The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

wrong EHLO/HELO response when RECEIVING mail on dedicated IP

Discussion in 'E-mail Discussions' started by vapetrov, Jan 12, 2014.

  1. vapetrov

    vapetrov Member

    Joined:
    May 24, 2002
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    Shared IP of my reseller listed on this blacklist /http://v4bl.org/DELIST/ V4BL IP removal requests

    Their first rule of delisting is "If you find that your RDNS record does not match your email servers HELO/EHLO string, STOP! Save yourself some time and update the RDNS first."

    We using Exim feature "Send mail from account’s dedicated IP address". It working fine for sending.

    But Exim always reply main server hostname when receiving mails on ANY IP, including reseller's IP.

    So, I unable to delist reseller's IP because blacklist robot tried to connect to reseller IP but see main server hostname in HELO reply instead of reseller domain name.

    Is it a bug?
    What I have to do?
     
    #1 vapetrov, Jan 12, 2014
    Last edited: Jan 12, 2014
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. vapetrov

    vapetrov Member

    Joined:
    May 24, 2002
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Sorry, cPanelMichael, but I told about INCOMING connections, not about outgoing.

    If somebody connect like
    telnet MyResellerDomain.com 25
    and type
    HELO localhost
    he will always got main server hostname in reply.

    By the way, it looks like a hole which disclose sensitive information - anybody can easily see is neighbor IPs belong to same server.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You are describing the intended behavior with Exim. It's not possible to hide the hostname of the machine in that manner. Note that the blacklist you referenced in your first post is referring to outgoing email, not incoming. You can contact them to verify that, but based on what you posted, they are simply stating that RDNS should be configured for the IP address used to send out email. If you have "Send mail from account’s dedicated IP address" enabled, make sure that reverse DNS entries match the ones in /etc/mail_reverse_dns.

    Thank you.
     
  5. vapetrov

    vapetrov Member

    Joined:
    May 24, 2002
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    What you told about?
    How they will verify outgoing HELO??
    They have a script which connecting to port 25 of blacklisted IP address and check hostname server send in HELO handshake. It is ALL. Nobody will check something another.

    I tried to communicate with them but got reply like "please use better software"...
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The blacklist you are referencing is not widely used. While not supported, I did find one workaround that may help in this case. Browse to "WHM Home » Service Configuration » Exim Configuration Manager » Advanced Editor". Scroll down and select "Add Additional Configuration Setting" and add entries for:

    Code:
    smtp_active_hostname = ${if exists{/etc/mail_reverse_dns}{${lookup{$interface_address}lsearch{/etc/mail_reverse_dns}{$value}{$primary_hostname}}}{$primary_hostname}}
    Code:
    smtp_banner = "${smtp_active_hostname} ESMTP Exim ${version_number}  \#${compile_number} ${tod_full} \n   We do not authorize the use of this system to transport unsolicited, \n   and/or bulk e-mail."
    Keep in mind this is a manual workaround that is not supported. It's highly recommended that you instead contact the remote mail server that is using this blacklist to advise them against doing so.

    Thank you.
     
  7. lorio

    lorio Well-Known Member

    Joined:
    Feb 25, 2004
    Messages:
    243
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Isn't etc/mail_reverse_dns overwritten when updating exim configuration?

    When using:
    Send mail from account’s dedicated IP address Off
    Reference /etc/mailhelo for outgoing SMTP HELO On
    Reference /etc/mailips for outgoing SMTP connections On

    To have a FQDN as mailservername for the dedicated IP of the account the first Option is Off.
    Without FQDN a PTR Reverse DNS cannot be set. At least most Datacenter prevent setting a Reverse without using a hostname.

    The settings in etc/mail_reverse_dns are overwritten from times to times e.g. when using the EXIM config screen in WHM.

    With the resetted etc/mail_reverse_dns the SMTP Reverse Banner Check will fail.
    The banner match is normally not a hard criteria for other mail servers to deny emails from that server but I got the impression today that some server deny with a "remote_smtp defer (111): Connection refused" when the banner does not match the domain.
    Update: Correction: Error unrelated with banner mismatch.

    This might be covered via the feature request too:
    SMTP Banner for Dedicated IP Accounts | cPanel Feature Requests
     
    #7 lorio, Jun 17, 2014
    Last edited: Jun 17, 2014
Loading...

Share This Page