• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved How to align the mail server's HELO/EHLO with proper DNS (forward and reverse) values>

A

athsk

New Pleskian
Server operating system version
windows server 2019 64-bit
Plesk version and microupdate number
Plesk Obsidian 18.0.51
Hello,
My Ip got blacklisted in spamhaus and after our communication they told me :

"YOUR_IP is making SMTP connections which indicate that it is misconfigured. Some elements of your existing configuration create message characteristics identical to previously identified spam messages.
Please align the mail server's HELO/EHLO with proper DNS (forward and reverse) values."

1. None of the domains are exceeding the outgoing mail limitations (limits were lowered to 20 mails per hour)
2. We scanned the server and no virus or malware problem exist. Everything looks normal.

Can somebody tell me how can we fix this?
Also, Is there any tool or extension in plesk that will give us more insight from the mail server?

thanks!
 
In case you have anything other set on Tools & Settings > Mail > Mail Server Settings > Outgoing Mail Mode then "Send from domain IP addresses", please change it to "Send from domain IP addresses".
 
Peter Debik said:
In case you have anything other set on Tools & Settings > Mail > Mail Server Settings > Outgoing Mail Mode then "Send from domain IP addresses", please change it to "Send from domain IP addresses".
Click to expand...
thanks for your reply,
I cannot find this option in Tools&Settings > Mail section> Mail server settings
Is there any other way to access it?
 

Attachments

  • screencapture-server-mail-settings.png
    screencapture-server-mail-settings.png
    214 KB · Views: 30
@athsk You're right. You're on Windows, I overlooked that. On Windows you'll need to check on the system level how IP address and sender domain match. Two things to check: A PTR (reverse domain resolution) record must exist for the server domain name at the data center, so that when someone queries which domain name is behind the IP address, the server domain name is returned. Second mail should be sent through that SMTP domain. What happens at Spamhaus is that their systems react when different domain names are used for the same sender IP address or if reverse name resolution is not possible.
 
@Peter Debik There is no mention of different settings for Windows in the docs. Even the screenshot shows the Linux version of Plesk:

docs.plesk.com

Configuring Server-Wide Mail Settings

Plesk comes with a mail server used to provide email services for mailboxes and mailing lists. After Plesk installation, the mail server is configured automatically using default settings. You may want to review them to make sure that they satisfy your needs.
docs.plesk.com docs.plesk.com

Is it worth reporting it?
 
Peter Debik said:
@athsk You're right. You're on Windows, I overlooked that. On Windows you'll need to check on the system level how IP address and sender domain match. Two things to check: A PTR (reverse domain resolution) record must exist for the server domain name at the data center, so that when someone queries which domain name is behind the IP address, the server domain name is returned. Second mail should be sent through that SMTP domain. What happens at Spamhaus is that their systems react when different domain names are used for the same sender IP address or if reverse name resolution is not possible.
Click to expand...
The PTR record exists it resolves to my hostname as it is shown in TOOLS & SETTINGS > SERVER SETTINGS >FULL HOSTNAME

After some checks I found that:

1. there were 2 domains that were transferred from another server and in DNS zone had:
a. the MX record referencing the old server old.server.com or the domain mail.domain.com
b. the TXT record also referencing the old server v=spf1 +a +mx +a:old.server.com -all
c. the TXT record _domainconnect.toner4all.com had the old server's IP [domainconnect.plesk.com/host/x.x.x.x/port/8443]
I replaced those with the new server's info.

2. the test from mxtoolbox "Test Email Server" shows that the PRT record does not match the SMTP Banner.
Also the HELO/EHLO test returned the computer name and not the Hostname

Session Transcript:
Connecting to X.X.X.X
220 computername.home ESMTP MailEnable Service, Version: 10.27-- ready
 
maartenv said:
@Peter Debik There is no mention of different settings for Windows in the docs. Even the screenshot shows the Linux version of Plesk:

docs.plesk.com

Configuring Server-Wide Mail Settings

Plesk comes with a mail server used to provide email services for mailboxes and mailing lists. After Plesk installation, the mail server is configured automatically using default settings. You may want to review them to make sure that they satisfy your needs.
docs.plesk.com docs.plesk.com

Is it worth reporting it?
Click to expand...

Also in point 6 of referenced article it says

6. In Plesk for Linux with the Postfix mail server, you can change the IP address used for sending mail. Also, if your server sends mail from domain IP addresses, you can specify which name will be used as the host name in SMTP greetings.


I have Windows and MailEnable, I don't know if this is why there is no option there.
 
@Peter Debik How can one change the value of HELO\EHLO in Plesk for Windows so that the mail server's HELO/EHLO and DNS (forward and reverse) values are aligned ?
 
Wasn't the PTR record the issue and would that not be needed to configured at the data center for your server's IP?
 
No, the PTR record was ok from before, we didn't change anything.

- Mail server HELO: win-xxxxxx.home
- Mail server IP: 1.1.1.1
- Forward DNS: hostname.domain.com -> 1.1.1.1
- Reverse DNS: 1.1.1.1 -> hostname.domain.com
(I changed the original values of the Ip, hostname, an HELO for privacy)

The HELO does not match the DNS, how can I change the HELO value? Where does Plesk reads it?
 
I believe the main settings you're trying to set would need to be done through the MailEnable Management directly. I can't fully test it in my lab since port 25 is blocked for outbound emails and don't feel like setting up relays and add more complexity with testing and what not but you'll want to make sure you got a few things set in the SMTP properties. So to do this you'll need to be able to RDP to your Windows Server.

  1. Log into your Windows server via RDP
  2. Open mmc.exe
  3. Add a snap-in and look for MailEnable Management and add it, press OK
  4. Navigate to MailEnable Management > Servers > localhost > Services and Connectors
  5. Right click on SMTP and go to Properties
It is on this screen you would want to make sure you have your local domain set to the primary domain name of your site and the default mail domain to the default mail domain of your site.

For example, if I was going to be running this for my own site, I would have it like this:

Local domain name: simon-soft.com
Default mail domain name: mail.simon-soft.com

(replace with your actual details)

You would also want to make sure that the DNS address(es) match what you have configured for your mail. You can add as many IP addresses as you need if there's going to be additional domains that uses different IPs as long as they're public IPs and is assigned to the server in some way.

Oh and you also need to set the "specify the email address when sending notifications" as it won't let you save the settings without it (just make sure that it's set to an email that has a mailbox on that server).

With that set, it should make everything happy happy.

Usually these settings isn't needed as it should just use whatever HELO of the post office's domain and IP settings but if you have a wonky setup of how it's sending the outbound email that doesn't resolve back correctly, then setting those settings should help you out a lot.
 
scsa20 said:
I believe the main settings you're trying to set would need to be done through the MailEnable Management directly. I can't fully test it in my lab since port 25 is blocked for outbound emails and don't feel like setting up relays and add more complexity with testing and what not but you'll want to make sure you got a few things set in the SMTP properties. So to do this you'll need to be able to RDP to your Windows Server.

  1. Log into your Windows server via RDP
  2. Open mmc.exe
  3. Add a snap-in and look for MailEnable Management and add it, press OK
  4. Navigate to MailEnable Management > Servers > localhost > Services and Connectors
  5. Right click on SMTP and go to Properties
It is on this screen you would want to make sure you have your local domain set to the primary domain name of your site and the default mail domain to the default mail domain of your site.

For example, if I was going to be running this for my own site, I would have it like this:

Local domain name: simon-soft.com
Default mail domain name: mail.simon-soft.com

(replace with your actual details)

You would also want to make sure that the DNS address(es) match what you have configured for your mail. You can add as many IP addresses as you need if there's going to be additional domains that uses different IPs as long as they're public IPs and is assigned to the server in some way.

Oh and you also need to set the "specify the email address when sending notifications" as it won't let you save the settings without it (just make sure that it's set to an email that has a mailbox on that server).

With that set, it should make everything happy happy.

Usually these settings isn't needed as it should just use whatever HELO of the post office's domain and IP settings but if you have a wonky setup of how it's sending the outbound email that doesn't resolve back correctly, then setting those settings should help you out a lot.
Click to expand...

@scsa20 After doing what you mentioned, HELO/EHLO value matches the PTR and DNS records.
one small detail, I opened the MailEnable Admin from C:\Program Files (x86)\Mail Enable\Admin\Mailenableadmin.msc

...and everything is aligned !!
- Mail server HELO: hostname.domain.com
- Mail server IP: 1.1.1.1
- Forward DNS: hostname.domain.com -> 1.1.1.1
- Reverse DNS: 1.1.1.1 -> hostname.domain.com


A big thanks to everyone sharing their knowledge. thoughts and time!!
 
athsk said:
one small detail, I opened the MailEnable Admin from C:\Program Files (x86)\Mail Enable\Admin\Mailenableadmin.msc
Click to expand...

Hey if it works it works! lol

And happy to hear that it's working. If you believe my answer was the best answer please mark it as such by clicking "Best answer" in the post.

And if possible, please update thread title from Question to Resolve if it your issue is fully resolved. If you do not know how, that's fine, we can update it for you as well ;)
 
You're all good, I updated it for you ;)

But ye, you could always update the tag by clicking on the 3 dots next to the the "watch" or "unwatch button" and choose edit thread and you can change it from there o7
 
scsa20 said:
local domain set to the primary domain name of your site
Click to expand...
Thanks for the pointer, found our new Plesk install had it defaulting to "home" as in servername.home and that was causing problems. The other fields had been left blank. Seems like Plesk should set this at install.

I had to add a "mail.servernamehere" domain/site to Plesk in order to save the above dialog box, because the "sending notifications" email must be local!
 
athsk said:
Hello,
My Ip got blacklisted in spamhaus and after our communication they told me :

"YOUR_IP is making SMTP connections which indicate that it is misconfigured. Some elements of your existing configuration create message characteristics identical to previously identified spam messages.
Please align the mail server's HELO/EHLO with proper DNS (forward and reverse) values."

1. None of the domains are exceeding the outgoing mail limitations (limits were lowered to 20 mails per hour)
2. We scanned the server and no virus or malware problem exist. Everything looks normal.

Can somebody tell me how can we fix this?
Also, Is there any tool or extension in plesk that will give us more insight from the mail server?

thanks!
Click to expand...
To fix Spamhaus blacklisting, align mail server's HELO/EHLO with correct DNS values. Verify reverse and forward DNS for domains. Use Plesk's tools like "Mail Queue Viewer" or "Mail Log" to gain insights into server behavior. Ensure outgoing mail limits are adhered to. Scan for malware to rule out infections.
 
You must log in or register to reply here.

Similar threads

D
Issue 421 EHLO MXIN201 Your HELO/EHLO example.com is not matching your DNS configuration s2.myserver.com
2
Replies
22
Views
7K
DaarGaJeDan
D
B
Resolved My mail server is on a spam list
Replies
2
Views
3K
brownbag
B
J
Question Proper external DNS configuration for mail service in Plesk
Replies
0
Views
743
Jacek
J
A
Resolved How to correctly configure Mail Server, MX Records, etc for multiple domains on the same IP address
Replies
2
Views
10K
UFHH01
U
A
How to add Centralized Slave DNS to Plesk Multi Server
Replies
0
Views
2K
Anton Akhtyamov
A
Back
Top