The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim Connection Dropped? Why?

Discussion in 'General Discussion' started by Jason Brice, Dec 26, 2006.

  1. Jason Brice

    Jason Brice Active Member

    Joined:
    Sep 29, 2001
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    I see in exim_mainlog that a user is being blocked and being issued a message saying their connection is spam:

    2006-12-26 04:41:32 SMTP connection from [IP]:1702 I=[IP]:25 (TCP/IP connection count = 1)
    2006-12-26 04:41:33 H=(computer) [IP]:1702 I=[IP]:25 rejected EHLO or HELO computer: Invalid HELO. You must be spam or a virus.
    2006-12-26 04:41:33 H=(computer) [IP]:1702 I=[IP]:25 rejected EHLO or HELO computer: Invalid HELO. You must be spam or a virus.
    2006-12-26 04:41:33 SMTP connection from [IP]:1702 I=[IP]:25 lost

    I have added the IP to the firewall whitelist, and it does not appear in exim_deny.


    The end user receives this message:
    An unknown error has occurred. Account: 'USER', Server: 'IP', Protocol: SMTP, Server Response: '550 Invalid HELO. You must be spam or a virus.', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC69


    Any ideas?

    Thanks,
    JB
     
  2. glansing

    glansing Active Member

    Joined:
    Jun 3, 2003
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    6
    It looks like you incorporated some HELO checks in your exim ACLs. One of the checks most people incorporate checks to see if the HELO name contains a period (as they should have at least one).

    Your client's computer is sending a HELO of 'computer' which isn't a valid HELO according to standards.

    You'll need to examine your exim configuration through WHM and find the ACL that checks that and either add a whitelist or move it.

    I've moved all of my HELO checks, RBL checks, and a few others to an ACL that follows the MAIL command so that I can have authenticated users bypass them
     
  3. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    glansing's right, you have an ACL in Exim that is looking for PCs announcing themselves with a HELO that contains no decimals (not an octet value). Look for code similar to this in exim.conf:
    Code:
    deny condition = ${if match{$sender_helo_name}{\\.}{no}{yes}}
       message = Invalid HELO. You must be spam or a virus.
    
    Comment that out to fix the problem. You'll probably find that the user's PC Name (Windows) is "computer" and their client is using that as the HELO.
     
Loading...

Share This Page