RE: "This message has been blocked because the HELO/EHLO domain is invalid"

  • From: "saleem" <sroumald@xxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 15 Jul 2005 11:34:41 -0400

Thanks


-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Friday, July 15, 2005 11:15 AM
To: [ExchangeList]
Subject: [exchangelist] RE: "This message has been blocked because the
HELO/EHLO domain is invalid"

http://www.MSExchange.org/

Your MX record is mail2.graphicsolutions.com. The A record for that says
IP
address is 67.65.36.129. However, the PTR record for the IP says
pmx.nazdar.com. When you connect to mail2.graphicsolutions.com, the
greeting
says pmx.nazdar.com.

Yes, you are treading in deep water. E-mail requires certain things to
be
set up correctly. You post kind of rambles on and is some what hard to
understand.

The SMTP server you are sending outgoing e-mail from will present its
configured FQDN meaning host and domain. That FQDN is supposed to match
what
the PTR record says for the IP that it is connecting with.

The NDR is at the correct point. Your server starts to connect to the
receiving server, and during the handshake the receiving server says
sorry,
but I can not talk to you and then your server properly creates the NDR
to
send to the sender.

When you say that changing the virtual name causes DNS problems
indicates
you have DNS problems, or virtual server configuration problems.

John T
eServices For You

> -----Original Message-----
> From: Dan Klobnak [mailto:dan.klobnak@xxxxxxxxxxxxxxxxxxxxxxx]
> Sent: Friday, July 15, 2005 5:33 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: "This message has been blocked because the
HELO/EHLO
> domain is invalid"
> 
> http://www.MSExchange.org/
> 
> I am resending this message, as I realized I had a bogus subject "RE:
exchange
> Digest", and it may have been rightfully ignored. My apologies...
> 
> Hi there, MSExchange 2000 Standard SP3 on a Windows 2003 server. Our
users
> received the following NDR when sending an external e-mail to one
external
domain.
> Not a problem with other domains; and we can reach the domain if we
use a
hotmail
> account or when I SMTP to it.  I am hoping to communicate with the
other
SysAdmin.
> Have not seen this one before, and have been doing some research.
Based on
the
> research, I guess I can go in a couple of different directions, but
was
curious as to
> your expert opinions/suggestions.
> 
> NDR:
> The following recipient(s) could not be reached:
> 'user@xxxxxxxxxxx' on 13/07/2005 9:26
> You do not have permission to send to this recipient. For assistance,
contact your
> system administrator.
> <gsi-fs1.graphicsolutionsinc.com #5.7.1 smtp;554 5.7.1 This message
has
been
> blocked because the HELO/EHLO domain is invalid.>
> 
> Note: the server generating the error is our mail server. The NDR is
immediate, and
> Message Tracking indicates an Event ID 1030 (NDR Generated),
immediately
after a
> 1020 (Started Outbound Transfer).
> 
> Resubmitted, as I realized my subject was "RE: exchangelist digest:
July
14, 2005"
> and may have been rightly ignored...
> 
> Searching on:
>  "You do not have permission to send to this recipient."
> Lead to options regarding being filtered by a SPAM...ie. Either on a
list
(which we tend
> to not believe is the case, and pur T1 Provider, Megapath, stated if
we
were ID'd as
> SPAMMER, they would be involved. I take that statement with a grain of
salt).  In any
> event I verified our Open Relay status, and we're locked down.
> 
> 1.    Any websites you'd recommend to check ourselves against for
further
> verification?
> 
> Another possibility may be an issue with a reverse lookup? Again, this
is
from a bunch
> of sources, none that I would consider authoritive, so I could be
misinterpreting.
> However, our e-mail comes from our server, and our MX record's A
record
actually
> points to a sister company's IP, as they filter SPAM for us before
forwarding.  There is
> a difference of Public IPs.
> Another option maybe the fact that we do not have an SPF record in our
DNS
> (something I learned about yesterday)?
> 
> Searching on:
> "This message has been blocked because the HELO/EHLO domain is
invalid"
> 
> Seemed to point to SMTP Virtual server setting. When I telnet to SMTP,
my
server
> does not match the MX record, which to be compliant with RFC 2821
seems to
be
> required. The server reflects the actual server name. When I try to
change
properties
> of the SMTP Virtual Server to my MX record, Mail2, I can not verify to
my
internal
> DNS. I don't want to go to the issue of changing my server's name, and
I
am thinking
> I can not have two entries within DNS pointing to the same IP, or is
there
a way to
> accommodate?
> 
> Other option, modify my MX record to be reflect my server name?
> 
> I admit, I am treading some deep water here for me. Since we're
successful
with
> 99.99 of other external e-mails, it is appealing to say it's the other
side (the "been
> blocked because the HELO/EHLO domain is invalid" certainly is not
saying
which
> domain is invalid. When I SMTP their mail server, mail.printar.com,
their
server name
> is simply printar.com, so they are not 'compliant' either.). However,
since we have a
> few loose ends on our side, I'd like to tighten us up, as I imagine
the
ongoing battle
> with SPAM will simply be cause more of these errors.
> 
> Any other ideas, thoughts, would be GREATLY appreciated.
> 
> I can't seem to find anything regarding these search strings at MS
support
either, so I
> assume I'm searching incorrectly. Thanks, Dan
> 
> ------------------------------------------------------
> List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
sroumald@xxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx


Other related posts: