HELO problem

Pipo · Feb 10, 2022

I am stuck with my Sendmail on FreeBSD.
Some of my sending mails are bouncing, because the reverse DNS does not match the HELO/EHLO hostname.
With lookup I get:
HELO: myhost.name.com
rDNS: host.serverprovider.com

Please keep it a bit simple, because I am not an expert.

SirDice · Feb 10, 2022

Set hostname correctly in /etc/rc.conf. Or force the sendmail configuration to use the correct one, instead of automatically picking up the hostname.

Pipo · Feb 10, 2022

Thanks for the fast response. My hostname is setup correct. It looks like I have to make changes to the Sendmail configuration file.

zirias@ · Feb 10, 2022

If you don't have control over reverse DNS entries for the IP addresses used, you can't operate a public MTA reliably.

astyle · Feb 10, 2022

To me, it sounds like OP is using his own machine for implementing Sendmail as an MTA. I've done that myself (albeit a LONG time ago), and off the top of my head, it helps to check the AAAA records on the host that OP controls. And do make sure to read the FreeBSD Handbook Ch. 29 for really good info on setting up an email server - it's what I used back then, BTW, to set up the Sendmail MTA.

Pipo · Feb 10, 2022

Good info. Thanks. Will get back on this tomorrow.

zirias@ · Feb 10, 2022

astyle said:
it sounds like OP is using his own machine for implementing Sendmail as an MTA

It sounds like you're implying: on a (consumer) dial-up connection. Yes, this won't work well, ISPs assign dynamic IPv4-addresses / dynamic IPv6-prefixes on these and don't give you control over reverse DNS. It might be somewhat fine for incoming mail, given you use some "dynamic DNS" stuff (and the connection is up close to 24/7).

But for outgoing mail, you have (at least) two problems:

as already mentioned, unmatched rDNS is often rejected, or at least gets some spam score.
the same is true for address ranges used for dynamic addresses/prefixes -- there are "blackhole" lists with these available, used by many mail systems. the reason is that a lot of spam is sent by botnets running on infected (Windows) machines at people's homes.

VladiBG · Feb 10, 2022

Contact your ISP and ask them to change the rDNS record to match your FQDN.

astyle · Feb 10, 2022

Zirias said:
It sounds like you're implying: on a (consumer) dial-up connection. Yes, this won't work well, ISPs assign dynamic IPv4-addresses / dynamic IPv6-prefixes on these and don't give you control over reverse DNS. It might be somewhat fine for incoming mail, given you use some "dynamic DNS" stuff (and the connection is up close to 24/7).

I'm not implying a dial-up connection. In my case, the shop had a static IP address, and a business-grade connection. And the connection doesn't really matter when you're trying to set up an MTA on your own host. You're behind that connection. And it's perfectly possible to do the HELO / EHLO test on localhost.

covacat · Feb 10, 2022

sometimes the ISP will allow you to relay thru their MTA (some of them give you an email account included in the contract)
this works if you just need to send the admin messages from you home box to your real email address
it may work even if you host a domain but you have to try / ask (some ISPs will set/force the From: field to your smpt auth name to prevent just that)

astyle · Feb 10, 2022

covacat said:
sometimes the ISP will allow you to relay thru their MTA (some of them give you an email account included in the contract)
this works if you just need to send the admin messages from you home box to your real email address
it may work even if you host a domain but you have to try / ask (some ISPs will set/force the From: field to your smpt auth name to prevent just that)

I didn't set up to use specifically somebody else's MTA as a relay. The setup I created back then simply shot packets out via port 587 (or something like that). As long as you have a static IP and some bandwidth and basic name resolving, you're good to go.

zirias@ · Feb 10, 2022

astyle said:
In my case, the shop had a static IP address, and a business-grade connection.

Then I don't get what the problem with setting up a public MTA should be. On business grade, I'd expect static addresses AND a delegation for rDNS ?‍

astyle · Feb 10, 2022

Zirias said:
Then I don't get what the problem with setting up a public MTA should be. On business grade, I'd expect static addresses AND a delegation for rDNS ?‍

Why do you need a 'public MTA' ? All you need is an Internet-legal IP address, and a host behind it to shoot out emails. An ISP would operate routers that deliver the packets to their destination, and then the TCP/IP stack on the other end of things does the rest. ?

zirias@ · Feb 10, 2022

astyle I really don't get where you're heading to. OP's problem was obviously a mismatch between hostname announced in HELO and hostname according to rDNS. A dialup connection on a "consumer" line would be a possible scenario causing that ...

and btw, just so there is no misunderstanding, with "public MTA", I mean an MTA exchanging mail directly with other MTAs as discoverable by e.g. MX records in DNS (as opposed to some MTA behind some gateway/procy acting as a "smarthost").

astyle · Feb 10, 2022

Zirias said:
I mean an MTA exchanging mail directly with other MTAs as discoverable by e.g. MX records in DNS

Nobody does THAT any more, certainly not in IPv6. I think there are IETF RFCs that make that MTA-to-MTA direct relaying obsolete.

As for OP's issue, I think SirDice beat everyone to the punch. ?

zirias@ · Feb 10, 2022

astyle said:
I think there are IETF RFCs that make that MTA-to-MTA direct relaying obsolete.

I think we're talking about different things. For any mail to arrive "cross-domain" at least one MTA must talk to another one. So, what are you talking about?

astyle · Feb 11, 2022

Zirias said:
I think we're talking about different things. For any mail to arrive "cross-domain" at least one MTA must talk to another one. So, what are you talking about?

'Public MTA' generally means a relay between your MTA and the destination MTA. MX records used to be important back in the day. These days, if I send an email to a gmail.com address,, there's no need for an explicit MX record to help either my MTA or Google's. As long as you have a port, that's all you need, the recipient's MTA will figure it out. An MX record is only needed if the MTA is on a different host than the DNS server. In OP's case, that's most likely the same machine.

zirias@ · Feb 11, 2022

Sorry, astyle, but that's nonsense. MX records are still as relevant as they always were. Looking at A (or AAAA) is still only a fallback for mail delivery if there isn't any MX record. Nothing ever changed about that.

As for the term "public MTA", we're talking about different things. I'm talking about an MTA participating in the exchange of mails with other MTAs (cross-domain), as indicated by DNS records. I guess you're talking about open relays, which are (hopefully) a thing from the past.

Pipo · Feb 11, 2022

Solved!!
I added this line to Sendmail configuration: define(`confDOMAIN_NAME', `host.serverprovider.com')dnl
Now HELO and rDNS match.
Thanks for the replies.
In my search for a solution, found a very good site. It checks all the mail settings. You can send them a test mail to the offered email address. You do not get a reply, as I thought, but you have to click on the button afterwards. I seems I have more things to solve. Wondering if someone gets a 10/10.

It is here: https://www.mail-tester.com/

SirDice · Feb 11, 2022

This is a good one too: https://mxtoolbox.com/diagnostic.aspx

zirias@ · Feb 11, 2022

Pipo said:
Wondering if someone gets a 10/10.

Tested my private mailsystem here: https://www.mail-tester.com/test-lsybm50ed (and yes, this was the first attempt).

That the site complains that my test mail didn't contain HTML sounds kind of fishy though

Pipo · Feb 11, 2022

Good one.

HELO problem

Pipo

SirDice

Administrator

Pipo

zirias@

astyle

Pipo

zirias@

VladiBG

astyle

covacat

astyle

zirias@

astyle

zirias@

astyle

zirias@

astyle

zirias@

Pipo

SirDice

Administrator

zirias@

Pipo