[case 50859] POP before SMTP no longer working since the weekend.

[santrix]

Hi,

I have today received a number of tickets from customers complaining they are getting errors when trying to send SMTP, to the tune of

Access denied - Invalid HELO name (See RFC2821 4.1.1.1)

I have had to disable "Require RFC-compliant HELO" from the Exim config for the time being. Did something change in the last update to the Release tree of WHM?

Steve

 

[santrix]

re: [case 50859] Require RFC-compliant HELO - Causing Problems

Something must have changed recently. The clients experiencing the issue did not have their SMTP clients set to authenticate upon connecting, and must have previously been relying upon pop before smtp.

I'm still not sure what exactly cPanel have changed to cause this behaviour?

 

[cPanelTristan]

re: [case 50859] Require RFC-compliant HELO - Causing Problems

Are the clients who are experiencing this all using Outlook as their email client?

 

[cPanelNick]

re: [case 50859] Require RFC-compliant HELO - Causing Problems

Something must have changed recently. The clients experiencing the issue did not have their SMTP clients set to authenticate upon connecting, and must have previously been relying upon pop before smtp.

I'm still not sure what exactly cPanel have changed to cause this behaviour?

If they are in /etc/relayhosts it should not be hitting the HELO checks

acl_mail:
    # ignore authenticated hosts
    accept authenticated = *

# ignore pop before smtp 
    accept  condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
    accept hosts = +relay_hosts

#BEGIN ACL_MAIL_BLOCK

deny
    condition = ${if eq{$sender_helo_name}{}}
    message   = HELO required before MAIL
...

Are you seeing this happen if they are in /etc/relayhosts?

 

[Gareth-AWD]

Re: [case 50859] Require RFC-compliant HELO - Causing Problems

I'm also getting this issue and turning this off does the trick.

It's only a temporary messure. Can Cpanel shed any light on this?

 

[PenguinInternet]

Re: [case 50859] Require RFC-compliant HELO - Causing Problems

We've also had this reported by quite a few users now since around the 11.30 update

 

[docbreed]

Re: [case 50859] Require RFC-compliant HELO - Causing Problems

We've had the same deal happen over the last two days.

Users now have to require smtp authentication, where as in the past they didn't. It started with alot of 4.1.1.1 errors and when turning off the Require RFC-compliant HELO [?] option we had alot of issues with:

currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.

WHM 11.30.0 (build 32)
exim-4.69-29_cpanel_maildir

We need a temporary fix to inform clients they need to now change their client apps, devices, phones to require smtp authentication.

Forgot to mention that i had to disable the rbl checks too because my clients where failing rbl too.
Very frustrating

 

[cPanelTristan]

Re: [case 50859] Require RFC-compliant HELO - Causing Problems

Case 50859 (backport 50908 for 11.30.1.0 version) handles this issue which is that tailwatch is not updating relayhosts after log rotation causing POP3 before SMTP to not function (so antirelayd isn't working properly basically).

As a temporary measure until that version has been released to your existing tier, you could edit /etc/logrotate.d/syslog file temporarily to change from the following:

/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

To this instead:

/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
    sharedscripts
    postrotate
    /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
        /scripts/restartsrv_tailwatchd
    endscript
}

This would add /scripts/restartsrv_tailwatchd to restart properly and tail the proper log file.

You can view the changelog to see when 50908 is pushed into production at http://go.cpanel.net/changelog and see the existing versions for each tier at http://httpupdate.cpanel.net location.

To check your current cPanel version, you can run the following command:

cat /usr/local/cpanel/version ;echo

 

[fizz]

POP before SMTP no longer working since the weekend.

It appears an update over the weekend broke POP before SMTP. I attempted to apply a fix from this thread, but it had no effect on fixing this problem.

The fix was to restart tailwatchd on the logrotate.d/syslog file.

Any clues on what I can check to get this resolved?

Verified tailwatchd is running.

 

[Infopro]

Have you checked for any changes to your EXIM config / tried resetting to defaults?

 

[fizz]

Me and one other guy are the only ones with access to WHM. So nothing was changed in that regard. It happened at the same time people started to get the invalid HELO rfc messages.

No, I havent reset to defaults yet as I wanted to check with the forum first.

 

[Infopro]

Well you might not have changed anything, but an update could have. You said so yourself, just above:

It appears an update over the weekend...

Unless you've got some reason why you can't reset, I would and see if that helps.

 

[cPanelNick]

Try /scripts/restartsrv_tailwatchd

 

[Gareth-AWD]

There's something seriously wrong here. Despite the invalid HELO which was fixed for some clients, we do still get an error.

When can we expect a fix on this in the RELEASE tree. I'm seriously considering dropping back to STABLE in future.

 

[cPanelTristan]

Please submit a ticket at this point using WHM > Support Center > Contact cPanel or using the link in my signature so we can investigate why this is happening still.

 

[cPanelNick]

Re: [case 50859] Require RFC-compliant HELO - Causing Problems

Assuming that the inotify watch is being lost on the maillog due to syslogd rotating the log, you could work around the problem by disabling inotify support in tailwatchd (it will revert to the slower pre 11.28 behavior) by running the following:

touch /var/cpanel/conserve_memory
/scripts/restartsrv_tailwatchd

Likewise the case referenced in this thread was fixed on the 24th, and is awaiting QA approval to be published (shouldn't be long now).

Another option is to switch to the EDGE tier (11.30.1.1) which has this patch. Assuming there are no unforeseen problems with 11.30.1.1 it should progress to CURRENT and then RELEASE by the end of the week.

 

[mikelegg]

We've had this problem since the weekend and have been advising customers to authenticate to send mail.

Now they can't send mail even when they explicitly authenticate.

While disabling "Require RFC-compliant HELO" allows mail to be sent, the first message I sent was refused by the recipient with the error " 503 Valid RCPT command must precede DATA"

Modifying /etc/logrotate.d/syslog as per this thread seems to fix it.

WHM 11.30.0 (build 32) Release