SMTP Server 550 Access denied - Invalid HELO name

smtp

A bank we're working together is trying to send us an auto generated email to our company's email but it keeps bouncing off with the following SMPT error:

Status: 5.5.0 Diagnostic-Code: smtp;550 Access denied - Invalid HELO name (See RFC2821 4.1.1.1)

Since I'm also not a sysadmin of my company, I can't tell if the problem is from the banking side or our mail server side.

Could anyone suggest here what could be the problem? Such if if any changes need to be done on my email server. I only have access to the cPanel of my company's hosting.

Solution 1:

according to the error message the sending server doesn't use a fully qualified domain name in the smtp HELO, so for example instead of heloing with "servername.example.com" it maybe just helos with "servername" (check your server log for the actual values) This behaviour is blocked by many receiving MTAs.

The sender should fix the HELO.

Solution 2:

According to the off doc it means the following

reject_invalid_helo_hostname (with Postfix < 2.3: reject_invalid_hostname)

Reject the request when the HELO or EHLO hostname is malformed. Note: specify "smtpd_helo_required = yes" to fully enforce this restriction (without "smtpd_helo_required = yes", a client can simply skip reject_invalid_helo_hostname by not sending HELO or EHLO). The invalid_hostname_reject_code specifies the response code for rejected requests (default: 501).

If you can't contact with the sender then you can just add it to the exception

smtpd_helo_restrictions = 
 check_helo_access hash:/etc/postfix/hello_access
 reject_invalid_helo_hostname
 reject_non_fqdn_helo_hostname
 ...

/etc/postfix/hello_access
invalid_helo_name_from_bank OK

After that you need to create a map

# postmap /etc/postfix/hello_access

And restart the postfix

For exim it could be looks like

acl_smtp_helo = acl_check_helo

...
begin acl
   acl_check_helo:
      accept
         hosts = xxx.xxx.xxx.xxx
         condition = ${if eq{$sender_helo_name}{"invalid_helo_name_from_bank_smtp_server"}{yes}{no}}
    ...

As alternative you could add exception

helo_accept_junk_hosts = xxx.xxx.xxx.xxx

Where xxx.xxx.xxx.xxx ip address of the bank smtp server

Solution 3:

Ask you hosting company to go into:

"Root WHM > Service Configuration > Exim Configuration Manager > Basic Editor > ACL Options"

and turn the Require RFC-compliant HELO setting to Off

I don't know if they will do it for you because it's s server wide change in the Exim configuration and not something they can set only for your cPanel account.

Migrating Server 2003 -> Server 2008 r2. Global Catalog location. DNS problems

Unable to load configuration from uwsgi

Windows server 2012 scheduled tasks run using default profile ( when ran session less ) even if specific account is specified

Sending unauthenticated mail through MS Exchange with powershell (Windows Server 2008 R2)

Validity of a FQDN with a hostname consisting entirely of numbers

Dropped packets, on recieve only, Server 2008 only, and network speed is 100mb/s

Apache dynamic alias based on sub-domain

squid specify outgoing network interface

Nginx "ssl_stapling" ignored, no OCSP responder URL in the certificate

Why would an interdomain trust account not require a password?

x2go arrow key is not working properly

Algorithm for "nice" grid line intervals on a graph