ip is blocked by cbl due to IP address is HELO'ing as "localhost.localdomain" which violates the relevant standards (specificall

I need help to fix this issue

This IP address is HELO'ing as "localhost.localdomain" which violates the relevant standards (specifically: RFC5321).

The CBL does not list for RFC violations per-se. This particular behaviour, however, correlates strongly to spambot infections, and it is listed for that reason. Even if it isn't an infection, it's a misconfiguration that should be fixed, because many spam filtering mechanisms operate with the same rules, and it's best to fix it regardless of whether the CBL notices it or not.

There is often confusion between the SMTP "banner" and the SMTP "HELO" (or EHLO) command. These are completely different things, and proper understanding is important.

First some terminology (somewhat simplified to aid understanding):

A "SMTP client" is a piece of software that makes SMTP connections to SMTP servers to send a piece of email to the server. Most E-mail servers consist of an "SMTP listener" (to listen for and handle connections made to them by SMTP clients), an SMTP client (to send emails to other mail servers) and a local delivery agent (LDA) to deliver email to "local" users (eg: via POP or IMAP).

Thus, SMTP clients make connections to SMTP listeners, and issue SMTP commands to the listener.

The "HELO" (or "EHLO") command (see RFC2821) is a command issued by the SMTP client to an SMTP server to identify the name of the client. "HELO mail.example.com" means, essentially, "Hi there, my name is mail.example.com".

The "SMTP banner" is what the listener says in response the initial connection or in response to the HELO command.

The CBL works in many cases by seeing what SMTP clients say (in the HELO/EHLO command) when the client connects to a CBL detector. Since the CBL NEVER does SMTP probes, it has no way of knowing how a given IP banners.

You can test SMTP banners with telnet and other similar diagnostic tools, but you CANNOT test SMTP HELO/EHLO with telnet.

For that, you can send an email to helocheck@cbl.abuseat.org. That will reject the email (as an error), and the error will show you what the HELO/EHLO was.

If this IP is a mail server: please read namingproblems to find out why your IP was listed, and ways to fix it so it doesn't relist.

This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.

Status: 
Active

Comments

Howdy -- what output do you get if you run the command "hostname" on your server?

localhost.localdomain

Ah, it looks like you don't have an FQDN setup for your server.

You can set that up by going into Webmin -> Networking -> Network Configuration -> Hostname and DNS Client.

You'd want to setup a name in the format "host.domain.tld" -- and whatever name you setup should also have a DNS record setup for it so that it'll resolve.

so in the hostname i will change to >>>>host.domain.tld

resulution order =hostfile dns

dns server 192.168.0.1 127.0.0.1

search domain

under listed

localdomain

when i run hostname on the server now i get out put

host.domain.tld

please let me know if this is ok

The only thing I'd recommend changing is your hostname. If you're seeing "host.domain.tld" now when you run "hostname", then that should be good!

ok thanks

Hello Sir,

can you please log in and check why i have ongoing issue with my email

ip was blocked bcz of bad setting in the email so we fix those setting as per your advice but we still have the issue

we also changed the ip of this server but we still have the same issue

i am not getting email

i send jammie the email with root access to find out what is happening

plzzz

You could also check whether you have a corresponding reverse dns entry for your ip address?

If you could also send an email to eric@virtualmin.com containing that login info, I could take a look at your system now, and see if any obvious problems stand out. Thanks!

Email sent

It looks like your server's hostname is literally set to "host.domain.tld".

The name "host.domain.tld" is just an example -- that should be set to your actual FQDN hostname.

What should your server's hostname actually be? It should include a domain that you own.

Planetgrouprealty.com. Is the domain

Plz let me know ASAP

Host.planetrealty.com.tld

Hmm, you don't seem to have a domain named "planetrealty.com".

But, we can make it "FOO.planetgrouprealty.com" if you want.

The name "FOO" can be anything -- something use "web1" if they can't think of a better name -- but it's just a name for your server.

Whatever name it is you want to go with -- you'd need to go into Webmin -> Networking -> Network Configuration -> Hostname and DNS Client, and set your hostname in there.

Once you do that, you can then go back into Virtualmin, select planetgrouprealty.com, and then go into Server Configuration -> DNS Records, and add a DNS 'A' record for "FOO.planetgrouprealty.com" (using whatever name you choose in place of the word "FOO").

Can you plz set up this for me as I just do not wanna make a mistake our. Office no is getting email let's setup. Ns1.planetgrouprealty.com

It looks like you already have the DNS for "ns1.planetgrouprealty.com" setup. That's good! So the only step then is to change your hostname to that.

While we don't mind logging into your server to assist with problems, we'd prefer to teach you how to make changes such as this, rather than doing it ourselves :-)

We'll verify it after you perform the changes.

To change your server's hostname, all you have to do is go into Webmin -> Networking -> Network Configuration -> Hostname and DNS Client, and where it says "Hostname" at the top of that screen, change your hostname to be "ns1.planetgrouprealty.com", and then click "Save".

Once you do that, let us know and we'll verify your hostname and email settings.

We can not send or receive email

Plz help me to fix the issue

We're happy to help!

In comment #17 above, we said the following:

change your hostname to be "ns1.planetgrouprealty.com", and then click "Save".

However, as I look at your server's hostname now, it's set to this:

ns1.planetgrouprealty.com.tld

You want to use a name that exists, and a name that will resolve. The name you actually want to use is the one we mentioned above:

ns1.planetgrouprealty.com

Try changing it to that (without the .tld at the end), save that, and then after that, try sending your email again.

If it doesn't work -- what error are you getting when trying to send or receive an email?

so far still have email issue

when i try to create new user to test the email i am getting error

Failed to save mailbox

: Failed to write to /home/planetgrouprealty/etc/dav.digest.passwd : Disk quota exceeded

That "Disk quota exceeded" error is the key there -- it means that account is out of disk space.

You would need to add additional disk space to that Virtual Server before you would be able to send and receive email, or add new accounts.

ok seems like emails are now working

thanks