Skippy le Grand Gourou asked:
Our server has been listed several times on CBL (see this question) because it “attempted to send email without using the HELO/EHLO command”.
HELO on Exim’s logs, I found such suspicious (yet useful !) entries from GMail :
Remote host closed connection in response to HELO (EHLO response was: 501-5.5.4 Empty HELO/EHLO argument not allowed, closing connection.
and whatever email provider or software :
SMTP error from remote mail server after HELO : 501 Syntax: HELO hostname
It seems to me that these errors may be the very reason for which our IP is listed on CBL.
I can’t say for the GMail error yet because those messages are not in Exim’s queue anymore (I will confirm as soon as I get a new one), but the other message is a bounce email, as I suspected in the other question (“retry timeout exceeded” because of non-existent address).
Now, I couldn’t find confirmation online but I guess it’s not normal that bounce emails have an empty HELO command, right ? So how do I configure Exim so that they don’t ?
NB : I know I could just blackhole such messages, which I’ll eventually try if I can’t find a better solution, but it doesn’t seem like the right approach.
NB2 : For “regular emails” the HELO command is already set as follow, from
Most servers check for a valid hostname in the EHLO/HELO command. The parameter must be the FQDN of your server as it is seen on the Internet, and your forward and reverse DNS must match for that name.
For example, if your machine is named
It must send
EHLO mail.example.com. Mail servers normally do this by default (except on Debian based systems); they usually have to be explictly misconfigured to not do so (except on Debian based systems). Spammers often don’t bother with EHLO or can’t send a legitimate hostname.
See here for how to configure Exim.
The DNS A/AAAA record for
mail.example.commust have a record matching the IPv4 or IPv6 address which connected to the remote machine.
mail.example.com IN A 192.0.2.83
The IP address which connected to the remote machine must have a DNS PTR record with the name
18.104.22.168.in-addr.arpa. IN PTR mail.example.com.
Connections which fail one or more of these checks will generally have their mail marked as spam or rejected. If your server fails any of these checks with a spamtrap, it will end up on a blackhole list.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.