i have fortimail 200d and fortigate 200D
when i send any mail replay me postmaster is (reason: 550 *** The HELO for IP address 41.38.52.75 was '[41.38.52.75]' (valid but not recommended syntax )
i contact with senderbase team to know why added my IP to blacklist and replay me that
To this end, we are seeing reports of HELO strings which do not match the PTR / rDNS of the IP. One of the HELO string we are seeing “[41.38.52.75]” which is not exact matches to the PTR of the IP 41.38.52.75 (mail.elashrygroup.com).
how to resolve ip to HELO ?
please help me
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
i checked your attached and i choosing host name
What firewall device are you using? Is it doing SMTP inspection?
firewall Fortigate 200D
your attached and i choosing host name
Does the hostname match the A & PTR records? When you say "hostname" do you mean system name ? Have you tried telnet from the FML to something like gmail MX server and see what's being shown in the extended HELO ?
e.g
exe telnet alt1.gmail-smtp-in.l.google.com 25
btw: "get system status" will show you the system <hostname> that's what would be display in any SMTP hellos
PCNSE
NSE
StrongSwan
when i telnet ti google it answered me that
Connection status to alt1.gmail-smtp-in.l.google.com port 23:
Connecting to remote host failed.
A record & PTR record are matching u can take my ip and check that
41.38.52.75
server mode
HELLO ( pun intended )
yes bu it MATCH your system-hostname of the device doing the HELO?
SOCKET1:~ kfelix$ host 41.38.52.75 75.52.38.41.in-addr.arpa domain name pointer mail.elashrygroup.com. SOCKET1:~ kfelix$ host -t a mail.elashrygroup.com. mail.elashrygroup.com has address 41.38.52.75 SOCKET1:~ kfelix$
DNS is one thing, but if the string in EHLO/HELO does not matched, it looks like a forged SMTP connection and any ESA or MX-gw could drop the connections.
Ken
PCNSE
NSE
StrongSwan
1st does the cli get system status | grep ostname
does it match your above DNS name { mail.elashrygroup.com } ? ( yes or no )
2nd if no, than you need to set the "system" name in your protect domain as listed earlier when you start the thread
3rd re-test
4th monitor the FML logs for errors
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.