Hi
when i checked out the cause of blacklisting it shows sue to heloing as localhost.localdomain ,Can anyone help wat its means
At the time of removal, this was the explanation for this listing:
Quote:
This IP address is HELO'ing as "localhost.localdomain" which violates the relevant standards (specifically: RFC5321).
|
The CBL does not list for RFC violations per-se. This _particular_ behaviour, however, correlates strongly to spambot infections. In other words, out of thousands upon thousands of IP addresses HELO'ing this way, all but a handful are infected and spewing junk. Even if it isn't an infection, it's a misconfiguration that should be fixed, because many spam filtering mechanisms operate with the same rules, and it's best to fix it regardless of whether the CBL notices it or not.
DO NOT TELNET TO YOUR SERVER TO SEE WHAT IT SAYS. Telnet will show you the banner, not the HELO.
EVEN IF YOU TEST YOUR MAIL SERVER SOFTWARE AND IT HELOS PROPERLY, THAT DOES NOT MEAN THAT THIS LISTING IS IN ERROR - YOUR IP REALLY DID HELO AS "localhost.localdomain". Our system doesn't make mistakes about this. This just means that something OTHER than your mail server software is making the connections. In fact,
Quote:
finding that your mail server is NOT HELO'ing as "localhost.localdomain" essentially proves this is an infection, not a misconfiguration.
|
There is often confusion between the SMTP "banner" and the SMTP "HELO" (or EHLO) command. These are completely different things, and proper understanding is important.
First some terminology (somewhat simplified to aid understanding):
A "SMTP client" is a piece of software that makes SMTP connections to SMTP servers to send a piece of email to the server. Most E-mail servers consist of an "SMTP listener" (to listen for and handle connections made to them by SMTP clients), an SMTP client (to send emails to other mail servers) and a local delivery agent (LDA) to deliver email to "local" users (eg: via POP or IMAP).
Thus, SMTP clients make connections to SMTP listeners, and issue SMTP commands to the listener.
The "HELO" (or "EHLO") command (see RFC2821) is a command issued by the SMTP client to an SMTP server to identify the name of the client. "HELO mail.example.com" means, essentially, "Hi there, my name is mail.example.com".
The "SMTP banner" is what the listener says in response the initial connection or in response to the HELO command.
The CBL works in many cases by seeing what SMTP clients say (in the HELO/EHLO command) when the client connects to a CBL detector. Since the CBL NEVER does SMTP probes, it has no way of knowing how a given IP banners.
You can test SMTP banners with telnet and other similar diagnostic tools, but you CANNOT test SMTP HELO/EHLO with telnet.
For that, you can send an email to
helocheck@cbl.abuseat.org. That will reject the email (as an error), and the error will show you what the HELO/EHLO was.
If this IP is a mail server: please read namingproblems to find out why your IP was listed, and ways to fix it so it doesn't relist.
This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.