550 Access Denied - Invalid HELO

[mechcomdotnet]

We recently stopped hosting our own email and domains on our own servers and went to a hosting company (webhostingpad.com) to host all of it for us and our customers. The hosting company uses the cpanel software (cPanel Version 11.36.1 build 6) and we have been with them now for over a month and besides some glitches with frontpage extensions for our customers' domains all has been well. Last Wednesday near the end of the day I was unable to access my cpanel log in and all of my domains and customers' domains and email were down because the server was down. Since then I have been unable to send mail from my billing program. I use a sinple billing program that worked fine via SMTP until that day the cpanel burped. Now I am getting "550 access denied - invalid HELO name (See RFC2821 4.1.1.1)" And when I submitted a support ticket to the hosting company they say it is my billing program. The program worked for over a month until the day the webhosting server with cpanel burped?

Here are the server logs of the mail server rejecting the mail:

2013-05-20 07:46:42 SMTP connection from [98.103.36.30]:1071 (TCP/IP connection count = 8)
2013-05-20 07:46:43 no IP address found for host dc1.mechcom.net (during SMTP connection from [98.103.36.30]:1071)
2013-05-20 07:46:43 H=(dc10) [98.103.36.30]:1071 rejected MAIL <[email protected]>: Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
2013-05-20 07:46:43 SMTP connection from (dc10) [98.103.36.30]:1071 closed by DROP in ACL
2013-05-20 09:19:53 SMTP connection from [98.103.36.30]:1123 (TCP/IP connection count = 4)
2013-05-20 09:19:53 no IP address found for host dc1.mechcom.net (during SMTP connection from [98.103.36.30]:1123)
2013-05-20 09:19:54 H=(dc10) [98.103.36.30]:1123 rejected MAIL <[email protected]>: Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
2013-05-20 09:19:54 SMTP connection from (dc10) [98.103.36.30]:1123 closed by DROP in ACL
2013-05-20 09:21:35 SMTP connection from [98.103.36.30]:1125 (TCP/IP connection count = 8)
2013-05-20 09:21:35 no IP address found for host dc1.mechcom.net (during SMTP connection from [98.103.36.30]:1125)
2013-05-20 09:21:36 H=(dc10) [98.103.36.30]:1125 rejected MAIL <[email protected]>: Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
2013-05-20 09:21:36 SMTP connection from (dc10) [98.103.36.30]:1125 closed by DROP in ACL
2013-05-20 09:22:05 SMTP connection from [98.103.36.30]:1126 (TCP/IP connection count = 10)
2013-05-20 09:22:06 no IP address found for host dc1.mechcom.net (during SMTP connection from [98.103.36.30]:1126)
2013-05-20 09:22:06 H=(dc10) [98.103.36.30]:1126 rejected MAIL <[email protected]>: Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
2013-05-20 09:22:06 SMTP connection from (dc10) [98.103.36.30]:1126 closed by DROP in ACL
2013-05-20 09:33:37 SMTP connection from [98.103.36.30]:1136 (TCP/IP connection count = 11)
2013-05-20 09:33:38 no IP address found for host dc1.mechcom.net (during SMTP connection from [98.103.36.30]:1136)
2013-05-20 09:33:38 H=(dc10) [98.103.36.30]:1136 rejected MAIL <[email protected]>: Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
2013-05-20 09:33:38 SMTP connection from (dc10) [98.103.36.30]:1136 closed by DROP in ACL
2013-05-20 09:38:55 SMTP connection from [98.103.36.30]:1137 (TCP/IP connection count = 9)
2013-05-20 09:38:55 no IP address found for host dc1.mechcom.net (during SMTP connection from [98.103.36.30]:1137)
2013-05-20 09:38:56 H=(dc10) [98.103.36.30]:1137 rejected MAIL <[email protected]>: Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
2013-05-20 09:38:56 SMTP connection from (dc10) [98.103.36.30]:1137 closed by DROP in ACL
2013-05-20 10:10:47 SMTP connection from [98.103.36.30]:1143 (TCP/IP connection count = 5)
2013-05-20 10:10:47 no IP address found for host dc1.mechcom.net (during SMTP connection from [98.103.36.30]:1143)
2013-05-20 10:10:47 H=(dc10) [98.103.36.30]:1143 rejected MAIL <[email protected]>: Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
2013-05-20 10:10:47 SMTP connection from (dc10) [98.103.36.30]:1143 closed by DROP in ACL
2013-05-20 10:28:14 SMTP connection from [98.103.36.30]:1144 (TCP/IP connection count = 8)
2013-05-20 10:28:14 no IP address found for host dc1.mechcom.net (during SMTP connection from [98.103.36.30]:1144)
2013-05-20 10:28:15 H=(dc10) [98.103.36.30]:1144 rejected MAIL <[email protected]>: Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
2013-05-20 10:28:15 SMTP connection from (dc10) [98.103.36.30]:1144 closed by DROP in ACL

The hosting company suggested we have a DNS entry point to DC10.... I don't understand why since it is just a computer sending email billing via SMTP, but we did this in the cpanel as advised. Still no luck.

The email of error logs still says this:

Error log shows ;

2013-05-21 07:48:46 SMTP connection from [98.103.36.30]:1044 (TCP/IP connection count = 10)
2013-05-21 07:48:47 H=dc1.mechcom.net (dc10) [98.103.36.30]:1044 rejected MAIL <[email protected]>: Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
2013-05-21 07:48:47 SMTP connection from dc1.mechcom.net (dc10) [98.103.36.30]:1044 closed by DROP in ACL

It has been almost a week and we still cannot send billing to our customers? Nothing has changed on the computer that has the billing software on it. Nothing changed in the billing software. The only thing that happened was the hosting company's server with our access to cpanel burped and all of our domains and mail were down for an hour.
Any help would be appreciated.
Sam

 

[cPanelMichael]

Hello

The error message indicates there is a lack of RFC-compliance from the IP address sending the email. This restriction is controlled by the following option in "WHM Main >> Service Configuration >> Exim Configuration Manager" under the "ACL Options" tab:

"Require RFC-compliant HELO"

While it's a better idea to try bringing the sending hostname/IP address into RFC-compliance, you can disable the above option if necessary.

Thank you.

 

[mechcomdotnet]

Hello

The error message indicates there is a lack of RFC-compliance from the IP address sending the email. This restriction is controlled by the following option in "WHM Main >> Service Configuration >> Exim Configuration Manager" under the "ACL Options" tab:

"Require RFC-compliant HELO"

While it's a better idea to try bringing the sending hostname/IP address into RFC-compliance, you can disable the above option if necessary.

Thank you.

Well, the hosting company says they will not make that change because it would be a server-wide change and not just to my sections of the server we are using that they are hosting...so I am back to square one again.... So my question now becomes.... why can i send email from outlook express using [email protected] and my outgoing mail server setting being mail.mechcom.net and it sends just fine from the same computer... yet when the billing program sends with those same settings entered it gets rejected for a bad HELO? And yet it worked just fine for a month while we have been on their server?

And how do I make the hostname compliant? They are hosting my email for the mechcom.net domain I am just trying to use my billing program on a computer here at my store?

 

[cPanelMichael]

Have you consulted with the support for the billing application you are using? It's possible they have a patch or workaround available that will allow for a RFC-compliant HELO to send out with the email. Or, they may be able to provide you with some configuration values you can change. Since you do not have root access to the server, you may also want to provide this billing application to your hosting provider so they can test it and reproduce the issue.

Thank you.

 

[mechcomdotnet]

I spoke with the makers of the billing program and they say any error starting with "5" (5xx) is not an error with their program it is an error from the hosting company and/or the ISP.... The hosting Company suggested we have a DNS entry pointing to 98.103.36.30 which we did from our side of cpanel and that has helped in no way. that IP points to the computer that has the billing program on it.... I am willing to pay some one to please make this work again. Without the billing program working properly, i make zero dollars. I am sorry to be a pain in everyone's butt as a newb to the cpanel software, but when we hosted our own domains on our own servers with our own mail server, the program worked. When we switched to this hosting company, it still worked, Until last wednesday?

 

[quietFinn]

I would suggest to use your ISP's mail server instead of your hosting provider's server.

 

[mechcomdotnet]

I would suggest to use your ISP's mail server instead of your hosting provider's server.

well....I am my ISP and they are hosting my mail accounts for all of my domains as well as my domains. We are a small WISP and with all of the virus activity and brute force attacks, we no longer wanted to have to maintain all of the servers, so we went with an outside hosting company to host the domains and domain email.

 

[mtindor]

well....I am my ISP and they are hosting my mail accounts for all of my domains as well as my domains. We are a small WISP and with all of the virus activity and brute force attacks, we no longer wanted to have to maintain all of the servers, so we went with an outside hosting company to host the domains and domain email.

Reverse DNS resolves to dc1.mechcom.net. No forward DNS entry exists for dc1.mechcom.net . A forward DNS entry exists for dc10.mechcom.net though, presumably from when you added it based upon your hosting provider's suggestion.

So I would suggest that you make forward/reverse DNS match up. Either add a dc1.mechcom.net "A-record" resolving to that static IP address, or modify the rDNS record so that a lookup of the IP address returns dc1.mechcom.net.

One or the other -- just make sure they match up, and see if that fixes things.

That doesn't explain why it just started happening. I suspect either your hosting provider just enabled theoption to require an RFC compliant HELO. There are a few possibilities.

Hopefully it'll work after you fix up DNS.

Mike

 

[mechcomdotnet]

Reverse DNS resolves to dc1.mechcom.net. No forward DNS entry exists for dc1.mechcom.net . A forward DNS entry exists for dc10.mechcom.net though, presumably from when you added it based upon your hosting provider's suggestion.

So I would suggest that you make forward/reverse DNS match up. Either add a dc1.mechcom.net "A-record" resolving to that static IP address, or modify the rDNS record so that a lookup of the IP address returns dc1.mechcom.net.

One or the other -- just make sure they match up, and see if that fixes things.

That doesn't explain why it just started happening. I suspect either your hosting provider just enabled theoption to require an RFC compliant HELO. There are a few possibilities.

Hopefully it'll work after you fix up DNS.

Mike

OK...We changed things in our DNS to point properly for that specific IP. When I ran a check on it this is what I get back now:

check reverse DNS
IP address or host name: dc10.mechcom.net

FCrDNS test result:
98.103.36.30 resolved to dc10.mechcom.net.
dc10.mechcom.net resolved to 98.103.36.30;
rDNS if forward confirmed.

Dynamic IP test result:
dc10.mechcom.net not looks like dynamic IP address.

and so I tried the billing program and I still get the same error on my screen, I am waiting for an updated log from the hosting company.

 

[mtindor]

and so I tried the billing program and I still get the same error on my screen, I am waiting for an updated log from the hosting company.

Feel free to give me a ring on the phone if you want to try and troubleshoot. You have my number.

M

 

[mechcomdotnet]

For anyone else following this, the log file from the hosting company is still basically the same:

2013-05-22 07:56:19 H=dc10.mechcom.net (dc10) [98.103.36.30]:1075 rejected MAIL <[email protected]>: Access denied - Invalid HELO name (See RFC2821 4.1.1.1)

Even with the DNS pointing to the specific IP forward and reverse i get the same error. I am working with another cpanel user and he is getting similar error logs. Anyone have any ideas/suggestions?

 

[cPanelMichael]

It's likely that your hosting provider only recently enabled the "Require RFC-compliant HELO", or the new version of cPanel they updated to included this option. Thus, the issue has likely always been present, and is only now being detected/blocked through that option. I don't believe the response from the developer of your billing application is adequate. Please review the responses towards the bottom of the following thread:

Invalid HELO

That's one example of a developer that had to update their application to ensure RFC compliance. I recommend suggesting that your billing application developer review this information.

Thank you.

 

[mechcomdotnet]

Feel free to give me a ring on the phone if you want to try and troubleshoot. You have my number.

M

THANK YOU for all of your help in tracking down what the issues are and where.... it is all greatly appreciated!

 

[arcilio]

Hello,
A i can disable Require RFC-compliant HELO for a specific IP?

 

[cPanelMichael]

Hello,
A i can disable Require RFC-compliant HELO for a specific IP?

The "Trusted SMTP IP addresses" access list does not apply to this option:

IP addresses exempt from all SMTP sender, recipient, spam, and relaying checks. IP addresses you enter here are stored in /etc/skipsmtpcheckhosts. These senders must still use an RFC-compliant HELO name if the Require RFC-compliant HELO setting is enabled.

Thank you.