windows node names) without a dot are not FQDNs.

The final possibility is that 54.194.XX.XXX is not a NAT firewall, and is instead a single box with many domains provisioned on it, some that send email directly, setting the HELO as the sending domain. If this is the case, to prevent a relisting we strongly recommend setting the mail software on the box so that a single identifying name is used in outbound SMTP connections mail software on the box so that a single identifying name is used in outbound SMTP connections. As an alternate workaround, you can configure the mail software to relay its outbound email through an intermediate mail server. Even a co-resident mail server package (such as IIS on Windows) will do fine.​

This pointed me to this Plesk Mail setting (not sure if this selection is the default). Now we are waiting a few days to see if changing to "Send from domain IP addresses" solves the issue. I think this is a kind of issue which deserves attention by Parallels to avoid other users go trough our fatiguing ordeals. If this setting is responsible for getting servers blacklisted, it should be highly discouraged.

View 3 Replies View Related

Plesk 12.x / Linux :: Greylisting Filter Wrong HELO Hostname

Sep 23, 2014

Seems this started when upgrading to a version of 12. It was working a few days ago and only seems to affect mailing lists. I found a google Cached thread here where Igor was assisting some folks as late as Aug 4 and referenced this was "reported to development (PPP-10678 for your reference)" it seems the forums on Parallels changed or something because several Google links are not working and resulting in having to used cached results for the two links below.

I am able to disable SPF and the e-mails go through just fine however this was working with SPF enabled before a recent upgrade.

Page 1
[URL] ....

Page 2
[URL] ....

This is the error message displayed in /var/log/maillog
Sep 24 01:38:35 controlpanel postfix/smtpd[3725]: connect from localhost[127.0.0.1]
Sep 24 01:38:35 controlpanel postfix/smtpd[3725]: D565017C013E: client=localhost[127.0.0.1]
Sep 24 01:38:35 controlpanel greylisting filter[3899]: Starting greylisting filter...

[Code] ....

View 2 Replies View Related

Plesk 12.x / Linux :: Postfix - Mails Sent Through Sendmail Binary Blocked Because Of Wrong HELO

Jun 23, 2014

My server is using Centos 6.5... I updated from Plesk 11.5 to 12 last week and postfix to 2.8.17.

Since then, all mails sent using the sendmail binary (notifications, mail forwards...) are being rejected with a wrong HELO hostname: localhost.

It seems that sendmail is using locahost as a HELO tag which is not accepted. Here is the following error:

Code:

Jun 23 14:23:20 ns395167 plesk sendmail[29817]: handlers_stderr: SKIP
Jun 23 14:23:20 ns395167 plesk sendmail[29817]: SKIP during call 'check-quota' handler
Jun 23 14:23:20 ns395167 postfix/pickup[29480]: B94BC6AA20A6: uid=0 from=<root@curuba.fr>
Jun 23 14:23:20 ns395167 postfix/cleanup[29507]: B94BC6AA20A6: message-id=<20140623122320.B94BC6AA20A6@ns395167.ip-176-31-117.eu>

[Code] .....

Here is my postconf -n content:

Code:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix

[code] .....

My system hostname seems correct:

Code:
hostname -f
ns395167.ip-176-31-117.eu
hostname
ns395167.ip-176-31-117.eu

View 19 Replies View Related

Exim - How To Remove Rbl Lists From Exim.conf

May 2, 2007

I am having issues in receieving emails. For some reason, the rbl lists I had setup are causing the server to reject emails (retry - timeout). So, I need to take this rbl list completely. How can I do that? exim.conf is locked and using the advanced editor is no fun even though I tried it putting the dnslists without the rbl causing the problem.

View 3 Replies View Related

Invalid Mimetype

Mar 9, 2008

I compiled apache 2.2 with php 4 (+ phpsuexec) last night. Seems all is well, only one domain facing an issue and the apache error log states this

Invalid mimetype: should contain a slash

I've never seen such an error to be honest. Any help appreciated.

This is a cpanel box with php 4, apache 2.2, phpsuexec

View 2 Replies View Related

Invalid Hostname

Aug 8, 2007

My server is fedora core 4
in whm :
Invalid Hostname. (This account is currently not available.). Hostnames must be
fully qualified domain names and not contain any spaces or tabs.

View 6 Replies View Related

Litespeed - Invalid Credentials

Dec 16, 2008

litespeed - Invalid Credentials

I always got a Invalid Credentials error when I tried to login to admin panel
Is there any way to I can fix it or how can I change litespeed username/password via ssh

View 0 Replies View Related

Invalid URI In Request (httpd )

May 14, 2008

[Wed May 14 18:15:17 2008] [error] [client 66.228.119.67] 
Invalid URI in request entersomenicedatastringshereidontthinkthisislongenoughsoiwilladdmoreheherr669760763646r

View 0 Replies View Related

Invalid URI In Request GET . HTTP/1.0

Jul 22, 2008

In my logs:

[Tue Jul 22 01:01:35 2008] [error] [client x.x.x.x] Invalid URI in request GET . HTTP/1.0
(yes, that is it for this entry/line)

This showed up in logwatch as:
Requests with error response codes
400 Bad Request
.: 4 Time(s)

...what was this guy trying to do?
The offending IP was banned in APF last night, if his IP is still showing up in my logs, is he using aproxy?

After adding his ip to:
/etc/apf/deny_hosts.rules

I ran:
apf -r

View 2 Replies View Related

Invalid Command 'php_value'

Mar 24, 2008

.htaccess: Invalid command 'php_value', perhaps misspelled or defined by a module not included in the server configuration

Domain causing 500 error

Server is cpanel/centos on php 4.4.8 with mod suphp, apache 2.2

.htaccess file shows

php_value allow_url_fopen 0

[PHP Modules]
bcmath
calendar
ctype
curl
domxml
eAccelerator
exif
ftp
gd
imap
ionCube Loader
mbstring
mcrypt
mhash
mysql
openssl
overload
pcre
pdf
pgsql
posix
pspell
session
sockets
standard
tokenizer
xml
xmlrpc
Zend Optimizer
zlib

[Zend Modules]
Zend Extension Manager
Zend Optimizer
the ionCube PHP Loader

View 2 Replies View Related

Error Invalid 550 Recipient

Apr 1, 2008

i am getting error when i trying to send mail out to external email address like gmail, hotmail, msn, yahoo

The error says 550 invalid recipent : user@domain.com

so to make sure that the mail server is working i tried sending mail to local address
which is local@nameoftheserver.com it works but when i try to send mail to external address it get error listed above.

so i added my email sales@domainname.com to gmail to test whether the mail server is working correctly from gmail i can send email from sales@domainname.com and recieve both but when i try that from my server it doesnot work

my server is offshore and i am using enom mail server to send email?

View 1 Replies View Related

How-to: Drop INVALID SYN Packets With Iptables

Jan 13, 2005

Feel free to use the following iptable commands below to drop INVALID SYN packets that sometimes are also used to flood the server..

/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

View 5 Replies View Related

That SSL Invalid Error Shown In A Browser

Apr 21, 2009

This is the error i'm getting after i installed my cert.

i did the installation in plesk 9 and it asked for three files:

1. private key

2. certificate

3. CA bundle

for the CA bundle i used the: intermediary_certificate1.cst, intermediary_certificate2.cst, & root_certificate.cst files and in that order.

What could have went wrong? and how can i get rid of this error?

View 3 Replies View Related

Rkhunter :: Invalid Option Specified: -cronjob

Sep 18, 2009

Server Detail : Ceontos / Cpanel

i have installed RKhunter several days ago , after installation i`m receving below email everynight

subjectDaily Rkhunter Scan Report
Invalid option specified: -cronjob

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved