Topic: SME 10.0 rejecting mail from Nethserver 7.9

[toothandnail]

I don't think this is an SME bug, but I'm wondering if anyone else has seen anything similar. I maintain 7 SME servers for local small businesses. I'm (very slowly..) starting to upgrade them from 9.2 to 10. Taking the two smallest systems first...

Initially I had some problems with email. Restoring from a backup seemed fine, but local users were then having problems with logging into their email accounts. By restoring only the system config, then using rsync to copy mail in, that problem seems to be overcome. But I've hit another glitch.

One of the original systems was migrated to Nethserver when Nethserver 7.3 was released. Its now on 7.9. And I cannot use its email server to send mail to either of the two upgraded SME 10 systems. On every attempt, I get a bounce message. Reason for the bounce is as below:

Code: [Select]

host
    mail.geminimanufacturing.co.uk[xx.xxx.xxx.xx] said: 550-(helo) HELO
    hostname does not exist 550 (helo) HELO hostname does not exist (in reply
    to MAIL FROM command)
That seemed like a very odd response. Checking the SME logs gives me this:

Code: [Select]

2021-09-05 13:15:04.187299500 6894 Accepted connection 0/40 from xx.xx.xx.xxx / mail.brillcomputers.co.uk
2021-09-05 13:15:04.187485500 6894 Connection from mail.brillcomputers.co.uk [xx.xx.xx.xxx]
2021-09-05 13:15:05.660719500 6894 dispatching EHLO barracuda.brillcomputers.co.uk
2021-09-05 13:15:05.898886500 6894 250-geminimanufacturing.co.uk Hi mail.brillcomputers.co.uk [82.71.20.128]
2021-09-05 13:15:06.228898500 6894 dispatching EHLO barracuda.brillcomputers.co.uk
2021-09-05 13:15:06.235183500 6894 250-geminimanufacturing.co.uk Hi mail.brillcomputers.co.uk [82.71.20.128]
2021-09-05 13:15:06.275100500 6894 dispatching MAIL FROM:<paul@brillcomputers.co.uk> SIZE=811 BODY=8BITMIME
2021-09-05 13:15:06.334857500 6894 (mail) resolvable_fromhost: pass, brillcomputers.co.uk has MX at mail.brillcomputers.co.uk
2021-09-05 13:15:06.439516500 6894 (mail) sender_permitted_from: skip, tolerated, none, brillcomputers.co.uk: No applicable sender policy available
2021-09-05 13:15:06.440345500 6894 (deny) logging::logterse: ` 82.71.20.128 mail.brillcomputers.co.uk barracuda.brillcomputers.co.uk naughty 903 (helo) HELO hostname does not exist
2021-09-05 13:15:06.440570500 6894 deny mail from <paul@brillcomputers.co.uk> ((helo) HELO hostname does not exist
 (helo) HELO hostname does not exist)
So it looks as though the early-talker plugin for postfix is the reason for the rejection.

I seem to remember there was a way to change the timeout on that plugin, but since I can't provoke the same sort of response with anything else (tired with three different commectial email addresses that I have access to), I don't really want to make changes to the SME systems.

I'm wondering if anyone else has hit similar problems, and if there are any other suggestions as to getting rount it? If nothing else, I've not hit similar problems with the Nethserver sending to any other systems....

[ReetP]

Koozali SME doesn't use postfix.

I have zero experience with Neth and it is substantially different these days.

Either fix the HELO issue in your sending server (the right answer - probably to do with using barracuda vs mail & DNS) or add the HELO name to WBL Helo hosts as per the wiki to ignore the issue.

Regarding your restore it should have worked, but if it didn't then you know the normal process. We can't help you if you don't tell us!!

But that is unrelated to the HELO issue.

[mmccarn]

The qpsmtpd helo plugin does a lookup on the HELO/EHLO name provided by the sending server to verify that it matches the IP address of the server that has connected.

The email from the neth server is arriving from mail.brillcomputers.co.uk, but is using EHLO barracuda.brillcomputers.co.uk, and there is no DNS entry for barracuda.brillcomputers.co.uk (perhaps the neth server is behind a barracuda appliance that is storing, scanning, and re-transmitting outbound emails?)

You have three options, really:
1. reconfigure the device using EHLO barracuda.brillcomputers.co.uk to use EHLO mail.brillcomputers.co.uk
2. reconfigure the device using EHLO barracuda.brillcomputers.co.uk to relay email through an online email relay service
2. create a DNS entry for barracuda.brillcomputers.co.uk with the same IP as mail.brillcomputers.co.uk.

You can whitelist the neth server or disable the helo plugin on your SME systems, but you'll still have difficulty sending email to users with mail servers that verify HELO/EHLO. Yahoo or AOL (I forget which) used to accept and discard email from systems with invalid HELO/EHLO without giving any errors, which was quite frustrating...

[ReetP]

Great answer from Mike - wish we had a '+1' or 'Like' button here sometimes.

I was on a phone so hadn't got access to all that!

[Jean-Philippe Pialasse]

to note, this is not a SME specific verification, but this is one of the most frequent test to classify one sender a safe or spammer, so it is a good thing you found out this way before you got blacklisted from a few places, if it is not already done.

usually you mail server should have a dns name, this one should be defined as reverse dns too on your ip and  it should present itself using the very same name. All of those are important and are checked during a transaction.

[stephdl]

Like others answered you have to fill your dns fields correctly, it is a pity but spammers do them better than us and our weapons to fight them are used against us

I wrote some documentations some time ago of course Neth related but the principles are still true for SME Server


https://wiki.nethserver.org/doku.php?id=email_protection_resources