Score:-1

Server

Spamhaus blacklisted our mdaemon server IP due to wrong HELO

Backi

5/31/24, 6:35 AM

since two weeks ago spamhaus kept on putting our IP address on the CSS blacklist - we've had few thing to fix from the guideline so we delisted ourselves few times after checking all the requirements.

Now after 3 times they created a ticket for our case and state that our helo response is a localhost:

Then something else is going on:

(IP, UTC timestamp, HELO value) 188.39.** 2023-05-30 18:40:00 localhost.localdomain 188.39.** 2023-05-30 07:35:00 localhost.localdomain 188.39.** 2023-05-28 07:05:00 localhost.localdomain 188.39.** 2023-05-27 22:05:00 localhost.localdomain 188.39.** 2023-05-27 17:05:00 localhost.localdomain

Note the top one is after your message claiming the HELO is correct.

Every time we have been blacklisted we checked our helo response by sending an email to [email protected] and response was proper FQDN with valid syntax - no error here.

Is there anyway that they could be getting the localhost.localdomain response from our IP? How do they test for HELO response, could it be firewall sending HELO?

I would appreciate any help, thank you

113

1 + 6

email-server

mdaemon

spamhaus

vidarlo

5/31/24, 6:57 AM

Read your config files. We are not clairvoyant.

Backi

5/31/24, 7:08 AM

I can't see anything wrong with the config on a mdaemon side (HELO related), and it comes back correct with every tool i tested it with, mail-tester, helocheck. Only spamhaus is receiving this HELO, so I guess their incoming connection is different than the testing I done

vidarlo

5/31/24, 7:26 AM

You haven't really given enough information for any answers here. No config, no details, only som log.lines...

djdomi

5/31/24, 10:12 AM

Questions seeking installation, configuration or diagnostic help must include the desired end state, the specific problem or error, sufficient information about the configuration and environment to reproduce it, and attempted solutions. Questions without a clear problem statement are not useful to other readers and are unlikely to get good answers please read word by word carefully and provide all steps

paladin

5/31/24, 11:33 AM

Let your mail server listen to a global IP and not to localhost.

Zac67

7/10/24, 2:30 PM

Has any answer solved your question? Then please accept it or your question will keep popping up here forever. Please also consider voting for useful answers.

Score:2

Server

Zac67

5/31/24, 2:08 PM

If your Mdaemon is configured correctly (check secondary domains as well) then something else might be using the same public IP address.

A common scenario for that is when you've got a single public IPv4 address on your router and source NAT everything through it. That way, a spam source inside your network is indistinguishable from your MTA from the outside.

You need to either

separate outgoing client traffic from your mail agent by using multiple public IP addresses, or
deny outgoing SMTP from your clients. It's fine to permit outgoing SMTP/MSA to port 587 (can't be used for spamming) or to port 465 for SMTPS (mostly only authenticated MSA), but not to port 25, at least not to arbitrary servers.

Option 2 is hightly recommended as you don't only save your MTA from being blacklisted but also the rest of the world from being spammed from your network.

It's also a good idea to raise an alarm when a private client tries to connect outbound to port 25: it's either someone trying to bypass your mail system or an intruder using an infected client.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Spamhaus blacklisted our mdaemon server IP due to wrong HELO

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.