RE: "This message has been blocked because the HELO/EHLO domain is invalid"
- From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Fri, 15 Jul 2005 08:15:15 -0700
Your MX record is mail2.graphicsolutions.com. The A record for that says IP
address is 67.65.36.129. However, the PTR record for the IP says
pmx.nazdar.com. When you connect to mail2.graphicsolutions.com, the greeting
says pmx.nazdar.com.
Yes, you are treading in deep water. E-mail requires certain things to be
set up correctly. You post kind of rambles on and is some what hard to
understand.
The SMTP server you are sending outgoing e-mail from will present its
configured FQDN meaning host and domain. That FQDN is supposed to match what
the PTR record says for the IP that it is connecting with.
The NDR is at the correct point. Your server starts to connect to the
receiving server, and during the handshake the receiving server says sorry,
but I can not talk to you and then your server properly creates the NDR to
send to the sender.
When you say that changing the virtual name causes DNS problems indicates
you have DNS problems, or virtual server configuration problems.
John T
eServices For You
> -----Original Message-----
> From: Dan Klobnak [mailto:dan.klobnak@xxxxxxxxxxxxxxxxxxxxxxx]
> Sent: Friday, July 15, 2005 5:33 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: "This message has been blocked because the
HELO/EHLO
> domain is invalid"
>
> http://www.MSExchange.org/
>
> I am resending this message, as I realized I had a bogus subject "RE:
exchange
> Digest", and it may have been rightfully ignored. My apologies...
>
> Hi there, MSExchange 2000 Standard SP3 on a Windows 2003 server. Our users
> received the following NDR when sending an external e-mail to one external
domain.
> Not a problem with other domains; and we can reach the domain if we use a
hotmail
> account or when I SMTP to it. I am hoping to communicate with the other
SysAdmin.
> Have not seen this one before, and have been doing some research. Based on
the
> research, I guess I can go in a couple of different directions, but was
curious as to
> your expert opinions/suggestions.
>
> NDR:
> The following recipient(s) could not be reached:
> 'user@xxxxxxxxxxx' on 13/07/2005 9:26
> You do not have permission to send to this recipient. For assistance,
contact your
> system administrator.
> <gsi-fs1.graphicsolutionsinc.com #5.7.1 smtp;554 5.7.1 This message has
been
> blocked because the HELO/EHLO domain is invalid.>
>
> Note: the server generating the error is our mail server. The NDR is
immediate, and
> Message Tracking indicates an Event ID 1030 (NDR Generated), immediately
after a
> 1020 (Started Outbound Transfer).
>
> Resubmitted, as I realized my subject was "RE: exchangelist digest: July
14, 2005"
> and may have been rightly ignored...
>
> Searching on:
> "You do not have permission to send to this recipient."
> Lead to options regarding being filtered by a SPAM...ie. Either on a list
(which we tend
> to not believe is the case, and pur T1 Provider, Megapath, stated if we
were ID'd as
> SPAMMER, they would be involved. I take that statement with a grain of
salt). In any
> event I verified our Open Relay status, and we're locked down.
>
> 1. Any websites you'd recommend to check ourselves against for further
> verification?
>
> Another possibility may be an issue with a reverse lookup? Again, this is
from a bunch
> of sources, none that I would consider authoritive, so I could be
misinterpreting.
> However, our e-mail comes from our server, and our MX record's A record
actually
> points to a sister company's IP, as they filter SPAM for us before
forwarding. There is
> a difference of Public IPs.
> Another option maybe the fact that we do not have an SPF record in our DNS
> (something I learned about yesterday)?
>
> Searching on:
> "This message has been blocked because the HELO/EHLO domain is invalid"
>
> Seemed to point to SMTP Virtual server setting. When I telnet to SMTP, my
server
> does not match the MX record, which to be compliant with RFC 2821 seems to
be
> required. The server reflects the actual server name. When I try to change
properties
> of the SMTP Virtual Server to my MX record, Mail2, I can not verify to my
internal
> DNS. I don't want to go to the issue of changing my server's name, and I
am thinking
> I can not have two entries within DNS pointing to the same IP, or is there
a way to
> accommodate?
>
> Other option, modify my MX record to be reflect my server name?
>
> I admit, I am treading some deep water here for me. Since we're successful
with
> 99.99 of other external e-mails, it is appealing to say it's the other
side (the "been
> blocked because the HELO/EHLO domain is invalid" certainly is not saying
which
> domain is invalid. When I SMTP their mail server, mail.printar.com, their
server name
> is simply printar.com, so they are not 'compliant' either.). However,
since we have a
> few loose ends on our side, I'd like to tighten us up, as I imagine the
ongoing battle
> with SPAM will simply be cause more of these errors.
>
> Any other ideas, thoughts, would be GREATLY appreciated.
>
> I can't seem to find anything regarding these search strings at MS support
either, so I
> assume I'm searching incorrectly. Thanks, Dan
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
Other related posts:
