How to check the outgoing HELO name of the sendmail server

emailsendmail

My email server got blacklisted and I get the following message from Zenhaus CBL:

X.X.X.X. was found to be using the following name as the HELO/EHLO parameter during connections: "localhost.localdomain".

Unfortunately there were too many requests and CBL does not let me remove the blacklisting. Also I have absolutely no experience with sendmail and I don't know how to debug it/where to start, because this is what needs to be fixed first.

How can I check the HELO value by myself on the CLI?

Has anyone experienced a similar problem and can help me get sendmail running again without being blacklisted?

P.S:

The strange thing is that the same configuration worked before (I made a P2V migration from a physical machine to a virtual machine) and I never got blacklisted before the migration on the old physical server. The only thing I forgot to do after the P2V migration was changing the reverse DNS (but still this seems to not have anything in common with HELO name).

Best Answer

It is typical for all mail providers to log the HELO/EHLO parameter in all mail they process.

Open the headers (source) of a mail that anyone recently accepted from your server in question, it likely spells out your EHLO in one of the Received: headers. The topmost Received header mentioning your IP will contain two names: ~~first~~ the name you provided in HELO/EHLO, and the one obtained from looking up your network address. Usually the one next to the address literal [IP] is is rDNS name.

Received: from localhost.localdomain
  (mx7.yourdomain.example [192.0.2.2])
  by example.net (Postfix)
  with ESMTPS
  id ABC12345
  for <mary@example.net>;  21 Nov 1997 10:05:43 -0600

The relevant specification of what mail servers should put there is found in RFC 5321 Section 4.4

When an SMTP server receives a message for delivery or further
processing, it MUST insert trace ("time stamp" or "Received")
information at the beginning of the message content [..]

The FROM clause, which MUST be supplied in an SMTP environment, SHOULD contain both (1) the name of the source host as presented in the EHLO command and (2) an address literal containing the IP address of the source, determined from the TCP connection.

Do note that some list complaining about you using a bad name does not necessarily mean the server you are currently configuring used that name. You or a previous owner of your network address could theoretically have connected to a system reporting to that list operators via other clients.

Do also note that a list operator claiming a high number of requests about a network address is a very bad sign. List operators expect that their blocks lead the affected party to thoroughly investigate before even thinking of requesting removal from the list. Be sure to confirm that the listing indeed was meant for you, specifically (e.g. see IPv6 specific explanations here) and you have firmly established that the problem has been pinpointed and fully resolved.

Where are the logs?

The default location depends on your linux/unix system, but the most common places are

/var/log/maillog
/var/log/mail.log
/var/adm/maillog
/var/adm/syslog/mail.log

If it's not there, look up /etc/syslog.conf. You should see something like this

mail.*         -/var/log/maillog

sendmail writes logs to the mail facility of syslog. Therefore, which file it gets written to depends on how syslog was configured.

If you system uses syslog-ng (instead of the more "traditional" syslog), then you'll have to look up your syslog-ng.conf file. You'll should something like this:

# This files are the log come from the mail subsystem.
#
destination mail     { file("/var/log/mail.log"); };
destination maillog  { file("/var/log/maillog"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr  { file("/var/log/mail.err"); };

Unable to send out emails?

One of the most common reason I've seen for a freshly installed sendmail not being able to send out emails is the DAEMON_OPTIONS being set to listen only on 127.0.0.1

See /etc/mail/sendmail.mc

dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

If that's your case, remove the "Addr=127.0.0.1" part, rebuild your conf file and you're good to go!

DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl

[root@server]$ m4 sendmail.mc > /etc/sendmail.cf
[root@server]$/etc/init.d/sendmail restart

If you've been making changes to /etc/sendmail.cf manually thus far (instead of the *.m4 file) you can make similar changes in /etc/sendmail.cf. The offending line will look like this:

O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA

Change it to:

O DaemonPortOptions=Port=smtp, Name=MTA

Sendmail – How to Specify Outgoing HELO

I added the following in sendmail.mc:

define(`confDOMAIN_NAME', `mail.foo.com')dnl

and then:

m4 sendmail.mc > sendmail.cf
service sendmail restart

I also verified that this worked with the email verifier service at http://www.port25.com/domainkeys/ (auth-results@verifier.port25.com). Neat service, you send it an email and it replies to the from header with information about your SPF, Domain Keys, etc...

Best Answer

Related Solutions

Where to check log of sendmail

Where are the logs?

Unable to send out emails?

Sendmail – How to Specify Outgoing HELO

Related Topic