• http://cbl.abuseat.org/lookup.cgi?ip=YOUR.IP.ADD.RESS&.submit=Lookup

Es könnte passieren, auf o.a. Blacklist zu geraten, wenn ein (fehlerhaft) konfigurierter SMTP-Server über eine genattete Adresse ins Internet Mails versendet. Es ist daher in jedem Fall zu vermeiden, dass HELO Nachrichten, die nicht den RFCs entsprechen, nach aussen gelangen.

Genauso kommt man nämlich auch bei http://www.spamhaus.org/query/bl?ip=YOUR.IP.ADD.RESS auf die Blacklist

There are two basic types of detections that land an IP in this page. RFC2821 section 4.1.1.1 says that there are only two legal types of HELO/EHLO a mail server can issue - either a fully qualified domain name (eg: “mail.example.com”) or an “IP literal” (eg: “[1.2.3.4]”).

The listings that land in this page are:

• HELO “localhost”, “localhost.localdomain”, and other generic “unconfigured” names.
• HELOs that are bare IP addresses (without enclosing square brackets).

Listings on the former are most common in UNIX-derived systems (such as Linux, xBSD, MacOS X) etc. Alternately, it may be a misconfiguration in a mail-sending custom application, using libraries such as perl’s Net::SMTP (which must be explicitly configured to use a specific HELO string).

Listings on the latter are due to a variety of things, most often improperly configured Windows mail servers or mail applications (address verifiers, challenge/response, bulk mailers etc).

In all cases, the first thing you should do is identify whether the main mail server software is helo’ing properly. If not, it needs to be fixed. If it is helo’ing properly, you need to identify what _other_ mail sending applications (that send email direct to the recipient without going through your main mail servers) exist, and check those.

One way of testing whether your mail server is misconfigured is to send an email through it to helocheck@cbl.abuseat.org. You will get a virtually immediate rejection.

In other words, you will get bounce message back that appears to indicate that your email to helocheck didn’t work. It did. It’s _supposed_ to work that way. The important piece to check is the error message you see.

Examine the error message, and you should see something like one of the following lines:

#5.1.1 SMTP; 550 Your HELO name for IP address 1.2.4.6 was "localhost.localdomain"
#5.1.1 SMTP; 550 Your HELO name for IP address 1.2.4.6 was "localhost"
#5.1.1 SMTP; 550 Your HELO name for IP address 1.2.4.6 was "smtp"
#5.1.1 SMTP; 550 Your HELO name for IP address 1.2.4.6 was "1.2.4.6"
#5.1.1 SMTP; 550 Your HELO name for IP address 1.2.4.6 was "[1.2.4.6]"
#5.1.1 SMTP; 550 Your HELO name for IP address 1.2.4.6 was "mail.example.com"

It should be the fully qualified domain name for your mail server or an IP address enclosed in square brackets.

In the above example, the first four examples are syntactically wrong by RFC2821. The last two are valid.

If it isn’t like one of the last two examples, you have found the problem that needs to be fixed.