SMTP HELO/EHLO with multiple ISPs (Load Balanced)

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
User avatar
Lee Thompson
Normal user
Normal user
Posts: 36
Joined: 2009-01-15 11:18

SMTP HELO/EHLO with multiple ISPs (Load Balanced)

Post by Lee Thompson » 2012-09-01 02:26

I will say up front that I don't see a good solution for this problem. I'm posting this partially just to discuss the issue and also in a desperate hope that someone more clever has figured out a way to make this work.

I have a rather complex setup. I have a load-balancing router and two ISPs. (One is ADSL, the other is cable).

Normally, the router sends traffic to whichever WAN is less busy at that moment (and will continue to try to send future traffic from that host to the same WAN for awhile.) This, naturally, plays havoc with sending e-mail and the EHLO/HELO validation in particular.

At the moment, I have a rule on the router in place so that all outgoing mail will always go out over WAN-1 (and the hostname hMailServer is to use for HELO/EHLO resolves to that external IP). In a perfect world, I'd like to at least be able to fall back to sending mail on WAN-2 if there is some kind of emergency such as an outage on WAN-1.

The whole SMTP HELO/EHLO system doesn't seem to be very well designed to handle this situation.

While you can make multiple A records (say mta.mydomain.com or smtpout.mydomain.com). You'd also have to set the PTRs to these. In my research, I've read that having multiple PTRs for a given IP address can cause problems for some software and I really don't want both of these IPs to rev DNS to something like 'mta.mydomain.com'. Reasons being that e-mail isn't the only service I run. And perhaps more importantly, if I'm troubleshooting an issue and only the hostname is presented, I would have no way of distinguishing which WAN that connection came over.

As far as I can tell there is no good solution to this problem. If only forward DNS was used, there wouldn't be an issue, just create multiple A records and call it a day. Of course, reverse DNS offers a more reliable method of determining if the host name given is legit or not.

It's too bad there isn't a way to have hMail tell which WAN it's on at the time and use a different hostname or if HELO/EHLO had been designed to give multiple hostnames (maybe similar to the way the SPF record is designed.)

User avatar
mattg
Moderator
Moderator
Posts: 20894
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP HELO/EHLO with multiple ISPs (Load Balanced)

Post by mattg » 2012-09-01 03:28

I'm not sure that a PTR records needs to point to your domain, or even any of them.

My hMailserver hosts multiple domains, and the ptr record is some like this

XXX.XXX.XXX.XXX.in-addr.arpa -> CPE-XXX-XXX-XXX-XXX.static.myisp.com.au

Where the XXs are my static IP address
None of my hosted domains are mentioned in this record

I've never experienced issues with PTR that I am aware of.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
Lee Thompson
Normal user
Normal user
Posts: 36
Joined: 2009-01-15 11:18

Re: SMTP HELO/EHLO with multiple ISPs (Load Balanced)

Post by Lee Thompson » 2012-09-01 04:00

I'm doing some tests since mattg said it probably didn't matter with the PTRs but I'm getting mixed results.

I temporarily set the load balancing router to force outgoing mail to go out over WAN-2 and changed hMailServer's name to use for HELO to one that has multiple A records (each external IP is listed). My MX records list both IPs as well and my SPF record gives permission for any host in the MX list to send. One of those hosts is the multi-record one that I'm using for HELO.

I then sent test messages to various external e-mail accounts and have had mixed results. 3 went through, 2 are still in the queue and get 451 errors from the receiving mail server (which usually means you're greylisted). The messages are usually rather vague "450 4.7.1 service temporarily unavailable" or "451 please try again later (gl)".

What's a little odd about this, is if I force it back to WAN-1 with the same hostname, it works - and neither PTR record resolves to the special multi-homed host name.

I wonder if perhaps these servers are rejecting based upon the ISP it's coming from? (Comcast Business Class)

But that seems rather extreme.

User avatar
mattg
Moderator
Moderator
Posts: 20894
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP HELO/EHLO with multiple ISPs (Load Balanced)

Post by mattg » 2012-09-01 05:28

The way that greylisting works, if the IP address on WAN1 was previously approved then these will normally go straight through. If the IP address on Wan2 is NOT known then they will be delayed.

Are the machines that are doing the greylisting controlled by you?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
Lee Thompson
Normal user
Normal user
Posts: 36
Joined: 2009-01-15 11:18

Re: SMTP HELO/EHLO with multiple ISPs (Load Balanced)

Post by Lee Thompson » 2012-09-03 07:17

The machines being sent to are not under my control.

It looks like you were correct though, after a delay (24 hour?) all hosts seem to be accepting e-mail from either WAN.

Thanks!

Post Reply