Exim Connection Dropped? Why?

Jason Brice

Active Member
Sep 29, 2001
44
0
306
Hi,

I see in exim_mainlog that a user is being blocked and being issued a message saying their connection is spam:

2006-12-26 04:41:32 SMTP connection from [IP]:1702 I=[IP]:25 (TCP/IP connection count = 1)
2006-12-26 04:41:33 H=(computer) [IP]:1702 I=[IP]:25 rejected EHLO or HELO computer: Invalid HELO. You must be spam or a virus.
2006-12-26 04:41:33 H=(computer) [IP]:1702 I=[IP]:25 rejected EHLO or HELO computer: Invalid HELO. You must be spam or a virus.
2006-12-26 04:41:33 SMTP connection from [IP]:1702 I=[IP]:25 lost

I have added the IP to the firewall whitelist, and it does not appear in exim_deny.


The end user receives this message:
An unknown error has occurred. Account: 'USER', Server: 'IP', Protocol: SMTP, Server Response: '550 Invalid HELO. You must be spam or a virus.', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC69


Any ideas?

Thanks,
JB
 

glansing

Active Member
Jun 3, 2003
29
0
156
It looks like you incorporated some HELO checks in your exim ACLs. One of the checks most people incorporate checks to see if the HELO name contains a period (as they should have at least one).

Your client's computer is sending a HELO of 'computer' which isn't a valid HELO according to standards.

You'll need to examine your exim configuration through WHM and find the ACL that checks that and either add a whitelist or move it.

I've moved all of my HELO checks, RBL checks, and a few others to an ACL that follows the MAIL command so that I can have authenticated users bypass them
 

mctDarren

Well-Known Member
Jan 6, 2004
665
4
168
New Jersey
cPanel Access Level
Root Administrator
glansing's right, you have an ACL in Exim that is looking for PCs announcing themselves with a HELO that contains no decimals (not an octet value). Look for code similar to this in exim.conf:
Code:
deny condition = ${if match{$sender_helo_name}{\\.}{no}{yes}}
   message = Invalid HELO. You must be spam or a virus.
Comment that out to fix the problem. You'll probably find that the user's PC Name (Windows) is "computer" and their client is using that as the HELO.