Score:1

How to solve "The forward DNS lookup (domain name to IP address) of your IP should match the HELO value set in your server." issue

gg flag

My IP is blacklisted in spamhouse

this is the message they sent me but I have no idea how to fix it

my domain is www.monstermmorpg.com

my domain ip is : 198.245.73.82

I did setup DKIM and SPF correctly and they are working (tested with gmail)

I send emails as [email protected]

My server is windows server 2019

I use default SMTP of the windows server 2019

Please help me to make necessary changes requested below

What do I need to do? Add some values to my DNS record?

Thank you for contacting Spamhaus CSS Removals,

Please use https://translate.google.com if needed.

198.245.73.82 is making SMTP connections which indicate that it is
misconfigured.

Please correct the mail server's HELO 'WIN-4RM8VME8D58' and if needed,
configure it with correct DNS (forward and reverse) and HELO/EHLO
values. Corr cting an invalid HELO or a HELO/forward DNS lookup
mismatch will stop the IP from being listed again.

* The forward DNS lookup (domain name to IP address) of your IP should
match the HELO value set in your server.
* Forward and rDNS should resolve in public DNS for both the IP, and the
HELO value.
* The HELO must be a fully qualified domain name (FQDN): we recommend
using "hostname.example.com", not just a domain like "example.com".
The domain used should belong to your organisation.
* HELO is a server setting, not DNS.

Contact your hosting provider for assistance if needed. They
can configure rDNS for you.

You can test a server's HELO configuration by sending an email
from it to "[email protected]". A bounce that contains the
required information will be returned immediately.

If all settings are correct, you have another problem, probably
malware. Again, the HELO we are seeing is 'WIN-4RM8VME8D58'. The last detection was at 2021-06-15 20:55:00 (UTC).

For information on misconfigured SMTP servers, please see this FAQ:
https://www.spamhaus.org/faq/section/Hacked...%20Here's%20help#539

This listing is removed now. It will list again if it is redetected.
Please configure proper rDNS and HELO values.

I have made the following changes. Here the header of hotmail received email

can you check headers and let me know if it is correct now or not

    Received: from DM6NAM12HT043.eop-nam12.prod.protection.outlook.com
 (2603:10a6:800:e9::11) by VI1PR07MB4797.eurprd07.prod.outlook.com with HTTPS
 via VI1PR0302CA0001.EURPRD03.PROD.OUTLOOK.COM; Wed, 16 Jun 2021 10:00:33
 +0000
Received: from DM6NAM12FT068.eop-nam12.prod.protection.outlook.com
 (2a01:111:e400:fc64::51) by
 DM6NAM12HT043.eop-nam12.prod.protection.outlook.com (2a01:111:e400:fc64::247)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.9; Wed, 16 Jun
 2021 10:00:32 +0000
Authentication-Results: spf=pass (sender IP is 198.245.73.82)
 smtp.mailfrom=monstermmorpg.com; hotmail.com; dkim=pass (signature was
 verified) header.d=monstermmorpg.com;hotmail.com; dmarc=bestguesspass
 action=none header.from=monstermmorpg.com;compauth=pass reason=109
Received-SPF: Pass (protection.outlook.com: domain of monstermmorpg.com
 designates 198.245.73.82 as permitted sender)
 receiver=protection.outlook.com; client-ip=198.245.73.82;
 helo=MonsterMMORPG.monstermmorpg.com;
Received: from MonsterMMORPG.monstermmorpg.com (198.245.73.82) by
 DM6NAM12FT068.mail.protection.outlook.com (10.13.179.117) with Microsoft SMTP
 Server id 15.20.4219.9 via Frontend Transport; Wed, 16 Jun 2021 10:00:32
 +0000
X-IncomingTopHeaderMarker:
 OriginalChecksum:7EC2942255E7B562A18F00A91C8EDE41C2C05D42B991EDBB11FBB94734F25177;UpperCasedChecksum:733286F73432122309A8EA0A023F757FF3B8AA96A3650CD0BABBEA10BF69753A;SizeAsReceived:1169;Count:12
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    s=s1024; d=monstermmorpg.com;
    h=mime-version:from:to:date:subject:content-type:message-id;
    bh=fh5czuzb+CJSsHcG3zK6WsmUxhq8a0ms7wtNB3dRhC4=;
    b=cJfB+TMKv7g6w2q5S5qrnf9ldR4RNXlPkAiVZh+J2i9/g3bopOKD+gxwWP+lVJ
      UNB+z90+MU5P1RBbu8s5rJkJVYYXOlQfm+3o5UMxTPm1s0c4lvyLq0YgJtqJ5S
      xEpXQ53R+K3o5zJt0YVVbtC5gJ7Mh1frFYgr9wLN2otflfU=
Received: from MonsterMMORPG ([127.0.0.1]) by MonsterMMORPG.monstermmorpg.com with Microsoft SMTPSVC(10.0.17763.1697);
     Wed, 16 Jun 2021 10:00:32 +0000
From: "MonsterMMORPG" <[email protected]>
Score:3
cv flag

You need to set the FQDN of the SMTP virtual server properties in the Advanced settings of the Delivery tab of the SMTP virtual server properties pages. This is what you need to change, not the computer/host name of the actual computer.

gg flag
I have changed it. Now it is : helo=MonsterMMORPG.monstermmorpg.com; Is this correct?
gg flag
I have added received email by hotmail headers to the first post. can you check that?
A.B avatar
cl flag
A.B
there's still https://mxtoolbox.com/SuperTool.aspx?action=spf%3amonstermmorpg.com&run=toolpage showing an SPF problem (I guess: don't include monstermmorpg.com , it's already itself).
gg flag
@A.B what about helo? I tested with gmail yahoo and hotmail all SPF pass but no info regarding helo pass or not
A.B avatar
cl flag
A.B
@MonsterMMORPG I was just commenting about something obvious: SPF is not OK despite what you said, so you should address this thing. I didn't check anything else.
gg flag
@A.B so what exactly do i need to do to fix spf? thank you
Score:1
us flag

The HELO statement echoes the host name of the machine. It looks like your Windows server has a host name set to “WIN-4RM8VME8D58” - set this to the hostname you have in DNS should help quite a bit.

gg flag
ty for answer. how do i set this hostname in dns?
tilleyc avatar
us flag
It's not a DNS issue per se. You need to change the hostname on your Windows server. [This is a good guide for how to do so.](https://www.snel.com/support/hostname-change-on-windows-server-2019/) Your hostname should be DNS-resolvable (so you could name it monstermmorpg.com), and it should have a valid A record that points to its IP (in the case of monstermmorpg.com, you already have this).
gg flag
ty very much for answer. I did setup PTR. how can I be sure now it is correct? I did host name as MonsterMMORPG and did setup PTR as Name: monstermmorpg.com Address: 198.245.73.82
tilleyc avatar
us flag
None of that is what I described. Please go back, read what I wrote, and change the hostname on your Windows machine.
joeqwerty avatar
cv flag
You need to set the FQDN of the SMTP virtual server properties in the Advanced settings of the Delivery tab of the SMTP virtual server properties pages. This is what you need to change, not the computer/host name of the actual computer.
gg flag
I have added received email by hotmail headers to the first post. can you check that?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.