Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 32 subscribers
  • Views 22419 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to change HELO hostname for outbound SMTP sessions?

oxident

Hi!

I'm facing a strange problem: My mailserver, which is behind an XG, recently get blocked by Cisco's SenderBase algorithm because it identifies itself with a wrong hostname when issuing the HELO/EHLO command. I've already confirmed that the mailserver does send the correct name ("HELO mail.mydomain.com") but Cisco told me, they were informed that my server sends a "HELO Sophos" instead!

That gave me a real bad reputation on their list and some SMTP server are already starting to refuse connections from my host.

It looks to me that the XG uses somekind of (transparent) outbound SMTP proxy which rewrites the commands my mailserver issues.

Is there any possibility to either deactivate this behaviour or, even better, to change the HELO hostname?

Thanks in advance...



This thread was automatically locked due to age.
Parents
  • 0

    I'm having the same problem. From the good reputation we went to poor and cannot send to the domains with Cisco appliances. This is what I received from Senderbase personnel:

    We are seeing reports of HELO strings which do not match the PTR / rDNS of the IP. One of the HELO string we are seeing “Sophos” which is not exact matches to the PTR of the IP X.X.X.X (mail.domainname.com).  This is a common behavior pattern observed in Spambot infected systems / networks. Additionally, it contravenes RFCs 5321 and 5322, which explain that [HELO] commands are used to identify the SMTP client to the SMTP server.

    The PTR and ISP records are all correct.

Reply
  • 0

    I'm having the same problem. From the good reputation we went to poor and cannot send to the domains with Cisco appliances. This is what I received from Senderbase personnel:

    We are seeing reports of HELO strings which do not match the PTR / rDNS of the IP. One of the HELO string we are seeing “Sophos” which is not exact matches to the PTR of the IP X.X.X.X (mail.domainname.com).  This is a common behavior pattern observed in Spambot infected systems / networks. Additionally, it contravenes RFCs 5321 and 5322, which explain that [HELO] commands are used to identify the SMTP client to the SMTP server.

    The PTR and ISP records are all correct.

Children