The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SMTP Access denied

Discussion in 'E-mail Discussions' started by Simon Lloyd, May 29, 2014.

  1. Simon Lloyd

    Simon Lloyd Member

    Joined:
    May 21, 2009
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Hi all, apologies if this is the wrong section.
    I've been having a great deal of trouble with spam mail supposedly being sent from my server and i'm having trouble finding from where or how, i have now pretty much turned on every tweak...etc (not that i reall know what i'm doing!).

    Now i find that a third party site that has been allowed to send mail on my behalf has been blocked from the server with
    I have added the ip address to the csf allow and to the brute force whiletlist but still cannot send emails from the site.

    Anyone able to point me in the right direction?

    EDIT: i should also point oout that i found something on the net for auth_advertise_host in Exim Service configuration and added ${if match_ip{$sender_host_address}{iplsearch;/etc/exim.smtpauth}{*}{}}

    I'm assuming this is where the problem is but how do i either add or exclude ip's there?, i have 3 ip addresses that i want to be able to send mails through the server (not via relay).

    Regards,
    Simon
     
    #1 Simon Lloyd, May 29, 2014
    Last edited: May 29, 2014
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,761
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The rejection message you provided stems from the following option in "WHM Home » Service Configuration » Exim Configuration Manager":

    "Require RFC-compliant HELO"

    Update: You will need to disable the above option completely to prevent this from happening.

    Thank you.
     
    #2 cPanelMichael, May 30, 2014
    Last edited: Feb 24, 2015
  3. aeroweb

    aeroweb Well-Known Member

    Joined:
    Jun 4, 2004
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Hello,
    We are having a similar issue. We want to have the "Require RFC-compliant HELO" option enabled however there is one IP address that we want to allow to connect despite the fact they have an invalid HELO. The "Only-verify-recipient" option under the "Access Lists" doesn't seem to do what we want. We still get the "Access denied - Invalid HELO name (See RFC2821 4.1.1.1)" error in the smtp log. I even restarted Exim after the change to make sure it took.

    Any recommendations?

    Thanks
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,761
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    As is the case with the "Trusted SMTP IP addresses", whitelisted senders must still use an RFC-compliant HELO name if the Require RFC-compliant HELO setting is enabled. It's not possible to whitelist users from that option.

    Thank you.
     
  5. aeroweb

    aeroweb Well-Known Member

    Joined:
    Jun 4, 2004
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    We tried both the "Only-verify-recipient" and the "Trusted SMTP IP addresses" and neither worked. Is there a way we can set a rule (even manually in exim) to allow a single IP to bypass the RFC-compliant HELO setting while still blocking all other SMTP servers who are not RFC comliant?
    Thanks
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,761
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    There are no native options or workarounds available to whitelist an IP address from the "Require RFC-compliant HELO " option that I'm aware of. You can submit a feature request for this via:

    Submit A Feature Request

    Or, you could try asking the Exim users mailing list to see if any other Exim users have developed a custom workaround:

    Exim Users Mailing List

    Thank you.
     
Loading...

Share This Page