Why does my server hostname appear in Exim email headers sent from a different domain?
I've had several problems with SMTP emails from my server and domain sent using Exim being blocked by certain other domains, which may have been partly due to certain server settings tripping up certain optional strict MessageLabs filters. One of those problems was, my emails using the server hostname as its HELO instead of the mail server, causing a mismatch with the appropriate MX record, which I've fixed.
However, checking my new email headers, the server hostname is still creeping in there (example headers below), after the DKIM signature and the PC name and IP address of the PC used to compose the email, alongside references to esmtpsa
.
What is the meaning and role of the hostname appearing in this position in the headers?
Is this expected behaviour for such an email sent via Exim, or a quirk which could be taken as a domain mismatch and sign that the email might not be legitimate?
Based on its proximity to the IP and name of the PC I composed the email on, and references to esmtpsa
, I suspect it's something to do with SMTP authentication, possibly tracing every box involved in sending the email to confirm none are infected botnets or similar, but that's just my speculation. I'm very keen to get everything to do with SMTP auth perfect given my recent problems with tripping the very strict corporate filters used by some of my contacts.
Here is an example email header that my current EXIM setup is generating, taken from an email composed in Outlook and sent to Gmail. Unfortunately I can't bold the relevant line, but you can ctrl-F to server.my-host-domain.com
, it's the only occurrence:
Delivered-To: [email protected]
Received: by XX.XX.XX.XX with SMTP id b67csp2867807oig;
Thu, 25 Feb 2016 01:29:56 -0800 (PST)
X-Received: by YY.YY.YY.YY with SMTP id c144mr20309773oib.108.1456392596947;
Thu, 25 Feb 2016 01:29:56 -0800 (PST)
Return-Path: <[email protected]>
Received: from mail.my-domain.com (mail.my-domain.com. [MY.DOM.AIN.IP])
by mx.google.com with ESMTPS id t83si5898326oig.81.2016.02.25.01.29.56
for <[email protected]>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 25 Feb 2016 01:29:56 -0800 (PST)
Received-SPF: pass (google.com: domain of [email protected] designates MY.DOM.AIN.IP as permitted sender) client-ip=MY.DOM.AIN.IP;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates MY.DOM.AIN.IP as permitted sender) [email protected];
dkim=pass [email protected]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=my-domain.com; s=mail;
h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From; bh=tYDwf48ibFqt0fGVMwP/XE776YX3eIVAbPEdH+zTGMs=;
b=vhicxFvzf3hvv8fYxOfb7tgzWK3Sk8f7OUCm8v2CBiUH/GX9ddDIhDPNwxnIhExHbwHdj7/TqpgTMOXPekIsqRRDNT/j5mofqWfuvj9l4+7Lqb3/pxDmj+QSx+89hJu8msOvfnix/SKtv2Kf1OFHRi63LxZjGM/1+xuCBfrLrzM=;
Received: from [MY.PC'S.IP.ADDR] (helo=PCname)
by server.my-host-domain.com with esmtpsa (UNKNOWN:AES256-GCM-SHA384:256)
(Exim 4.72)
(envelope-from <mail.my-domain.com>)
id 1aYsF8-00020u-H6
for [email protected]; Thu, 25 Feb 2016 09:29:55 +0000
From: "My Name" <[email protected]>
To: <[email protected]>
Subject: Test email
Date: Thu, 25 Feb 2016 09:29:48 -0000
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0016_01D16FAF.154AAB30"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdFvrvTde9zi+r6IQ3OmsfVq1pbzow==
Content-Language: en-gb
I particularly want to know if there any problems posed by having the server hostname appear here, mismatching the mx
, HELO
and from
domains. Ideally, I'd like the domain my-domain.com
and the domain my-host-domain.com
to be completely independent of each other because, for all I manage both on the same box, they represent different, independent operations, but if there's a benefit or no harm to having the server hostname appear at this point in the email headers I'm happy to compromise here.
While I'd certainly welcome any tips on how to fix this if indeed it is something that should be fixed, it's the significance and meaning of Exim generating this email header in this way that I'm most interested in. I'm pretty confident I could change this in my EXIM settings but I want to understand the implications of making such a change.
Centos Linux VPS, Exim 4.72 with Dovecot. XX.XX.XX.XX
and YY.YY.YY.YY
represent two IP addresses I don't recognise and couldn't find useful info about with whois
, I'm assuming they're something to do with Google's mail servers on the receiving side.
It seems you are interested in the difference between these two Received headers. The top one:
Received: from mail.my-domain.com (mail.my-domain.com. [MY.DOM.AIN.IP])
by mx.google.com with ESMTPS id ...
is simply the result of the receiving mailserver logging first the hostname your Exim mailserver uses to identify itself with when connecting. (You set that hostname with the primary_hostname=
Exim setting).
Between the ( ) is the resulting hostname and IP-address of the reverse DNS lookup mx.google.com performed based on the IP-address your SMTP connection originated from.
Since the hostname Exim uses matches wth how your reverse DNS record resolves all is well there.
A subsequent header is logged by your own Exim mailserver:
Received: from [MY.PC'S.IP.ADDR] (helo=PCname)
by server.my-host-domain.com with esmtpsa ...
and contains similar information. The helo=PCname
originates from the SMTP protocol to start a new SMTP connection by having the client identify themselves with either the helo
or ehlo
verb. There might not be a "proper" reverse DNS record for your PC running Outlook and hence only your IP-address gets logged.
The by server.my-host-domain.com
is how exim identifies which of the local_interfaces
received the SMTP connection i.e. which IP-address, but converted to a hostname.
If your server only has a single ip-address: the fact that on your own server that lookup returns a different hostname from your actual reverse DNS record is most likely caused by an entry for your external ip-address in /etc/hosts
. You can check by comparing dig -x <ip-address>
and getent hosts <ip-address>
Also see this Q&A about modifying the Received header.