Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 32 subscribers
  • Views 22409 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to change HELO hostname for outbound SMTP sessions?

oxident

Hi!

I'm facing a strange problem: My mailserver, which is behind an XG, recently get blocked by Cisco's SenderBase algorithm because it identifies itself with a wrong hostname when issuing the HELO/EHLO command. I've already confirmed that the mailserver does send the correct name ("HELO mail.mydomain.com") but Cisco told me, they were informed that my server sends a "HELO Sophos" instead!

That gave me a real bad reputation on their list and some SMTP server are already starting to refuse connections from my host.

It looks to me that the XG uses somekind of (transparent) outbound SMTP proxy which rewrites the commands my mailserver issues.

Is there any possibility to either deactivate this behaviour or, even better, to change the HELO hostname?

Thanks in advance...



This thread was automatically locked due to age.
  • 0

    I'm having the same problem. From the good reputation we went to poor and cannot send to the domains with Cisco appliances. This is what I received from Senderbase personnel:

    We are seeing reports of HELO strings which do not match the PTR / rDNS of the IP. One of the HELO string we are seeing “Sophos” which is not exact matches to the PTR of the IP X.X.X.X (mail.domainname.com).  This is a common behavior pattern observed in Spambot infected systems / networks. Additionally, it contravenes RFCs 5321 and 5322, which explain that [HELO] commands are used to identify the SMTP client to the SMTP server.

    The PTR and ISP records are all correct.

  • 0 in reply to MikalaiAbmiotka

    That's the exact response I've got from Senderbase. I really wonder why the Firewall itself responds with "Sophos" as HELO string...

  • 0 in reply to oxident

    The problem ticked was created, I will inform you if there is a solution to it.

  • 0 in reply to MikalaiAbmiotka

    Thanks. I really appreciate this ;-)

    Unfortunately, I'm using the XG at home so I don't an opportunity to open a support case for myself.

  • 0

    Come to aware that fix to this issue has taken in to the next SFOS version.

  • 0 in reply to SPandya

    But it's still unclear to me which component is causing this. I mean, does my XG intercept "some" (definitely not every) outgoing SMTP connections? Does the XG tries to send some mails on its own?

  • 0 in reply to oxident

    Hi,

    is there any update on this ? 

    /bin/awarrensmtp

    .    ^H..    ^H..    ^HX.    ^HH.    ^H..    ^H .    ^H . 

    ^@rcptto != NULL^@nfy != NULL^@nfy->mailserver != NULL^@forward_mail: '%s'                                                                                                                                                                                                    

    ^@Waiting for reply                                                                                                                                                                                                                                                           

    ^@%s:%d:: fgets(%s) failed: %s                                                                                                                                                                                                                                                

    ^@NFY < '%s'                                                                                                                                                                                                                                                                  

    ^@%s:%d:: Invalid reply '%s'                                                                                                                                                                                                                                                  

    ^@%s:%d:: -ve reply: '%s'                                                                                                                                                                                                                                                     

    ^@HELO Sophos^M                                                                                                                                                                                                                                                               

    ^@NFY > '%s'                                                                                                                                                                                                                                                                  

    ^@%s:%d:: fputs(%s) failed: %s                                                                                                                                                                                                                                                

    ^@Done Sending mail body                                                                                                                                                                                                                                                      

    ^@^M                                                                                                                                                                                                                                                                          

    .^M                                                                                                                                                                                                                                                                           

    ^@QUIT^M               

    We got blacklisted in spamhouse because of bad HELO=Sophos                                                                                                                                                                                                                                                    

  • 0 in reply to BonMerd

    Hi Everyone,

    Update XG to v16 (beta now) where MTA is back and you can change even the SMTP Hostname and almost all other settings like UTM 9

  • 0 in reply to lferrara

    Thanks for the info Luk.

    EDIT: but unfortunately v16 beta is not released for our hardware. 

  • 0 in reply to SPandya

    When 15.01 MR-4 will be released? I have to route all outgoing mail through second gateway due to "HELO Sophos" bug, that is causing our domain blacklisted (Cisco SenderBase and SORBS). I don't want to test V16beta on production firewall now.

    Over 2 months of waiting to fix this critical issue and still no MR-4 :(