exim4 rejecting mail from host with underscore

37 views
Skip to first unread message

Jerry Shenk

unread,
May 31, 2012, 10:53:03 PM5/31/12
to security-onion
OK, this is an odd one - It's not even an IDS issue, it's just trying
to get the SO box to do a simple e-mail forwarding task.

I have a Xerox printer that doesn't play do well with delivering it's
own mail so, I tried bouncing it off my SO box. But, exim4 rejects
the message because it has an underscore in the name
(XRX_0000AAD49B83). The error is ( rejected EHLO from [10.1.1.23]:
syntactically invalid argument(s): XRX_7000ABD79B43).

I have found documentation about what to do (http://stackoverflow.com/
questions/86907/how-do-i-fix-501-syntactically-invalid-helo-arguments)
but I can't get it to work. Does it matter which config file I put
this in?

Doug Burks

unread,
Jun 1, 2012, 6:29:37 AM6/1/12
to securit...@googlegroups.com
Hi Jerry,

This is really outside of the scope of Security Onion and this mailing
list, but if you're able to log into the Xerox printer and configure
the relay settings, couldn't you just change its hostname and remove
the underscore?

Thanks,
Doug
--
Doug Burks | http://securityonion.blogspot.com
Don't miss SANS SEC503 Intrusion Detection In-Depth in
Augusta GA 6/11 - 6/16 | 10% discount for ISSA Members!
http://augusta.issa.org/drupal/SANS-Augusta-2012

Jerry Shenk

unread,
Jun 1, 2012, 7:48:02 AM6/1/12
to security-onion
I think so - I don't have access to this printer, gonna try that this
AM.

Castle, Shane

unread,
Jun 1, 2012, 9:50:58 AM6/1/12
to securit...@googlegroups.com
Sigh. Many years ago I had to kick and scream (well, figuratively) to convince my coworkers not to put underscores in host names, as doing so specifically violated the RFC for hostnames and DNS. I see this is still biting folks in the butt.

--
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH

Jerry Shenk

unread,
Jun 5, 2012, 10:23:00 AM6/5/12
to security-onion
I kicked and screamed and the underscores are now gone. It took
awhile because of some misunderstanding that it was the machine NAME,
the the FROM: that needed to be changed. Got 'em all changed and now
we're good.
Reply all
Reply to author
Forward
0 new messages