FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 03-13-2009, 07:01 PM
Kilian
 
Default Lenny/exim4: how to set helo for outgoing SMTP

Hello,

I am desperately trying to set the HELO value exim uses for outgoing
smtp connections because my host is behind a firewall which does NAT.
I've read /usr/share/doc/exim4-config/README.Debian.gz and created
/etc/exim4/exim4.conf.localmacros witht the following content:

REMOTE_SMTP_HELO_DATA="my.host.name"

That did not work. Then I found the following:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=275975

So I tried to set helo_data manually in
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp and
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost - the
latter I did just in case. That did not work. So I basically set *every*
occurrence of helo_data and REMOTE_SMTP_HELO_DATA I found under
/etc/exim4 manually. Doesn't work.

Under etch, I just changed helo_data in /etc/exim4/exim4.conf.template
manually - not very nice, but it did what I needed. Now my mailconfig is
broken because some hosts won't accept my mails as the HELO does not
match the IP of the firewall, of course. Is there really no way to
change the outgoing HELO value in exim 4.69-9? I am using the "internet"
config of exim4.

Any hint would be greatly appreciated!

Thanks


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 03-13-2009, 09:33 PM
James Richardson
 
Default Lenny/exim4: how to set helo for outgoing SMTP

Kilian wrote:
> Hello,
>
> I am desperately trying to set the HELO value exim uses for outgoing
> smtp connections because my host is behind a firewall which does NAT.
> I've read /usr/share/doc/exim4-config/README.Debian.gz and created
> /etc/exim4/exim4.conf.localmacros witht the following content:
>
> REMOTE_SMTP_HELO_DATA="my.host.name"
>
> That did not work. Then I found the following:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=275975
>
> So I tried to set helo_data manually in
> /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp and
> /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost - the
> latter I did just in case. That did not work. So I basically set *every*
> occurrence of helo_data and REMOTE_SMTP_HELO_DATA I found under
> /etc/exim4 manually. Doesn't work.
>
> Under etch, I just changed helo_data in /etc/exim4/exim4.conf.template
> manually - not very nice, but it did what I needed. Now my mailconfig is
> broken because some hosts won't accept my mails as the HELO does not
> match the IP of the firewall, of course. Is there really no way to
> change the outgoing HELO value in exim 4.69-9? I am using the "internet"
> config of exim4.
>
> Any hint would be greatly appreciated!

The settings you want to look at are smtp_banner and helo_data. If I
remember correctly, helo_data defaults to $primary_hostname and smtp_banner
defaults to something with $primary_host_name and exim's version number.

In my configuration, I just have primary_hostname to my hostname (e.g.
primay_hostname = dune.jamesr.biz) which also sets the smtp banner displayed
when connecting to remote hosts. My relavent debconf configs are
internet site, number of dns-queries minimal to no. I am thinking the
primary_hostname gets set in the config file by doing a reverse lookup on the
ip of my server. Does a lookup of the ip of the interface you are sending mail
resolve to the name of your firewall?


--
James Richardson
Debian GNU/Linux Consultant
http://www.linkedin.com/in/jamesrichardsonconsulting
 
Old 03-14-2009, 09:25 AM
Joe
 
Default Lenny/exim4: how to set helo for outgoing SMTP

Kilian wrote:



Under etch, I just changed helo_data in /etc/exim4/exim4.conf.template
manually - not very nice, but it did what I needed. Now my mailconfig is
broken because some hosts won't accept my mails as the HELO does not
match the IP of the firewall, of course. Is there really no way to
change the outgoing HELO value in exim 4.69-9? I am using the "internet"
config of exim4.



My exim4 installation has:

- a HELO which can be resolved by public DNS i.e. has an A record
- a PTR record and an A record in public DNS which are complementary
i.e. each points to the other


These are also the conditions which my exim4 looks for in incoming SMTP
connections (in addition to a lot of country code and other filtering).


I agree with the other poster, that I'm using a single configuration
file where HELO is set by primary_hostname in the first few lines of the
main configuration section. This is exim4 4.63-17 on etch.


As it happens, the PTR-A pair for my IP address correspond to my
subdomain at my ISP, and neither bear any relationship to any of the
domains I actually use for email. I'm not aware of any email domain
which refuses my email, though the only 'difficult' one I send to
regularly is AOL.


It is alleged that there are some mail admins who require HELO and PTR
to match, but to me that seems silly. While the specification for PTR
records allows for multiple PTRs for one IP address, I think in practice
there's little software which can deal with this. So anyone sending mail
for multiple domains from one IP address will have unmatched PTR and
HELO strings most of the time.


The difficult hurdle for the spammer in control of a home computer to
jump is the PTR-A pair setup, as one must be set by the domain host and
the other by the ISP. Neither are under user control.


--
Joe


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 03-14-2009, 10:10 AM
randall
 
Default Lenny/exim4: how to set helo for outgoing SMTP

Joe wrote:

Kilian wrote:



Under etch, I just changed helo_data in /etc/exim4/exim4.conf.template
manually - not very nice, but it did what I needed. Now my mailconfig is
broken because some hosts won't accept my mails as the HELO does not
match the IP of the firewall, of course. Is there really no way to
change the outgoing HELO value in exim 4.69-9? I am using the "internet"
config of exim4.
i am not familiar with Exim, but with postfix i use in my config
"myhostname = mail.songshu.org"

there should be something similar with Exim i guess.

another option would be to ask your isp to change the PTR record on that
IP to the HELO exim uses.






My exim4 installation has:

- a HELO which can be resolved by public DNS i.e. has an A record
- a PTR record and an A record in public DNS which are complementary
i.e. each points to the other


These are also the conditions which my exim4 looks for in incoming
SMTP connections (in addition to a lot of country code and other
filtering).


I agree with the other poster, that I'm using a single configuration
file where HELO is set by primary_hostname in the first few lines of
the main configuration section. This is exim4 4.63-17 on etch.


As it happens, the PTR-A pair for my IP address correspond to my
subdomain at my ISP, and neither bear any relationship to any of the
domains I actually use for email. I'm not aware of any email domain
which refuses my email, though the only 'difficult' one I send to
regularly is AOL.


It is alleged that there are some mail admins who require HELO and PTR
to match, but to me that seems silly. While the specification for PTR
records allows for multiple PTRs for one IP address,


the specification allows but specifically does not recommend

I think in practice there's little software which can deal with this.
So anyone sending mail for multiple domains from one IP address will
have unmatched PTR and HELO strings most of the time.


HELO is for identifying the mailserver, not the domain it sends for.
there is no reason why the hostname of the mailserver should match the
domain names of the mails it sends out
if both HELO and the PTR record say mail.server.com there is no problem,
whatever the domain of the send mail might be.




The difficult hurdle for the spammer in control of a home computer to
jump is the PTR-A pair setup, as one must be set by the domain host
and the other by the ISP. Neither are under user control.





--

www.songshu.org
Just another collection of nuts


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 03-14-2009, 11:09 AM
Kilian
 
Default Lenny/exim4: how to set helo for outgoing SMTP

James Richardson wrote:

> The settings you want to look at are smtp_banner and helo_data. If I
> remember correctly, helo_data defaults to $primary_hostname and smtp_banner
> defaults to something with $primary_host_name and exim's version number.

I've gotten that far as to understand helo_data is what I want, but
where and how do I set it so it actually gets set for outoing SMTP
connections?

> In my configuration, I just have primary_hostname to my hostname (e.g.
> primay_hostname = dune.jamesr.biz) which also sets the smtp banner displayed
> when connecting to remote hosts.

So, you have primary_hostname = dune.jamesr.biz in
/etc/exim4/update-exim4.conf.conf ?

> My relavent debconf configs are
> internet site, number of dns-queries minimal to no. I am thinking the
> primary_hostname gets set in the config file by doing a reverse lookup on the
> ip of my server. Does a lookup of the ip of the interface you are sending mail
> resolve to the name of your firewall?

No, it doesn't, and it never will, as this would break other stuff
inside the DMZ.

However, the way I see it, exim *should* only get the hostname it puts
in helo_data from DNS if REMOTE_SMTP_HELO_FROM_DNS is defined because
/etc/exim4/conf.d/transport/10_exim4-config_transport-macros says the
following:

.ifdef REMOTE_SMTP_HELO_FROM_DNS
REMOTE_SMTP_HELO_DATA=${lookup dnsdb
{ptr=$sending_ip_address}{$value}{$primary_hostnam e}}
.endif

So if I understand the README.Debian of exim4-config correctly, I should
be able to simply put the following into /etc/exim4/exim4.conf.localmacros:

REMOTE_SMTP_HELO_FROM_DNS='false'
REMOTE_SMTP_HELO_DATA='my.desired.helo.hostname'

But when I do this and run update-exim4.conf, I get:

macro "REMOTE_SMTP_HELO_DATA" is already defined (use "==" if you want
to redefine it

And when I change the second line to

REMOTE_SMTP_HELO_DATA=='my.desired.helo.hostname'

i get:

can't redefine an undefined macro "REMOTE_SMTP_HELO_DATA"

Now when I leave out the second line, update-exim4.conf runs through
without any error, but the HELO hostname is still being set by DNS lookup.

Either I have simply not understood something fundamental (which is very
well possible) or this is broken...

-- Kilian


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 03-14-2009, 11:42 AM
Kilian
 
Default Lenny/exim4: how to set helo for outgoing SMTP

randall wrote:
>> Kilian wrote:
>>
>>>
>>> Under etch, I just changed helo_data in /etc/exim4/exim4.conf.template
>>> manually - not very nice, but it did what I needed. Now my mailconfig is
>>> broken because some hosts won't accept my mails as the HELO does not
>>> match the IP of the firewall, of course. Is there really no way to
>>> change the outgoing HELO value in exim 4.69-9? I am using the "internet"
>>> config of exim4.
> i am not familiar with Exim, but with postfix i use in my config
> "myhostname = mail.songshu.org"
> there should be something similar with Exim i guess.

Yep, in postfix it really is as simple as setting myhostname in main.cf
- this is the value postfix uses for identifying itself in remote SMTP
sessions, regardless of the DNS record for the host it runs on.

> another option would be to ask your isp to change the PTR record on that
> IP to the HELO exim uses.

I have a firewall with a public IP and a PTR record for that IP. There
are several hosts behind the firewall with private IP addresses. Some of
them send mails to the internet, so I cannot change the PTR of the
firewall to one of those hostnames. I need exim to identify itself in
the HELO sequence as the PTR record for the firewall; RFC 822 states:

HELLO (HELO)

This command is used to identify the sender-SMTP to the
receiver-SMTP. The argument field contains the host name of
the sender-SMTP.

Now to the receiver SMTP, my host appears as the firewall, so IMHO, it
must identify itself with the hostname set in the DNS for the firewall.

[...]
> HELO is for identifying the mailserver, not the domain it sends for.
> there is no reason why the hostname of the mailserver should match the
> domain names of the mails it sends out

I agree.

> if both HELO and the PTR record say mail.server.com there is no problem,
> whatever the domain of the send mail might be.

Exactly, and herein lies my problem...

-- Kilian


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 03-14-2009, 11:54 AM
Kilian
 
Default Lenny/exim4: how to set helo for outgoing SMTP

Kilian wrote:
[...]
> RFC 822 states:

Of course that's RFC 821, sorry for the typo.

-- K.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 03-14-2009, 12:00 PM
randall
 
Default Lenny/exim4: how to set helo for outgoing SMTP

Kilian wrote:



another option would be to ask your isp to change the PTR record on that
IP to the HELO exim uses.



I have a firewall with a public IP and a PTR record for that IP. There
are several hosts behind the firewall with private IP addresses.


i have the same, but i have setup one of them to relay the mails for all
of them, not sure about your setup but this would simplify your problem
a lot.

Some of
them send mails to the internet, so I cannot change the PTR of the
firewall to one of those hostnames. I need exim to identify itself in
the HELO sequence as the PTR record for the firewall; RFC 822 states:

HELLO (HELO)

This command is used to identify the sender-SMTP to the
receiver-SMTP. The argument field contains the host name of
the sender-SMTP.

Now to the receiver SMTP, my host appears as the firewall, so IMHO, it
must identify itself with the hostname set in the DNS for the firewall.



correct, but note that that it has to identify with the hostname of your
"reverse" DNS, it took me a while before i understood this concept myself.



[...]


HELO is for identifying the mailserver, not the domain it sends for.
there is no reason why the hostname of the mailserver should match the
domain names of the mails it sends out



I agree.



if both HELO and the PTR record say mail.server.com there is no problem,
whatever the domain of the send mail might be.



Exactly, and herein lies my problem...




maybe i mist something, but what does is it precisely use as its
hostname at this very moment?



--

www.songshu.org
Just another collection of nuts


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 03-14-2009, 12:08 PM
Kilian
 
Default Lenny/exim4: how to set helo for outgoing SMTP

Joe wrote:
[...]
> As it happens, the PTR-A pair for my IP address correspond to my
> subdomain at my ISP, and neither bear any relationship to any of the
> domains I actually use for email. I'm not aware of any email domain
> which refuses my email, though the only 'difficult' one I send to
> regularly is AOL.

As the other poster already wrote, of course neither the A-record nor
the PTR-record nor the HELO value must be in any way related to the MAIL
FROM: value, but this is not the problem.

> It is alleged that there are some mail admins who require HELO and PTR
> to match, but to me that seems silly.

Well I am one of those admins; to me, this is simply a measure of SPAM
control. If you want to send email on the internet, you need:

1. a server with a public IP address
2. an A record which resolves to that IP address
3. a PTR record for the IP which resolves to the hostname of the server

Furthermore, RFC 821 states that the argument field of the HELO command
contains the host name of the sender-SMTP. So, in a proper setup, A-RR,
PTR-RR and HELO value are identical.

> While the specification for PTR
> records allows for multiple PTRs for one IP address, I think in practice
> there's little software which can deal with this. So anyone sending mail
> for multiple domains from one IP address will have unmatched PTR and
> HELO strings most of the time.

IMHO: no, HELO always contains the hostname of the sender-SMTP,
regardless of the MAIL FROM: address.

> The difficult hurdle for the spammer in control of a home computer to
> jump is the PTR-A pair setup, as one must be set by the domain host and
> the other by the ISP. Neither are under user control.

... which is exactly why you should check that all three values match,
shouldn't you?

-- Kilian


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 03-14-2009, 12:26 PM
Kilian
 
Default Lenny/exim4: how to set helo for outgoing SMTP

randall wrote:
> Kilian wrote:
>>
>> I have a firewall with a public IP and a PTR record for that IP. There
>> are several hosts behind the firewall with private IP addresses.
>
> i have the same, but i have setup one of them to relay the mails for all
> of them, not sure about your setup but this would simplify your problem
> a lot.

Hehe, this is exactly what I had before, but one server sends out a lot
of periodic mailings (legitimate! beware ;-) and it simply overloaded
the smarthost, which is the main mailserver. So the mailing had an
impact on the users on the main mailserver, which was not acceptable, so
I decided the server on which the mailing script runs should send out
the mails directly.

[...]
>> Now to the receiver SMTP, my host appears as the firewall, so IMHO, it
>> must identify itself with the hostname set in the DNS for the firewall.
>
> correct, but note that that it has to identify with the hostname of your
> "reverse" DNS, it took me a while before i understood this concept myself.

Yes, that I am aware of and that is what I am trying to accomplish.

>>> if both HELO and the PTR record say mail.server.com there is no problem,
>>> whatever the domain of the send mail might be.
>>>
>> Exactly, and herein lies my problem...
>
> maybe i mist something, but what does is it precisely use as its
> hostname at this very moment?

In the HELO sequence, it's using the hostname from the DNS inside the
DMZ which is of course not identical to the PTR-RR of the firewall on
the internet...

-- Kilian


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 01:21 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org