PCGuys.org.uk Bogus HELO

Bogus HELO

0 Comments

The SMTP HELO command is used by the outgoing mail server to greet the destination servers that they are connecting to. It is usually the first command issued when mail is being sent. It means “Hello, I am… Many viruses and bulk emailers send false or nonstandard HELO messages. We filter these messages and block traffic from email servers that utilize non-standard HELO settings.

Here are the types of error messages related to HELO issues that you may experience.

1. Bogus HELO

This means that the sending email server connected to our email server and said “HELO [their IP]”. RFC 1123 says that the HELO (“hello”) message should contain “a valid principal host domain name for the client host”. This means a name like “smtp.exampledomain.com”, or mail.exampledomain.com” – ie a fully qualified domain name. An IP address is not a valid listing for the name of the server, and nor is an address such as ‘rad.internal’. In order to resolve this situation, the sending servers administrators will need to configure the server properly, which will cause it to identify itself by name rather than IP address. The administrators of this server may also want to check it for viruses, as many viruses use the HELO command with an IP rather than the name.

2. Bogus HELO (IP address listed here)

This means that the sending server connected to us and said “HELO (receiving email server’s IP)”. What this means is that the sending server tried to say “Hello, I’m you!” This action is generally caused by a virus. In order to resolve this situation, the sending servers administrators will need to check it for viruses.

3. Bogus HELO matches RCPT

This means that the sending system connected to our email server and said “HELO (receiving email server’s domain name)”. This is another version of “Hello, I’m you!” but using the server’s domain name rather than the server’s IP address. This is normally caused by a virus or a bulk emailer. If this process is not done intentionally, it is generally created by a virus. The server’s administrators will need to check the machine for problems. We hope that this information is useful in diagnosing and resolving the issue that you are experiencing.


« Back to the Knowledgebase