sendmail problem
Douglas
any idea of this error when i send to this site. any configuration caused in
my sendmail server.
thanks
>> >>>> ----- The following addresses had permanent fatal errors -----
>> >>>> <er...@wunited.com>
>> >>>> (reason: 553 Bogus helo classic.asianet.co.th 203.98.178.XX.
>> >>>> <http://unblock.secureserver.net/?ip=203.98.178.*>)
>> >>>> <mich...@wunited.com>
>> >>>> (reason: 553 Bogus helo classic.asianet.co.th 203.98.178.XX.
>> >>>> <http://unblock.secureserver.net/?ip=203.98.178.*>)
then, the secureserver.net 's administrator reply
>> Replying the reason of the 'Returned mail' as follows:
>>
>>
>> The bounce back message shows that the email was returned 'due to
excessive spam' and has returned a 'bogus helo'. This indicates that
the server the email originated from either has a virus or has not been
setup correctly. Please refer to the following information regarding
this issue:
>>
>> --------------------------------------------------------------------------
> ------------------------
>>
>> The SMTP HELO command is used by the outgoing mail server to greet the
destination servers that they are connecting to. It is usually the
first command issued when mail is being sent. It means "Hello, I am
..." Many viruses and bulk emailers send false or nonstandard HELO
messages. We are starting to filter these messages and block traffic
from email servers that utilize non-standard HELO settings.
>>
>> Here are the types of error messages related to helo issues that you
may experience:
>>
>> 1. bogus helo
>>
>> This means that the sending email server connected to our email server
and said "HELO [their IP]". RFC 1123 says that the HELO ("hello")
message should contain "a valid principal host domain name for the
client host". This means a name like "smtp.exampledomain.com", or
"mail.exampledomain.com". An IP address is not a valid listing for the
name of the server.
>>
>> In order to resolve this situation, the sending server's administrators
will need to configure the server properly, which will cause it to
identify itself by name rather than IP address. The administrators of
this server may also want to check it for viruses, as many viruses use
the HELO command with an IP rather than the name.
>>
>> 2. bogus helo (203.98.178.xx)
>>
>> This means that the sending server connected to us and said "HELO
(receiving email server's IP)". What this means is that the sending
server tried to say "Hello, I'm you!" This action is generally caused
by a virus.
>>
>> In order to resolve this situation, the sending server's administrators
will need to check it for viruses.
>>
>> 3. bogus helo matches rcpt
>>
>> This means that the sending system connected to our email server and
said "HELO (receiving email server's domain name)". This is another
version of "Hello, I'm you!" but using the server's domain name rather
than the server's IP address. This is normally caused by a virus or a
bulk emailer.
>>
>> If this process is not done intentionally, it is generally created by a
virus. The server's administrators will need to check the machine for
problems.
>>
>> We hope that this information is useful in diagnosing and resolving the
issue that you are experiencing.
Douglas
Taylor, Grant
> Hi all,
>
> any idea of this error when i send to this site. any configuration caused in
> my sendmail server.
>
> thanks
>
> >>> ----- The following addresses had permanent fatal errors -----
> >>> <er...@wunited.com>
> >>> (reason: 553 Bogus helo classic.asianet.co.th 203.98.178.XX.
> >>> <http://unblock.secureserver.net/?ip=203.98.178.*>)
> >>> <mich...@wunited.com>
> >>> (reason: 553 Bogus helo classic.asianet.co.th 203.98.178.XX.
> >>> <http://unblock.secureserver.net/?ip=203.98.178.*>)
This indicates that the receiving server did not like your HELO / EHLO name.
> The bounce back message shows that the email was returned 'due to
> excessive spam' and has returned a 'bogus helo'. This indicates that
> the server the email originated from either has a virus or has not been
> setup correctly. Please refer to the following information regarding
> this issue:
The administrator's comment corroborates what I stated above.
(See more below)
> The SMTP HELO command is used by the outgoing mail server to greet the
> destination servers that they are connecting to. It is usually the
> first command issued when mail is being sent. It means "Hello, I am
> ...." Many viruses and bulk emailers send false or nonstandard HELO
This description tells you why SecureServers.Net will reject your messages
stating a bogus helo. Check to see if any of the above are the case.
You can check to see what Sendmail believes it's host name is by:
sendmail -d0.10
Check the "SENDMIAL IDENTITY (after readcf)" section.
Grant. . . .
mui.d...@gmail.com
the result showed below and any commet about this issue.
Thanks.
Version 8.13.7
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET
NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP
STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT
OS Defines: ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD
HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE
HASRANDOM
HASRRESVPORT HASSETREGID HASSETREUID HASSETRLIMIT
HASSETSID
HASSETVBUF HASURANDOMDEV HASSTRERROR HASUNAME
HASUNSETENV
HASWAITPID IDENTPROTO NEEDSGETIPNODE REQUIRES_DIR_FSYNC
USE_DOUBLE_FORK USE_SIGLONGJMP
Kernel symbols: /boot/vmlinux
Conf file: /etc/mail/submit.cf (default for MSP)
Conf file: /etc/mail/sendmail.cf (default for MTA)
Pid file: /var/run/sendmail.pid (default)
Canonical name: mail.fortune-star.com.hk
UUCP nodename: mail.fortune-star.com.hk
a.k.a.: mail
a.k.a.: [203.98.178.xx]
Conf file: /etc/mail/submit.cf (selected)
Pid file: /var/run/sm-client.pid (selected)
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = mail
(canonical domain name) $j = mail.fortune-star.com.hk
(subdomain name) $m = fortune-star.com.hk
(node name) $k = mail.fortune-star.com.hk
========================================================
Recipient names must be specified
Taylor, Grant 寫道:
Taylor, Grant
> the result showed below and any commet about this issue.
<snip>
> ============ SYSTEM IDENTITY (after readcf) ============
> (short domain name) $w = mail
> (canonical domain name) $j = mail.fortune-star.com.hk
> (subdomain name) $m = fortune-star.com.hk
> (node name) $k = mail.fortune-star.com.hk
> ========================================================
Well it looks like your system knows it's own host name, or at least a host
name that the receiving server should not complain about.
My next step would be to attempt to send a test email while capturing the
traffic so you can see the entire SMTP transaction. I would think this
would be trivial to do with TCPDump as you know the source and destination
host and can predict the ports too.
At present, your configuration looks like it should comply with the
SecureServers.net bogus helo requirement.
The only thing that I do notice is that your name of
"mail.fortune-star.com.hk" resolves to "203.98.178.91" which does not
reverse resolve to any thing. You may need to set up reverse DNS for your
self. However, I would think that SecureServers.Net would return a
different error message.
Grant. . . .
mui.d...@gmail.com
don't know how to capture the traffic, any instruction suggested?
Thanks
Taylor, Grant 寫道:
Taylor, Grant
> don't know how to capture the traffic, any instruction suggested?
Try:
tcpdump -nNxXi <interface> -s 0 proto TCP and host <destination> and port 25
That should capture traffic leaving the appropriate interface going to the
destination mail host on port 25.
Grant. . . .
mui.d...@gmail.com
00:11:06.000175 IP 203.98.178.91.42574 > 64.202.166.12.smtp: S
3255926366:3255926366(0) win 5840 <mss 1460,sackOK,timestamp 250147212
0,nop,wscale 2>
0x0000: 4500 003c 8fd2 4000 4006 4655 cb62 b25b
E..<..@.@.FU.b.[
0x0010: 40ca a60c a64e 0019 c211 7e5e 0000 0000
@....N....~^....
0x0020: a002 16d0 e553 0000 0204 05b4 0402 080a
.....S..........
0x0030: 0ee8 f18c 0000 0000 0103 0302 ............
00:11:06.208877 IP 64.202.166.12.smtp > 203.98.178.91.42574: S
1271068062:1271068062(0) ack 3255926367 win 0
0x0000: 4500 0028 8fd2 4000 2a06 5c69 40ca a60c
E..(..@.*.\i@...
0x0010: cb62 b25b 0019 a64e 4bc2 f59e c211 7e5f
.b.[...NK.....~_
0x0020: 5012 0000 2304 0000 0000 0000 0000
P...#.........
00:11:06.208979 IP 203.98.178.91.42574 > 64.202.166.12.smtp: . ack 1
win 5840
0x0000: 4500 0028 8fd3 4000 4006 4668 cb62 b25b
E..(..@.@.Fh.b.[
0x0010: 40ca a60c a64e 0019 c211 7e5f 4bc2 f59f
@....N....~_K...
0x0020: 5010 16d0 0c35 0000 P....5..
00:11:06.423506 IP 64.202.166.12.smtp > 203.98.178.91.42574: . ack 1
win 5840
0x0000: 4500 0028 0000 4000 3306 e33b 40ca a60c
E..(..@.3..;@...
0x0010: cb62 b25b 0019 a64e 4bc2 f59f c211 7e5f
.b.[...NK.....~_
0x0020: 5010 16d0 0c35 0000 0000 0000 0000
P....5........
00:11:06.471968 IP 64.202.166.12.smtp > 203.98.178.91.42574: P 1:21(20)
ack 1 win 5840
0x0000: 4500 003c 0cce 4000 3306 d659 40ca a60c
E..<..@.3..Y@...
0x0010: cb62 b25b 0019 a64e 4bc2 f59f c211 7e5f
.b.[...NK.....~_
0x0020: 5018 16d0 e0d1 0000 3232 3020 7262 6c73
P.......220.rbls
0x0030: 6d74 7064 2e6c 6f63 616c 0d0a mtpd.local..
00:11:06.472061 IP 203.98.178.91.42574 > 64.202.166.12.smtp: . ack 21
win 5840
0x0000: 4500 0028 8fd4 4000 4006 4667 cb62 b25b
E..(..@.@.Fg.b.[
0x0010: 40ca a60c a64e 0019 c211 7e5f 4bc2 f5b3
@....N....~_K...
0x0020: 5010 16d0 0c21 0000 P....!..
00:11:06.472373 IP 203.98.178.91.42574 > 64.202.166.12.smtp: P 1:32(31)
ack 21 win 5840
0x0000: 4500 0047 8fd5 4000 4006 4647 cb62 b25b
E..G..@.@.FG.b.[
0x0010: 40ca a60c a64e 0019 c211 7e5f 4bc2 f5b3
@....N....~_K...
0x0020: 5018 16d0 c2b0 0000 4548 4c4f 206d 6169
P.......EHLO.mai
0x0030: 6c2e 666f 7274 756e 652d 7374 6172 2e63
l.fortune-star.c
0x0040: 6f6d 2e68 6b0d 0a om.hk..
00:11:06.683879 IP 64.202.166.12.smtp > 203.98.178.91.42574: . ack 32
win 5840
0x0000: 4500 0028 0ccf 4000 3306 d66c 40ca a60c
E..(..@.3..l@...
0x0010: cb62 b25b 0019 a64e 4bc2 f5b3 c211 7e7e
.b.[...NK.....~~
0x0020: 5010 16d0 0c02 0000 0000 0000 0000
P.............
00:11:06.683958 IP 64.202.166.12.smtp > 203.98.178.91.42574: P
21:41(20) ack 32 win 5840
0x0000: 4500 003c 0cd0 4000 3306 d657 40ca a60c
E..<..@.3..W@...
0x0010: cb62 b25b 0019 a64e 4bc2 f5b3 c211 7e7e
.b.[...NK.....~~
0x0020: 5018 16d0 e09b 0000 3235 3020 7262 6c73
P.......250.rbls
0x0030: 6d74 7064 2e6c 6f63 616c 0d0a mtpd.local..
00:11:06.684990 IP 203.98.178.91.42574 > 64.202.166.12.smtp: P
32:73(41) ack 41 win 5840
0x0000: 4500 0051 8fd6 4000 4006 463c cb62 b25b
E..Q..@.@.F<.b.[
0x0010: 40ca a60c a64e 0019 c211 7e7e 4bc2 f5c7
@....N....~~K...
0x0020: 5018 16d0 247b 0000 4d41 494c 2046 726f
P...${..MAIL.Fro
0x0030: 6d3a 3c64 6f75 676c 6173 2e6d 7569 4074
m:<douglas.mui@t
0x0040: 6f70 7465 6368 2d68 6b2e 696e 666f 3e0d
optech-hk.info>.
0x0050: 0a .
00:11:06.895712 IP 64.202.166.12.smtp > 203.98.178.91.42574: P
41:61(20) ack 73 win 5840
0x0000: 4500 003c 0cd1 4000 3306 d656 40ca a60c
E..<..@.3..V@...
0x0010: cb62 b25b 0019 a64e 4bc2 f5c7 c211 7ea7
.b.[...NK.....~.
0x0020: 5018 16d0 e05e 0000 3235 3020 7262 6c73
P....^..250.rbls
0x0030: 6d74 7064 2e6c 6f63 616c 0d0a mtpd.local..
00:11:06.896387 IP 203.98.178.91.42574 > 64.202.166.12.smtp: P
73:101(28) ack 61 win 5840
0x0000: 4500 0044 8fd7 4000 4006 4648 cb62 b25b
E..D..@.@.FH.b.[
0x0010: 40ca a60c a64e 0019 c211 7ea7 4bc2 f5db
@....N....~.K...
0x0020: 5018 16d0 2b2d 0000 5243 5054 2054 6f3a
P...+-..RCPT.To:
0x0030: 3c65 7269 6340 7775 6e69 7465 642e 636f
<er...@wunited.co
0x0040: 6d3e 0d0a m>..
00:11:07.152854 IP 64.202.166.12.smtp > 203.98.178.91.42574: P
61:165(104) ack 101 win 5840
0x0000: 4500 0090 0cd2 4000 3306 d601 40ca a60c
E.....@.3...@...
0x0010: cb62 b25b 0019 a64e 4bc2 f5db c211 7ec3
.b.[...NK.....~.
0x0020: 5018 16d0 0ce1 0000 3535 3320 426f 6775
P.......553.Bogu
0x0030: 7320 6865 6c6f 2063 6c61 7373 6963 2e61
s.helo.classic.a
0x0040: 7369 616e 6574 2e63 6f2e 7468 2032 3033
sianet.co.th.203
0x0050: 2e39 382e 3137 382e 3931 2e20 3c68 7474
.98.178.91..<htt
0x0060: 703a 2f2f 756e 626c 6f63 6b2e 7365 6375
p://unblock.secu
0x0070: 7265 7365 7276 6572 2e6e 6574 2f3f 6970
reserver.net/?ip
0x0080: 3d32 3033 2e39 382e 3137 382e 2a3e 0d0a
=203.98.178.*>..
00:11:07.154334 IP 203.98.178.91.42574 > 64.202.166.12.smtp: P
101:107(6) ack 165 win 5840
0x0000: 4500 002e 8fd8 4000 4006 465d cb62 b25b
E.....@.@.F].b.[
0x0010: 40ca a60c a64e 0019 c211 7ec3 4bc2 f643
@....N....~.K..C
0x0020: 5018 16d0 666d 0000 5253 4554 0d0a
P...fm..RSET..
00:11:07.374373 IP 64.202.166.12.smtp > 203.98.178.91.42574: P
165:185(20) ack 107 win 5840
0x0000: 4500 003c 0cd3 4000 3306 d654 40ca a60c
E..<..@.3..T@...
0x0010: cb62 b25b 0019 a64e 4bc2 f643 c211 7ec9
.b.[...NK..C..~.
0x0020: 5018 16d0 dfc0 0000 3235 3020 7262 6c73
P.......250.rbls
0x0030: 6d74 7064 2e6c 6f63 616c 0d0a mtpd.local..
00:11:07.412285 IP 203.98.178.91.42574 > 64.202.166.12.smtp: . ack 185
win 5840
0x0000: 4500 0028 8fd9 4000 4006 4662 cb62 b25b
E..(..@.@.Fb.b.[
0x0010: 40ca a60c a64e 0019 c211 7ec9 4bc2 f657
@....N....~.K..W
0x0020: 5010 16d0 0b13 0000 P.......
00:11:11.056424 IP 203.98.178.91.42574 > 64.202.166.12.smtp: P
107:113(6) ack 185 win 5840
0x0000: 4500 002e 8fda 4000 4006 465b cb62 b25b
E.....@.@.F[.b.[
0x0010: 40ca a60c a64e 0019 c211 7ec9 4bc2 f657
@....N....~.K..W
0x0020: 5018 16d0 6351 0000 5155 4954 0d0a
P...cQ..QUIT..
00:11:11.273065 IP 64.202.166.12.smtp > 203.98.178.91.42574: P
185:205(20) ack 113 win 5840
0x0000: 4500 003c 0cd4 4000 3306 d653 40ca a60c
E..<..@.3..S@...
0x0010: cb62 b25b 0019 a64e 4bc2 f657 c211 7ecf
.b.[...NK..W..~.
0x0020: 5018 16d0 dea9 0000 3232 3120 7262 6c73
P.......221.rbls
0x0030: 6d74 7064 2e6c 6f63 616c 0d0a mtpd.local..
00:11:11.273102 IP 203.98.178.91.42574 > 64.202.166.12.smtp: . ack 205
win 5840
0x0000: 4500 0028 8fdb 4000 4006 4660 cb62 b25b
E..(..@.@.F`.b.[
0x0010: 40ca a60c a64e 0019 c211 7ecf 4bc2 f66b
@....N....~.K..k
0x0020: 5010 16d0 0af9 0000 P.......
00:11:11.273134 IP 64.202.166.12.smtp > 203.98.178.91.42574: F
205:205(0) ack 113 win 5840
0x0000: 4500 0028 0cd5 4000 3306 d666 40ca a60c
E..(..@.3..f@...
0x0010: cb62 b25b 0019 a64e 4bc2 f66b c211 7ecf
.b.[...NK..k..~.
0x0020: 5011 16d0 0af8 0000 0000 0000 0000
P.............
00:11:11.273161 IP 203.98.178.91.42574 > 64.202.166.12.smtp: F
113:113(0) ack 205 win 5840
0x0000: 4500 0028 8fdc 4000 4006 465f cb62 b25b
E..(..@.@.F_.b.[
0x0010: 40ca a60c a64e 0019 c211 7ecf 4bc2 f66b
@....N....~.K..k
0x0020: 5011 16d0 0af8 0000 P.......
00:11:11.273183 IP 203.98.178.91.42574 > 64.202.166.12.smtp: . ack 206
win 5840
0x0000: 4500 0028 8fdd 4000 4006 465e cb62 b25b
E..(..@.@.F^.b.[
0x0010: 40ca a60c a64e 0019 c211 7ed0 4bc2 f66c
@....N....~.K..l
0x0020: 5010 16d0 0af7 0000 P.......
00:11:11.491023 IP 64.202.166.12.smtp > 203.98.178.91.42574: . ack 114
win 5840
0x0000: 4500 0028 227e 4000 3306 c0bd 40ca a60c
E..("~@.3...@...
0x0010: cb62 b25b 0019 a64e 4bc2 f66c c211 7ed0
.b.[...NK..l..~.
0x0020: 5010 16d0 0af7 0000 0000 0000 0000
P.............
Taylor, Grant 寫道:
Taylor, Grant
> i only capture this when using those command
<snip / convert>
Well, after rebuilding the packets and extracting the text, the SMTP
conversation went like this.
S: 220 rblsmtpd.local
C: EHLO mail.fortune-star.com.hk
S: 250 rblsmtpd.local
C: MAIL From:<dougl...@toptech-hk.info>
S: 250 rblsmtpd.local
C: RCPT To:<er...@wunited.com>
S: 553 Bogus helo classic.asianet.co.th 203.98.178.91
<http://unblock.secureserver.net/?ip=203.98.178.*>
C: RSET
S: 250 rblsmtpd.local
C: QUIT
S: 221 rblsmtpd.local
The main thing that I find is that your server does not have reverse DNS
set up for it's IP address. One thing that puzzles me is the
"classic.asianet.co.th", I'm not sure where that is coming from. You may
want to forward the SMTP session above and see what SecureServers.Net has
to say about it.
Grant. . . .
mui.d...@gmail.com
Thanks a lot. I just setup a DNS server and create a reverse looking
address for this mail server. The DNS record will update on coming
thursday. After that, I think the problem will resolve.
Thanks and Regards,
Douglas
Taylor, Grant 寫道:
Per Hedeland
Grant" <gta...@riverviewtech.net> writes:
>
>Well, after rebuilding the packets and extracting the text, the SMTP
>conversation went like this.
>
>S: 220 rblsmtpd.local
>C: EHLO mail.fortune-star.com.hk
>S: 250 rblsmtpd.local
>C: MAIL From:<dougl...@toptech-hk.info>
>S: 250 rblsmtpd.local
>C: RCPT To:<er...@wunited.com>
>S: 553 Bogus helo classic.asianet.co.th 203.98.178.91
><http://unblock.secureserver.net/?ip=203.98.178.*>
>C: RSET
>S: 250 rblsmtpd.local
>C: QUIT
>S: 221 rblsmtpd.local
>
>The main thing that I find is that your server does not have reverse DNS
>set up for it's IP address. One thing that puzzles me is the
>"classic.asianet.co.th", I'm not sure where that is coming from. You may
>want to forward the SMTP session above and see what SecureServers.Net has
>to say about it.
Based on the correct EHLO, the apparent total irrelevance of the
"classic.asianet.co.th", and most of all the '*' in the given URL, I
would guess that they have blocked the whole /24 due to a connection
from *some* address in that range "bogusly" using
"classic.asianet.co.th" in HELO/EHLO. I couldn't find any actual info
about the cause or nature of the blocking at that URL or nearby, though.
--Per Hedeland
p...@hedeland.org
mui.d...@gmail.com
As your reply, that means they block the whole subnet of 203.98.178.* ?
Douglas
Per Hedeland
[Please don't top-post.] That is my guess, yes - the /24 I used is the
so-called "CIDR notation" giving the number of bits in the "netmask",
i.e. /24 is the same as 255.255.255.0, which in this case would amount
to "wildcarding" the last octet in the address. But it's only a guess.
--Per Hedeland
p...@hedeland.org