Postfix HELO reply, can it be dynamic for every domain?

7 posts / 0 new
Last post
#1 Wed, 01/31/2007 - 10:54

Postfix HELO reply, can it be dynamic for every domain?

apparently to fight spam ISPs are making sure the HELO FQDN matches the from FQDN in the email. Is there a work around to this?

Wed, 01/31/2007 - 12:28
Joe's picture

Hey Conrad,

I think you're just hitting a poorly configured ISP or misinterpreting the bounce.

The only sane way to use HELO checking as an anti-spam measure is to check to see if it matches the reverse lookup name. Anything else is bound to go awry (and even that is so often misconfigured that it's going to bounce a lot of innocent mail).

So, make sure your HELO matches your reverse lookup (IP-to-name), and all should be fine. If it isn't, then the ISP that bounces it is at fault (and they're bouncing a significant portion of innocent mail, because properly configured mail servers will not behave that way). HELO is easily spoofed, and so the best indicator of spam is that HELO is lying (which would mean setting it to the senders email address domain rather than the correct name for the server).

But I bet the ISP in question won't bounce it once you get the reverse name and the HELO matching.

Postfix usually picks this up automatically, so I'm guessing you've set it manually in the Postfix configuration? Removing that option from your configuration will usually get it right.


Check out the forum guidelines!

Wed, 01/31/2007 - 13:26

Agreed, mail severs should be configured that way, but after doing some reading more and more people are starting to bounce spoofed HELOs rather than using rDNS.

Here's the error i'm getting...[[216.177.XXX.XXX]] said: 501 5.7.1
( Sender domain must exist (in reply to MAIL
FROM command)

Sun, 06/07/2009 - 07:01 (Reply to #3)
Joe's picture

Hey Craig,

<i>Agreed, mail severs should be configured that way, but after doing some reading more and more people are starting to bounce spoofed HELOs rather than using rDNS.</i>

OK, but that doesn't change my advice. You're misinterpreting what &quot;spoofed HELO&quot; means.

You're asking for a way to spoof your HELO, and I'm telling you not to. A spoofed HELO is one that is <i>not</i> the actual FQDN of the server sending the message. If you set the HELO to match the domain of each email address (and that domain does not match the address of the server) then you are spoofing HELO, and you will be bounced by any server that bounces on spoofed HELO (I'm not suggesting people should be bouncing on spoofed HELOs, since they are so often misconfigured...but as you've noted, some people are).

So, I think this is a case of misinterpreting the bounce. I suspect in this case the error is saying the domain in the email ( does not resolve. Check to be sure all of your names and addresses resolve...this kind of error is almost always about resolution, not the actual names in the message. So:

host 216.177.XXX.XXX
host whatever.address.came.back

Where whatever.address.came.back is the name you got from the first host query--both the IP and the name that the IP returns must resolve. And the other domains in the message also must resolve. The error you're getting indicates to me that one of these is not resolving...not that the HELO is a problem.

It is definitely <i>not</i> that the receiving mail server wants you to spoof the HELO to match the domain. If it is (I don't believe it is based on the above error, but if it is), then the receiving mail server is misconfigured and should be fixed on the receiving server--you simply can't do something mad just to accommodate one mad server. Spoofing HELO is madness. ;-)

In short: Don't spoof HELO. HELO should always be the FQDN of your server and that should exactly match the reverse lookup of your outgoing IP.


Check out the forum guidelines!

Wed, 01/31/2007 - 13:27

and yes, my rDNS is setup correctly.

Wed, 01/31/2007 - 13:35

And...Thanks for the reply Joe!

Wed, 01/31/2007 - 21:27

Joe, I don't know what i was thinking, duh! rDNS will be wrong if i spoofed the HELO. brain fart. Anyways, I think i found the problem here.

The ISP that i'm having problems with use to host domain A, which i now host. However, domain B is on the same ISP as domain A use to. I queried their name servers and they have bad data statically set in there still! I'll be sending them an email tomorrow!

Topic locked