Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 26 replies
  • Subscribers 1 subscriber
  • Views 26830 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"550 Access denied - Invalid HELO name" when emails are sent to certain domains

turboizzy
Hi,

I've noticed recently that when emails are being sent to certain domains from our Exchange Server they are failing a HELO check. Our emails our going through the Astaro SMTP proxy, all emails going out from the proxy are doing so via one IP address and I have checked that this IP address is not blacklisted anywhere. Also the the IP address associated with sending out email has a public DNS record.

Any help appreciated.

Thanks


This thread was automatically locked due to age.
Parents
  • 0
    apart from the "MTP Reverse DNS Mismatch Warning - Reverse DNS does not match SMTP Banner Ignore" error everything is fine. Emails have been coming and going all day
  • 0 in reply to turboizzy
    apart from the "SMTP Reverse DNS Mismatch Warning - Reverse DNS does not match SMTP Banner Ignore" error everything is fine. Emails have been coming and going all day


    That is PRECISELY your problem.  If you were to send email to me, to my address on our corporate email system, you would get dropped.  We (in the Sophos UTM) do RDNS checks on incoming smtp connections; if you don't have a valid PTR record for the IP sending the email, you get dropped.  Anti-Spam engines use this check to weed out zombie mail senders, and it's pretty effective.  You also need to configure the banner name (in your astaro) to match whatever record you configure.

    It's part of best practices to configure a PTR record for your external IP that points back at the A record that you have configured as a MX mail exchanger;  I suggest you contact your ISP (typically they handle PTR records for your external IP(s) ) and have them add the record in for you.  If you own your own assigned range, you are typically responsible for the RDNS setup.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to turboizzy
    apart from the "SMTP Reverse DNS Mismatch Warning - Reverse DNS does not match SMTP Banner Ignore" error everything is fine. Emails have been coming and going all day


    That is PRECISELY your problem.  If you were to send email to me, to my address on our corporate email system, you would get dropped.  We (in the Sophos UTM) do RDNS checks on incoming smtp connections; if you don't have a valid PTR record for the IP sending the email, you get dropped.  Anti-Spam engines use this check to weed out zombie mail senders, and it's pretty effective.  You also need to configure the banner name (in your astaro) to match whatever record you configure.

    It's part of best practices to configure a PTR record for your external IP that points back at the A record that you have configured as a MX mail exchanger;  I suggest you contact your ISP (typically they handle PTR records for your external IP(s) ) and have them add the record in for you.  If you own your own assigned range, you are typically responsible for the RDNS setup.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data
Unfiltered HTML