Exim Connection Dropped? Why?

[Jason Brice]

Hi,

I see in exim_mainlog that a user is being blocked and being issued a message saying their connection is spam:

2006-12-26 04:41:32 SMTP connection from [IP]:1702 I=[IP]:25 (TCP/IP connection count = 1)
2006-12-26 04:41:33 H=(computer) [IP]:1702 I=[IP]:25 rejected EHLO or HELO computer: Invalid HELO. You must be spam or a virus.
2006-12-26 04:41:33 H=(computer) [IP]:1702 I=[IP]:25 rejected EHLO or HELO computer: Invalid HELO. You must be spam or a virus.
2006-12-26 04:41:33 SMTP connection from [IP]:1702 I=[IP]:25 lost

I have added the IP to the firewall whitelist, and it does not appear in exim_deny.


The end user receives this message:
An unknown error has occurred. Account: 'USER', Server: 'IP', Protocol: SMTP, Server Response: '550 Invalid HELO. You must be spam or a virus.', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC69


Any ideas?

Thanks,
JB

 

[glansing]

It looks like you incorporated some HELO checks in your exim ACLs. One of the checks most people incorporate checks to see if the HELO name contains a period (as they should have at least one).

Your client's computer is sending a HELO of 'computer' which isn't a valid HELO according to standards.

You'll need to examine your exim configuration through WHM and find the ACL that checks that and either add a whitelist or move it.

I've moved all of my HELO checks, RBL checks, and a few others to an ACL that follows the MAIL command so that I can have authenticated users bypass them

 

[mctDarren]

glansing's right, you have an ACL in Exim that is looking for PCs announcing themselves with a HELO that contains no decimals (not an octet value). Look for code similar to this in exim.conf:

deny condition = ${if match{$sender_helo_name}{\\.}{no}{yes}}
   message = Invalid HELO. You must be spam or a virus.

Comment that out to fix the problem. You'll probably find that the user's PC Name (Windows) is "computer" and their client is using that as the HELO.