wrong EHLO/HELO response when RECEIVING mail on dedicated IP

vapetrov

Member
May 24, 2002
14
0
301
Hello,

Shared IP of my reseller listed on this blacklist /http://v4bl.org/DELIST/ V4BL IP removal requests

Their first rule of delisting is "If you find that your RDNS record does not match your email servers HELO/EHLO string, STOP! Save yourself some time and update the RDNS first."

We using Exim feature "Send mail from account’s dedicated IP address". It working fine for sending.

But Exim always reply main server hostname when receiving mails on ANY IP, including reseller's IP.

So, I unable to delist reseller's IP because blacklist robot tried to connect to reseller IP but see main server hostname in HELO reply instead of reseller domain name.

Is it a bug?
What I have to do?
 
Last edited:

vapetrov

Member
May 24, 2002
14
0
301
Sorry, cPanelMichael, but I told about INCOMING connections, not about outgoing.

If somebody connect like
telnet MyResellerDomain.com 25
and type
HELO localhost
he will always got main server hostname in reply.

By the way, it looks like a hole which disclose sensitive information - anybody can easily see is neighbor IPs belong to same server.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
You are describing the intended behavior with Exim. It's not possible to hide the hostname of the machine in that manner. Note that the blacklist you referenced in your first post is referring to outgoing email, not incoming. You can contact them to verify that, but based on what you posted, they are simply stating that RDNS should be configured for the IP address used to send out email. If you have "Send mail from account’s dedicated IP address" enabled, make sure that reverse DNS entries match the ones in /etc/mail_reverse_dns.

Thank you.
 

vapetrov

Member
May 24, 2002
14
0
301
You can contact them to verify that, but based on what you posted, they are simply stating that RDNS should be configured for the IP address used to send out email.
What you told about?
How they will verify outgoing HELO??
They have a script which connecting to port 25 of blacklisted IP address and check hostname server send in HELO handshake. It is ALL. Nobody will check something another.

I tried to communicate with them but got reply like "please use better software"...
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
The blacklist you are referencing is not widely used. While not supported, I did find one workaround that may help in this case. Browse to "WHM Home » Service Configuration » Exim Configuration Manager » Advanced Editor". Scroll down and select "Add Additional Configuration Setting" and add entries for:

Code:
smtp_active_hostname = ${if exists{/etc/mail_reverse_dns}{${lookup{$interface_address}lsearch{/etc/mail_reverse_dns}{$value}{$primary_hostname}}}{$primary_hostname}}
Code:
smtp_banner = "${smtp_active_hostname} ESMTP Exim ${version_number}  \#${compile_number} ${tod_full} \n   We do not authorize the use of this system to transport unsolicited, \n   and/or bulk e-mail."
Keep in mind this is a manual workaround that is not supported. It's highly recommended that you instead contact the remote mail server that is using this blacklist to advise them against doing so.

Thank you.
 

lorio

Well-Known Member
Feb 25, 2004
305
16
168
cPanel Access Level
Root Administrator
Isn't etc/mail_reverse_dns overwritten when updating exim configuration?

When using:
Send mail from account’s dedicated IP address Off
Reference /etc/mailhelo for outgoing SMTP HELO On
Reference /etc/mailips for outgoing SMTP connections On

To have a FQDN as mailservername for the dedicated IP of the account the first Option is Off.
Without FQDN a PTR Reverse DNS cannot be set. At least most Datacenter prevent setting a Reverse without using a hostname.

The settings in etc/mail_reverse_dns are overwritten from times to times e.g. when using the EXIM config screen in WHM.

With the resetted etc/mail_reverse_dns the SMTP Reverse Banner Check will fail.
The banner match is normally not a hard criteria for other mail servers to deny emails from that server but I got the impression today that some server deny with a "remote_smtp defer (111): Connection refused" when the banner does not match the domain.
Update: Correction: Error unrelated with banner mismatch.

This might be covered via the feature request too:
SMTP Banner for Dedicated IP Accounts | cPanel Feature Requests
 
Last edited: