Being added to CBL blocklist

[mrobinson20]

Hi,

I'm new here and wondered if someone could help. After upgrading from version 6 to 7 and rebooting I have noticed we are having emails returned from aol.com, hotmail.com etc..

After investigation I checked our IP address at spamhaus and noticed we are added to the CBL blocklist after running a check on CBL the following is returned..

This IP address is HELO'ing as "localhost.localdomain" which violates the relevant standards (specifically: RFC5321).

I've tried messing around with my etc/hosts file which is currently reading...

127.0.0.1 localhost.localdomain localhost
192.168.1.90 mail.ourdomain.co.uk mail

Any help or advice as to why this is happening would be most appreciated.

Thanks in advance.

[phoenix]

Quote:

Originally Posted by mrobinson20

This IP address is HELO'ing as "localhost.localdomain" which violates the relevant standards (specifically: RFC5321).

Surely the error message you've posted tells you what the problem is. You need to verify whether your server returns a correct response to the "HELO" command.

[LMStone]

Quote:

Originally Posted by mrobinson20

Hi,

I'm new here and wondered if someone could help. After upgrading from version 6 to 7 and rebooting I have noticed we are having emails returned from aol.com, hotmail.com etc..

After investigation I checked our IP address at spamhaus and noticed we are added to the CBL blocklist after running a check on CBL the following is returned..

This IP address is HELO'ing as "localhost.localdomain" which violates the relevant standards (specifically: RFC5321).

I've tried messing around with my etc/hosts file which is currently reading...

127.0.0.1 localhost.localdomain localhost
192.168.1.90 mail.ourdomain.co.uk mail

Any help or advice as to why this is happening would be most appreciated.

Thanks in advance.

As Bill said, you now know why you are being blocked, but I have never seen a Zimbra server HELO that way.

You can test easily enough from a command prompt on your Zimbra server:

Code:

zimbra@mail2:~> telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail2.reliablenetworks.com ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
zimbra@mail2:~>

Please test and report back.

Hope that helps,
Mark

[Soul99]

Hello.
I have the same problem. "

Quote:

zimbra@mailsrv:/home/alex$ telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.santonit.ru ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
zimbra@mailsrv:/home/alex$ zmcontrol -v
Release 7.1.4_GA_2555.UBUNTU10_64 UBUNTU10_64 FOSS edition.

[phoenix]

Quote:

Originally Posted by Soul99

I have the same problem. "

The same problem as what, exactly? Do you mean that you're on a blocklist? Might it be partly caused by the fact your DNS records are incorrect? Here's the output of a dig command for your domain:

Code:

dig santonit.ru mx

; <<>> DiG 9.8.1-P1 <<>> santonit.ru mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29533
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3

;; QUESTION SECTION:
;santonit.ru.                   IN      MX

;; ANSWER SECTION:
santonit.ru.            600     IN      MX      10 aspmx.l.google.com.
santonit.ru.            600     IN      MX      20 alt1.aspmx.l.google.com.
santonit.ru.            600     IN      MX      20 alt2.aspmx.l.google.com.

;; ADDITIONAL SECTION:
alt1.aspmx.l.google.com. 248    IN      A       173.194.70.26
alt2.aspmx.l.google.com. 38     IN      A       173.194.69.27
aspmx.l.google.com.     224     IN      A       173.194.66.27

;; Query time: 117 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Apr  9 19:10:24 2012
;; MSG SIZE  rcvd: 153

Note that none of these records actually resolve to your server IP.

[Soul99]

Yes/
My system:
E-mail to be google (for antispam).
I have installed on my server: zimbra + fetchmail. This bundle collects mail from the box on google.
And smtp server - also my mailserver.

I decided to check how it works and sent a test e-mail to helocheck@cbl.abuseat.org.
In response to this e-mail came:

Quote:

The mail system

<helocheck@cbl.abuseat.org>: host mail-in.cbl.abuseat.org[82.94.216.251] said:
550 HELO for IP 81.222.82.82 was "mail.santonit.ru" (in reply to RCPT TO
command)

wtf? They have any problems?

[Soul99]

up _

[justdave]

Usually the blacklists care about the HELO name you give on your outgoing connections, not the incoming one. Usually Zimbra's postfix will figure it out automatically from the name of your machine (you do have you machine set to its real hostname, right?)

It is possible to override the name that it uses though.

Code:

zmlocalconfig -e postfix_smtp_helo_name=your.domain.name

You may need to restart configd and the mta after changing that for it to pick it up.

[Soul99]

big tnx - my problem is solved!