Re: SMTP_HELO_NAME can cause Blacklist triggers

Mon, 11 Feb 2019 07:14:26 -0800 

> On 06.02.19 02:42, Patton, Matthew [Contractor] wrote:
>>>> I learned the hard way that if you don't set $myhostname to a FQDN
>>>> you can quickly end up on a black list despite having valid SPF
>>>> records.
>
> any evidence about this?


On 08.02.19 14:42, Patton, Matthew [Contractor] wrote:

The host has both forward and reverse registered.  It was in SPF.  It's
been sending mail just fine for months.  Previously the server had been
HELO using an invalid FQDN configured via $myhostname.  The hostname was

bogus, as in could not be resolved, though the domain did exist. 
Furthermore the domain it was identifying as didn't match the PTR nor SPF. 
If anything, the host should have been blackballed from day one.



> what led you to the conclusion that your non-fqdn hostname caused RBL
> listing?


I changed the HELO to 'smtp' and $mydomain to match the A/PTR and the CBL
got triggered within a very short period of time.  Likely because of a
hosted email provider like Microsoft (outlook.com) since we send a lot of
messages their way.  The other BL were clear/green.

The CBL remediation page was explicit about the lone 'smtp' being a trigger
word thanks to Microtek routers, and it refused to clear me (hit count
kept going up) until I had a FQDN or perhaps a hostname that wasn't a
trigger word - I didn't have the luxury of time to screw around testing
hypotheses.  As soon as I changed my HELO to the FQDN the reputation
started to improve until it rolled off.


> I know servers that refuse non-FQDN helo.
> I've seen servers that refuse invalid or generic DNS names
> (ip-XXXXXX.aws.internal is both).
> But I don't remember a RBL that would immediately list such hosts.


If the HELO is simply 'smtp' its apparently good enough for the CBL.


It is not.  As you said, your reverse DNS was "ip-XXXXXX.aws.internal", and
thus generic name.  the HELO name was just "smtp".

They were two different reasons leading to CBL listing.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.

I intend to live forever - so far so good. 

























					Reply via email to