EHLO and Local host name

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
blackwolf
New user
New user
Posts: 7
Joined: 2024-06-13 10:14

EHLO and Local host name

Post by blackwolf » 2024-06-14 08:03

I have mail.aaa.com, mail.bbb.com on my hmail server, then I set the "Local host name" to mail.aaa.com in hmail Settings > Protocols > SMTP.
However when I use user@bbb.com to send an email, it will show up as sent on mail.aaa.com on the recipient side, and then the recipient will recognize this email as spam (EHLO misalignment trigger). How can I avoid this.

User avatar
johang
Senior user
Senior user
Posts: 1163
Joined: 2008-09-01 09:20

Re: EHLO and Local host name

Post by johang » 2024-06-14 08:34

blackwolf wrote:
2024-06-14 08:03
I have mail.aaa.com, mail.bbb.com on my hmail server, then I set the "Local host name" to mail.aaa.com in hmail Settings > Protocols > SMTP.
However when I use user@bbb.com to send an email, it will show up as sent on mail.aaa.com on the recipient side, and then the recipient will recognize this email as spam (EHLO misalignment trigger). How can I avoid this.

(EHLO misalignment trigger).... the what now?
please provide log or error message or a better clue. ( is the smtp connection blocked, ist the remote server defining it as spam, is the recipients email client defining it as spam)

have you setup SPF, DKIM anf DMARC for both domains?
is any of the domains in any blacklist?
do you have an PTR for the IP of your mailserver?
lets cheat darwin out of his legacy, find a cure for cancer...

User avatar
RvdH
Senior user
Senior user
Posts: 3342
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: EHLO and Local host name

Post by RvdH » 2024-06-14 08:37

Never seen mail being blocked for EHLO misalignment trigger, for that matter, how do you think gmail.com SMTP servers send e-mail without issues on behalf of the customer domains they hosting (Google Workspace), and outlook.com SMTP for Exchange Online customer domains, etc etc...those HELO's don't match the domain it is sending mail on behalf from either

I suspect you looking at the wrong thing, HELO and PTR should ideally be the same, but is NOT a requirement and even if this doesn't match this reason alone never get you blocked, maybe scored (a little)
You better look/check SPF, DKIM, DMARK and you IP reeputation
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
jim.bus
Senior user
Senior user
Posts: 1627
Joined: 2011-05-28 11:49
Location: US

Re: EHLO and Local host name

Post by jim.bus » 2024-06-14 09:09

As far as the Host Name entry in your settings is concerned, see this Help Documentation for that entry: https://www.hmailserver.com/documentati ... otocolsmtp

Your Host Name appears to be entered correctly. The Hostname you specify only needs to resolve to the Public IP Address that your hMailServer is running on. The suggestions the other volunteers have given you are what you should be checking for.
If you think you understand quantum mechanics, you don't understand quantum mechanics.

blackwolf
New user
New user
Posts: 7
Joined: 2024-06-13 10:14

Re: EHLO and Local host name

Post by blackwolf » 2024-06-14 10:35

johang wrote:
2024-06-14 08:34
blackwolf wrote:
2024-06-14 08:03
I have mail.aaa.com, mail.bbb.com on my hmail server, then I set the "Local host name" to mail.aaa.com in hmail Settings > Protocols > SMTP.
However when I use user@bbb.com to send an email, it will show up as sent on mail.aaa.com on the recipient side, and then the recipient will recognize this email as spam (EHLO misalignment trigger). How can I avoid this.

(EHLO misalignment trigger).... the what now?
please provide log or error message or a better clue. ( is the smtp connection blocked, ist the remote server defining it as spam, is the recipients email client defining it as spam)

have you setup SPF, DKIM anf DMARC for both domains?
is any of the domains in any blacklist?
do you have an PTR for the IP of your mailserver?
The gmail successfully received the email, but hotmail bounced it, prompting me that my ehlo's FQDN is mail.aaa.com.
And actually, if I use user@aaa.com to send emails, it won't happen.
When I use user@bbb.com to send yes, it appears.
SFP,DKIM and DMARC are all pass.
Now my ip is on the SBL list.

blackwolf
New user
New user
Posts: 7
Joined: 2024-06-13 10:14

Re: EHLO and Local host name

Post by blackwolf » 2024-06-14 10:41

johang wrote:
2024-06-14 08:34
blackwolf wrote:
2024-06-14 08:03
I have mail.aaa.com, mail.bbb.com on my hmail server, then I set the "Local host name" to mail.aaa.com in hmail Settings > Protocols > SMTP.
However when I use user@bbb.com to send an email, it will show up as sent on mail.aaa.com on the recipient side, and then the recipient will recognize this email as spam (EHLO misalignment trigger). How can I avoid this.

(EHLO misalignment trigger).... the what now?
please provide log or error message or a better clue. ( is the smtp connection blocked, ist the remote server defining it as spam, is the recipients email client defining it as spam)

have you setup SPF, DKIM anf DMARC for both domains?
is any of the domains in any blacklist?
do you have an PTR for the IP of your mailserver?
SPF,DKIM and DMARC was pass.

blackwolf
New user
New user
Posts: 7
Joined: 2024-06-13 10:14

Re: EHLO and Local host name

Post by blackwolf » 2024-06-14 10:42

RvdH wrote:
2024-06-14 08:37
Never seen mail being blocked for EHLO misalignment trigger, for that matter, how do you think gmail.com SMTP servers send e-mail without issues on behalf of the customer domains they hosting (Google Workspace), and outlook.com SMTP for Exchange Online customer domains, etc etc...those HELO's don't match the domain it is sending mail on behalf from either

I suspect you looking at the wrong thing, HELO and PTR should ideally be the same, but is NOT a requirement and even if this doesn't match this reason alone never get you blocked, maybe scored (a little)
You better look/check SPF, DKIM, DMARK and you IP reeputation
Thank you for contacting Spamhaus CSS Removals,

xxx.xxx.xxx.xxx(my ip) is making SMTP connections which indicate that it is misconfigured. Some elements of your existing configuration create message characteristics identical to previously identified spam messages.

Please align the mail server's HELO/EHLO 'win-12315' and PTR with proper DNS (forward and reverse) values for a mail server. Here is an example:

Correct HELO/DNS/rDNS alignment for domain example.com:
- Mail server HELO: mail.example.com
- Mail server IP: 192.0.2.12
- Forward DNS: mail.example.com -> 192.0.2.12
- Reverse DNS: 192.0.2.12 -> mail.example.com

Correcting an invalid HELO or a HELO/forward DNS lookup mismatch will stop the IP from being listed again.

Points to consider:

* HELO and PTR/rDNS are not the same thing. HELO is usually a server setting.
* Alignment: it is strongly recommended that the forward DNS lookup (domain name to IP address) and rDNS (IP to domain) of your IP should match the HELO value set in your server, if possible
* The IP and the HELO value should both have forward and rDNS, and should resolve in public DNS
* Ensure that the domain used in HELO actually exists!

Additional points:

* According to RFC, the HELO must be a fully qualified domain name (FQDN): "hostname.example.com" is an FQDN and "example.com" is not an FQDN.
* The domain used should belong to your organisation.


Contact your hosting provider for assistance if needed.

You can test a server's HELO configuration by visiting https://aboutmy.email
From there, send an email from the machine in question to the provided email address, and then examine the results. This tool will give a lot of detail about the email. To check HELO/EHLO, navigate to "Delivery" -> "SMTP" and look for the EHLO line.

If all settings are correct, you have a different problem, probably malware/spambot. Again, the HELO we are seeing is 'win-12315'. The last detection was at 2024-06-12 09:35:00 (UTC).

For information on misconfigured or hacked SMTP servers and networks, please see this FAQ: https://www.spamhaus.org/faq/section/Ha ... 20help#539

CSS listings expire a few days after last detection. You can always open a ticket (or update an existing one) to inform us when and how the situation was been secured.


Regards,
R e

User avatar
SorenR
Senior user
Senior user
Posts: 6366
Joined: 2006-08-21 15:38
Location: Denmark

Re: EHLO and Local host name

Post by SorenR » 2024-06-14 11:15

blackwolf wrote:
2024-06-14 08:03
I have mail.aaa.com, mail.bbb.com on my hmail server, then I set the "Local host name" to mail.aaa.com in hmail Settings > Protocols > SMTP.
However when I use user@bbb.com to send an email, it will show up as sent on mail.aaa.com on the recipient side, and then the recipient will recognize this email as spam (EHLO misalignment trigger). How can I avoid this.
Local Host Name = A-record = rDNS of server

Local Host Name /= Domains on server.

Only connection between Domain Names and Local Host Name are the MX records in DNS.

It's not rocket science, it's as simple as the address printed on the letters sent to your home address ;-)
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
jim.bus
Senior user
Senior user
Posts: 1627
Joined: 2011-05-28 11:49
Location: US

Re: EHLO and Local host name

Post by jim.bus » 2024-06-14 11:54

blackwolf wrote:
2024-06-14 10:42

Correct HELO/DNS/rDNS alignment for domain example.com:
- Mail server HELO: mail.example.com
- Mail server IP: 192.0.2.12
- Forward DNS: mail.example.com -> 192.0.2.12
- Reverse DNS: 192.0.2.12 -> mail.example.com
I believe this example you give may not be correct. I believe the following line is the correct line:

Reverse DNS: 12.2.0.192 -> mail.example.com would be the correct rDNS. The rDNS Record I believe also reverses the IP Address as well.
If you think you understand quantum mechanics, you don't understand quantum mechanics.

User avatar
SorenR
Senior user
Senior user
Posts: 6366
Joined: 2006-08-21 15:38
Location: Denmark

Re: EHLO and Local host name

Post by SorenR » 2024-06-14 12:01

jim.bus wrote:
2024-06-14 11:54
blackwolf wrote:
2024-06-14 10:42

Correct HELO/DNS/rDNS alignment for domain example.com:
- Mail server HELO: mail.example.com
- Mail server IP: 192.0.2.12
- Forward DNS: mail.example.com -> 192.0.2.12
- Reverse DNS: 192.0.2.12 -> mail.example.com
I believe this example you give may not be correct. I believe the following line is the correct line:

Reverse DNS: 12.2.0.192 -> mail.example.com would be the correct rDNS. The rDNS Record I believe also reverses the IP Address as well.
WRONG!

You ONLY need to reverse IP for DNSBL lookups!
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
jim.bus
Senior user
Senior user
Posts: 1627
Joined: 2011-05-28 11:49
Location: US

Re: EHLO and Local host name

Post by jim.bus » 2024-06-14 18:44

SorenR wrote:
2024-06-14 12:01
jim.bus wrote:
2024-06-14 11:54
blackwolf wrote:
2024-06-14 10:42

Correct HELO/DNS/rDNS alignment for domain example.com:
- Mail server HELO: mail.example.com
- Mail server IP: 192.0.2.12
- Forward DNS: mail.example.com -> 192.0.2.12
- Reverse DNS: 192.0.2.12 -> mail.example.com
I believe this example you give may not be correct. I believe the following line is the correct line:

Reverse DNS: 12.2.0.192 -> mail.example.com would be the correct rDNS. The rDNS Record I believe also reverses the IP Address as well.
WRONG!

You ONLY need to reverse IP for DNSBL lookups!
Thanks SorenR.

I just checked with Supertool of MXToolbox and it showed my Reverse DNS IP without reversing the IP as you indicated.
If you think you understand quantum mechanics, you don't understand quantum mechanics.

User avatar
johang
Senior user
Senior user
Posts: 1163
Joined: 2008-09-01 09:20

Re: EHLO and Local host name

Post by johang » 2024-06-14 23:12

blackwolf wrote:
2024-06-14 10:42

* According to RFC, the HELO must be a fully qualified domain name (FQDN): "hostname.example.com" is an FQDN and "example.com" is not an FQDN.
* The domain used should belong to your organisation.

If all settings are correct, you have a different problem, probably malware/spambot. Again, the HELO we are seeing is 'win-12315'. The last detection was at 2024-06-12 09:35:00 (UTC).

yep .. if you choose to put in local host name as "win-12315" you are f*cked and you will be blacklisted..

you should put mail.aaa.com in: Settings > Protocols > SMTP. ( or at least a real FQDN )
lets cheat darwin out of his legacy, find a cure for cancer...

blackwolf
New user
New user
Posts: 7
Joined: 2024-06-13 10:14

Re: EHLO and Local host name

Post by blackwolf » 2024-06-18 08:37

johang wrote:
2024-06-14 23:12
blackwolf wrote:
2024-06-14 10:42

* According to RFC, the HELO must be a fully qualified domain name (FQDN): "hostname.example.com" is an FQDN and "example.com" is not an FQDN.
* The domain used should belong to your organisation.

If all settings are correct, you have a different problem, probably malware/spambot. Again, the HELO we are seeing is 'win-12315'. The last detection was at 2024-06-12 09:35:00 (UTC).

yep .. if you choose to put in local host name as "win-12315" you are f*cked and you will be blacklisted..

you should put mail.aaa.com in: Settings > Protocols > SMTP. ( or at least a real FQDN )
Well, problem solved, I filled in an FQDN and the problem didn't reoccur. Although mail.aaa.com doesn't seem to match with XXX@bbb.com. I set the DNS Alias: mail.bbb.com=mail.aaa.com, and it seems the problem is solved!
Thank you

blackwolf
New user
New user
Posts: 7
Joined: 2024-06-13 10:14

Re: EHLO and Local host name

Post by blackwolf » 2024-06-18 08:40

jim.bus wrote:
2024-06-14 11:54
blackwolf wrote:
2024-06-14 10:42

Correct HELO/DNS/rDNS alignment for domain example.com:
- Mail server HELO: mail.example.com
- Mail server IP: 192.0.2.12
- Forward DNS: mail.example.com -> 192.0.2.12
- Reverse DNS: 192.0.2.12 -> mail.example.com
I believe this example you give may not be correct. I believe the following line is the correct line:

Reverse DNS: 12.2.0.192 -> mail.example.com would be the correct rDNS. The rDNS Record I believe also reverses the IP Address as well.
This is the official response to my work order when I asked SBL to remove the blacklist.

Post Reply