Mailing List Archive: Qmail: users

client always sends its ip address in HELO why?

Index | Next | Previous | View Threaded

qmaillist at farrowcomputing

Jan 29, 2010, 9:38 AM

Post #1 of 12 (3081 views)
Permalink

client always sends its ip address in HELO why?

Hi

can anyone help me please as this as stumped me for sometime now. When
I use my thunderbird client to send mail it always puts its local ip
address in the HELO ie 192.168.0.2 rather than the domain name ie
mail.domain.com. I have tried the control files but these dont appear
to make any difference it always uses the 192.168.0.2 address in the
HELO, which some systems reject as a spoof.

Thanks for any input

Paul

lists-qmail at maexotic

Jan 29, 2010, 10:37 AM

Post #2 of 12 (2986 views)
Permalink

Re: client always sends its ip address in HELO why? [In reply to]

On Fri, Jan 29, 2010 at 05:38:43PM +0000, Paul Farrow wrote:
> can anyone help me please as this as stumped me for sometime now. When
> I use my thunderbird client to send mail it always puts its local ip
> address in the HELO ie 192.168.0.2 rather than the domain name ie
> mail.domain.com.

You header for this mail show:
Received: from mail.farrowcomputing.com (83.217.165.190)
by cr.yp.to with SMTP; 29 Jan 2010 17:50:23 -0000
Received: (qmail 5393 invoked from network); 29 Jan 2010 17:38:49 -0000
Received: from unknown (HELO ?192.168.0.2?) (paulfarrow [at] 192)
by mail.farrowcomputing.com with SMTP; 29 Jan 2010 17:38:49 -0000

To show something other than "unknown" and the IP address you'd probably
have to setup a local DNS Server and have it resolve 192.168.0.2
to something.
I guess as Thunderbird cannot reverse resolve 192.168.0.2 to a name it
just uses the IP address.

If you are already using dnscache (djbdns) you can do the following:
echo '127.0.0.2' > /service/dnscache/root/servers/0.168.192.in-addr.arpa
echo '127.0.0.2' > /service/dnscache/root/servers/home.farrowcomputing.com
this will tell dnscache to query the DNS server on IP 127.0.0.2 for
the (reverse) zone 0.168.192.in-addr.arpa.
Next use tinydns-conf to setup a tinydns server. Use 127.0.0.2 for "myip".
cd /service/tinydns/root
./add-ns home.farrowcomputing.com 127.0.0.2
./add-host desk.home.farrowcomputing.com 192.168.0.2
I hope this works for you.

> I have tried the control files but these dont appear
> to make any difference it always uses the 192.168.0.2 address in the
> HELO,

Thunderbird does not know about any qmail control files.

> which some systems reject as a spoof.

which is b0rken behaviour.

\Maex

qmaillist at farrowcomputing

Jan 29, 2010, 3:27 PM

Post #3 of 12 (2982 views)
Permalink

Re: client always sends its ip address in HELO why? [In reply to]

Hi thanks for getting back to me Markus.

I must be honest I was under the impression that the HELO was done by
the mail server not by the client, but I guess I am wrong about that. I
guess its so a proper trail can be diagnosed. Some of my colleagues run
qmail and they dont appear to have this problem but somehow the internal
lan ip addresses must resolve to something public when looking up the
reverse dns.

I will try to set up a reverse dns for my internal boxes and hopefully
that will sort it.

thanks

Paul

Markus Stumpf wrote:
> On Fri, Jan 29, 2010 at 05:38:43PM +0000, Paul Farrow wrote:
>
>> can anyone help me please as this as stumped me for sometime now. When
>> I use my thunderbird client to send mail it always puts its local ip
>> address in the HELO ie 192.168.0.2 rather than the domain name ie
>> mail.domain.com.
>>
>
> You header for this mail show:
> Received: from mail.farrowcomputing.com (83.217.165.190)
> by cr.yp.to with SMTP; 29 Jan 2010 17:50:23 -0000
> Received: (qmail 5393 invoked from network); 29 Jan 2010 17:38:49 -0000
> Received: from unknown (HELO ?192.168.0.2?) (paulfarrow [at] 192)
> by mail.farrowcomputing.com with SMTP; 29 Jan 2010 17:38:49 -0000
>
> To show something other than "unknown" and the IP address you'd probably
> have to setup a local DNS Server and have it resolve 192.168.0.2
> to something.
> I guess as Thunderbird cannot reverse resolve 192.168.0.2 to a name it
> just uses the IP address.
>
> If you are already using dnscache (djbdns) you can do the following:
> echo '127.0.0.2' > /service/dnscache/root/servers/0.168.192.in-addr.arpa
> echo '127.0.0.2' > /service/dnscache/root/servers/home.farrowcomputing.com
> this will tell dnscache to query the DNS server on IP 127.0.0.2 for
> the (reverse) zone 0.168.192.in-addr.arpa.
> Next use tinydns-conf to setup a tinydns server. Use 127.0.0.2 for "myip".
> cd /service/tinydns/root
> ./add-ns home.farrowcomputing.com 127.0.0.2
> ./add-host desk.home.farrowcomputing.com 192.168.0.2
> I hope this works for you.
>
>
>> I have tried the control files but these dont appear
>> to make any difference it always uses the 192.168.0.2 address in the
>> HELO,
>>
>
> Thunderbird does not know about any qmail control files.
>
>
>> which some systems reject as a spoof.
>>
>
> which is b0rken behaviour.
>
> \Maex
>

qmaillist at farrowcomputing

Jan 29, 2010, 3:48 PM

Post #4 of 12 (2987 views)
Permalink

Re: client always sends its ip address in HELO why? [In reply to]

Actually just looking at my colleagues headers and the difference is
there doesnt appear to be a HELO from my qmail mail server just from my
internal client. On my colleagues headers he has a HELO from his
internal client and then a HELO from his qmail mail server. Why would
that be? Any ideas?

Paul Farrow wrote:
> Hi thanks for getting back to me Markus.
>
> I must be honest I was under the impression that the HELO was done by
> the mail server not by the client, but I guess I am wrong about that.
> I guess its so a proper trail can be diagnosed. Some of my colleagues
> run qmail and they dont appear to have this problem but somehow the
> internal lan ip addresses must resolve to something public when
> looking up the reverse dns.
>
> I will try to set up a reverse dns for my internal boxes and hopefully
> that will sort it.
>
> thanks
>
> Paul
>
>
>
> Markus Stumpf wrote:
>> On Fri, Jan 29, 2010 at 05:38:43PM +0000, Paul Farrow wrote:
>>
>>> can anyone help me please as this as stumped me for sometime now. When
>>> I use my thunderbird client to send mail it always puts its local ip
>>> address in the HELO ie 192.168.0.2 rather than the domain name ie
>>> mail.domain.com.
>>>
>>
>> You header for this mail show:
>> Received: from mail.farrowcomputing.com (83.217.165.190)
>> by cr.yp.to with SMTP; 29 Jan 2010 17:50:23 -0000
>> Received: (qmail 5393 invoked from network); 29 Jan 2010 17:38:49 -0000
>> Received: from unknown (HELO ?192.168.0.2?) (paulfarrow [at] 192)
>> by mail.farrowcomputing.com with SMTP; 29 Jan 2010 17:38:49 -0000
>>
>> To show something other than "unknown" and the IP address you'd probably
>> have to setup a local DNS Server and have it resolve 192.168.0.2
>> to something.
>> I guess as Thunderbird cannot reverse resolve 192.168.0.2 to a name it
>> just uses the IP address.
>>
>> If you are already using dnscache (djbdns) you can do the following:
>> echo '127.0.0.2' > /service/dnscache/root/servers/0.168.192.in-addr.arpa
>> echo '127.0.0.2' > /service/dnscache/root/servers/home.farrowcomputing.com
>> this will tell dnscache to query the DNS server on IP 127.0.0.2 for
>> the (reverse) zone 0.168.192.in-addr.arpa.
>> Next use tinydns-conf to setup a tinydns server. Use 127.0.0.2 for "myip".
>> cd /service/tinydns/root
>> ./add-ns home.farrowcomputing.com 127.0.0.2
>> ./add-host desk.home.farrowcomputing.com 192.168.0.2
>> I hope this works for you.
>>
>>
>>> I have tried the control files but these dont appear
>>> to make any difference it always uses the 192.168.0.2 address in the
>>> HELO,
>>>
>>
>> Thunderbird does not know about any qmail control files.
>>
>>
>>> which some systems reject as a spoof.
>>>
>>
>> which is b0rken behaviour.
>>
>> \Maex
>>

hugo.monteiro at fct

Jan 29, 2010, 4:47 PM

Post #5 of 12 (2977 views)
Permalink

Re: client always sends its ip address in HELO why? [In reply to]

On 01/29/2010 11:48 PM, Paul Farrow wrote:
> Actually just looking at my colleagues headers and the difference is
> there doesnt appear to be a HELO from my qmail mail server just from
> my internal client. On my colleagues headers he has a HELO from his
> internal client and then a HELO from his qmail mail server. Why would
> that be? Any ideas?
>
>

Every sending party, either a user mail client or an outbound smtp
server, is in fact a client for the receiving smtp server. That said,
and having in consideration the SMTP RFC 2821, section 4.1.1.1;

"(...) A client SMTP SHOULD start an SMTP session by issuing the EHLO
command. (...)"

R's,

Hugo Monteiro.

--
fct.unl.pt:~# cat .signature

Hugo Monteiro
Email : hugo.monteiro [at] fct
Telefone : +351 212948300 Ext.15307
Web : http://hmonteiro.net

Divis�o de Inform�tica
Faculdade de Ci�ncias e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.ci.fct.unl.pt apoio [at] fct

fct.unl.pt:~# _

qmaillist at farrowcomputing

Jan 29, 2010, 4:51 PM

Post #6 of 12 (2987 views)
Permalink

Re: client always sends its ip address in HELO why? [In reply to]

Hi Hugo

what I meant was that there doesnt appear to be a second HELO from my
qmail mail server when I send email from my thunderbird client

Received: from mail.farrowcomputing.com ([83.217.165.190]) by
FHSERVER1.farrowhosting.com with MailEnable ESMTP; Sat, 30 Jan 2010
00:46:52 +0000
Received: (qmail 6851 invoked from network); 30 Jan 2010 00:46:51 -0000
Received: from unknown (HELO ?192.168.0.2?) (paulfarrow [at] 192)
by mail.farrowcomputing.com with SMTP; 30 Jan 2010 00:46:51 -0000
Message-ID: <4B638173.7070201 [at] farrowcomputing>
Date: Sat, 30 Jan 2010 00:46:43 +0000
From: Paul Farrow <paul.farrow [at] farrowcomputing>
Organization: Farrow Computing Limited
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0

as you can see from the above the only HELO is from 192.168.0.2 which is
my internal desktop machine. There is no HELO from my qmail server
mail.farrowcomputing.com should there be? My colleague has one from his
qmail server in the same scenario ie sending mail from his internal client.

Cheers

Paul

Hugo Monteiro wrote:
> On 01/29/2010 11:48 PM, Paul Farrow wrote:
>> Actually just looking at my colleagues headers and the difference is
>> there doesnt appear to be a HELO from my qmail mail server just from
>> my internal client. On my colleagues headers he has a HELO from his
>> internal client and then a HELO from his qmail mail server. Why
>> would that be? Any ideas?
>>
>>
>
>
> Every sending party, either a user mail client or an outbound smtp
> server, is in fact a client for the receiving smtp server. That said,
> and having in consideration the SMTP RFC 2821, section 4.1.1.1;
>
> "(...) A client SMTP SHOULD start an SMTP session by issuing the EHLO
> command. (...)"
>
> R's,
>
> Hugo Monteiro.
>
> --
> fct.unl.pt:~# cat .signature
>
> Hugo Monteiro
> Email : hugo.monteiro [at] fct
> Telefone : +351 212948300 Ext.15307
> Web : http://hmonteiro.net
>
> Divis�o de Inform�tica
> Faculdade de Ci�ncias e Tecnologia da
> Universidade Nova de Lisboa
> Quinta da Torre 2829-516 Caparica Portugal
> Telefone: +351 212948596 Fax: +351 212948548
> www.ci.fct.unl.pt apoio [at] fct
>
> fct.unl.pt:~# _
>

lists-qmail at maexotic

Jan 29, 2010, 5:24 PM

Post #7 of 12 (2979 views)
Permalink

Re: client always sends its ip address in HELO why? [In reply to]

Hoi Paul,

On Sat, Jan 30, 2010 at 12:51:43AM +0000, Paul Farrow wrote:
> what I meant was that there doesnt appear to be a second HELO from my
> qmail mail server when I send email from my thunderbird client

qmail only records the HELO command if the hostname the IP address
points to (PTR, reverse DNS) does not match the argument to the HELO
command.
If the hostname matches the HELO information it is considered superfluous
and omitted.
From RFC 2821:
In the EHLO command the host sending the command identifies itself;
the command may be interpreted as saying "Hello, I am <domain>" (and,
in the case of EHLO, "and I support service extension requests").

\Maex

qmaillist at farrowcomputing

Jan 29, 2010, 5:42 PM

Post #8 of 12 (2982 views)
Permalink

Re: client always sends its ip address in HELO why? [In reply to]

okay sorry about this but I am still a bit confused. Have been running
this for over 16 years and its been fine. Got some mail rejected for
spoofing and looking into it have started doubting everything about my
set up.

So to clarify you wouldnt expect to get two HELO's from me then. The
only problem is that the local internal ip address 192.168.0.2 doesnt
resolve on a reverse lookup. Although saying that I am still confused
because my colleagues does show his internal ip address and then a helo
from his qmail mail server.

Paul

Markus Stumpf wrote:
> Hoi Paul,
>
> On Sat, Jan 30, 2010 at 12:51:43AM +0000, Paul Farrow wrote:
>
>> what I meant was that there doesnt appear to be a second HELO from my
>> qmail mail server when I send email from my thunderbird client
>>
>
> qmail only records the HELO command if the hostname the IP address
> points to (PTR, reverse DNS) does not match the argument to the HELO
> command.
> If the hostname matches the HELO information it is considered superfluous
> and omitted.
> From RFC 2821:
> In the EHLO command the host sending the command identifies itself;
> the command may be interpreted as saying "Hello, I am <domain>" (and,
> in the case of EHLO, "and I support service extension requests").
>
> \Maex
>

josh at honorablemenschen

Jan 29, 2010, 6:35 PM

Post #9 of 12 (2976 views)
Permalink

Re: client always sends its ip address in HELO why? [In reply to]

On Friday 29 January 2010 19:51:43 Paul Farrow wrote:
> Hi Hugo
>
> what I meant was that there doesnt appear to be a second HELO from my
> qmail mail server when I send email from my thunderbird client
>
> Received: from mail.farrowcomputing.com ([83.217.165.190]) by
> FHSERVER1.farrowhosting.com with MailEnable ESMTP; Sat, 30 Jan 2010
> 00:46:52 +0000

The above line is not generated by qmail, and as such you can't expect it to
generate a received: line using the same format. Apparently MailEnable
doesn't record the HELO information, at least if it can resolve the reverse
DNS.

> Received: (qmail 6851 invoked from network); 30 Jan 2010 00:46:51 -0000

This line is generated by the handoff from qmail-smtpd to qmail-queue, and thus
there's no HELO involved.

> Received: from unknown (HELO ?192.168.0.2?) (paulfarrow [at] 192)
> by mail.farrowcomputing.com with SMTP; 30 Jan 2010 00:46:51 -0000

This is the original HELO given to qmail-smtpd

<other headers snipped>

> as you can see from the above the only HELO is from 192.168.0.2 which is
> my internal desktop machine. There is no HELO from my qmail server
> mail.farrowcomputing.com should there be? My colleague has one from his
> qmail server in the same scenario ie sending mail from his internal client.
>
Since the HELO from your server is recorded by the next server down the line,
what the header says is entirely controlled by that server software, and thus
you cannot expect to see qmail's HELO unless it's sent to another qmail
server.

Does that explain it?
--
Joshua Megerman
SJGames MIB #5273 - OGRE AI Testing Division
You can't win; You can't break even; You can't even quit the game.
- Layman's translation of the Laws of Thermodynamics
josh [at] honorablemenschen

qmaillist at farrowcomputing

Jan 29, 2010, 6:55 PM

Post #10 of 12 (2983 views)
Permalink

Re: client always sends its ip address in HELO why? [In reply to]

ok I am just going crazy I think, apologies to everyone. I think I need
to tackle it another way by trying to work out why it comes back as a
spoof. I thought originally it was because my local address isnt
resolved via a reverse dns. And that ip address of 192.168.0.2 resolves
to a public ip so I guess other mail servers are using that to validate
against my helo - who knows.

I will go away and think about it a bit more.

Thanks everyone.

Paul

Joshua Megerman wrote:
> On Friday 29 January 2010 19:51:43 Paul Farrow wrote:
>
>> Hi Hugo
>>
>> what I meant was that there doesnt appear to be a second HELO from my
>> qmail mail server when I send email from my thunderbird client
>>
>> Received: from mail.farrowcomputing.com ([83.217.165.190]) by
>> FHSERVER1.farrowhosting.com with MailEnable ESMTP; Sat, 30 Jan 2010
>> 00:46:52 +0000
>>
>
> The above line is not generated by qmail, and as such you can't expect it to
> generate a received: line using the same format. Apparently MailEnable
> doesn't record the HELO information, at least if it can resolve the reverse
> DNS.
>
>
>> Received: (qmail 6851 invoked from network); 30 Jan 2010 00:46:51 -0000
>>
>
> This line is generated by the handoff from qmail-smtpd to qmail-queue, and thus
> there's no HELO involved.
>
>
>> Received: from unknown (HELO ?192.168.0.2?) (paulfarrow [at] 192)
>> by mail.farrowcomputing.com with SMTP; 30 Jan 2010 00:46:51 -0000
>>
>
> This is the original HELO given to qmail-smtpd
>
> <other headers snipped>
>
>
>> as you can see from the above the only HELO is from 192.168.0.2 which is
>> my internal desktop machine. There is no HELO from my qmail server
>> mail.farrowcomputing.com should there be? My colleague has one from his
>> qmail server in the same scenario ie sending mail from his internal client.
>>
>>
> Since the HELO from your server is recorded by the next server down the line,
> what the header says is entirely controlled by that server software, and thus
> you cannot expect to see qmail's HELO unless it's sent to another qmail
> server.
>
> Does that explain it?
>

qmaillist at farrowcomputing

Feb 1, 2010, 4:31 AM

Post #11 of 12 (2814 views)
Permalink

Re: client always sends its ip address in HELO why? [In reply to]

wanted to say sorry and thank you to everyone. When I actually stopped
flapping about I realised the problem was with the recipients I was
sending to not myself. Good old qmail been running here since around
98/99 on the same installation and its as good as ever - the problem is
the users !! ie ME.

thanks again

Paul

Paul Farrow wrote:
> ok I am just going crazy I think, apologies to everyone. I think I
> need to tackle it another way by trying to work out why it comes back
> as a spoof. I thought originally it was because my local address isnt
> resolved via a reverse dns. And that ip address of 192.168.0.2
> resolves to a public ip so I guess other mail servers are using that
> to validate against my helo - who knows.
>
> I will go away and think about it a bit more.
>
> Thanks everyone.
>
> Paul
>
> Joshua Megerman wrote:
>> On Friday 29 January 2010 19:51:43 Paul Farrow wrote:
>>
>>> Hi Hugo
>>>
>>> what I meant was that there doesnt appear to be a second HELO from my
>>> qmail mail server when I send email from my thunderbird client
>>>
>>> Received: from mail.farrowcomputing.com ([83.217.165.190]) by
>>> FHSERVER1.farrowhosting.com with MailEnable ESMTP; Sat, 30 Jan 2010
>>> 00:46:52 +0000
>>>
>>
>> The above line is not generated by qmail, and as such you can't expect it to
>> generate a received: line using the same format. Apparently MailEnable
>> doesn't record the HELO information, at least if it can resolve the reverse
>> DNS.
>>
>>
>>> Received: (qmail 6851 invoked from network); 30 Jan 2010 00:46:51 -0000
>>>
>>
>> This line is generated by the handoff from qmail-smtpd to qmail-queue, and thus
>> there's no HELO involved.
>>
>>
>>> Received: from unknown (HELO ?192.168.0.2?) (paulfarrow [at] 192)
>>> by mail.farrowcomputing.com with SMTP; 30 Jan 2010 00:46:51 -0000
>>>
>>
>> This is the original HELO given to qmail-smtpd
>>
>> <other headers snipped>
>>
>>
>>> as you can see from the above the only HELO is from 192.168.0.2 which is
>>> my internal desktop machine. There is no HELO from my qmail server
>>> mail.farrowcomputing.com should there be? My colleague has one from his
>>> qmail server in the same scenario ie sending mail from his internal client.
>>>
>>>
>> Since the HELO from your server is recorded by the next server down the line,
>> what the header says is entirely controlled by that server software, and thus
>> you cannot expect to see qmail's HELO unless it's sent to another qmail
>> server.
>>
>> Does that explain it?
>>

jeff at seamanpaper

Feb 1, 2010, 10:35 AM

Post #12 of 12 (2792 views)
Permalink

Re: client always sends its ip address in HELO why? [In reply to]

For what it's worth I have internal DNS (djbdns) correctly configured so
that all client hostnames and (private) addresses can always be looked up,
yet Thunderbird always says HELO with an IP address. This is on Windows, so
it may be a Windows issue.

2010/2/1 Paul Farrow <qmaillist [at] farrowcomputing>

> wanted to say sorry and thank you to everyone. When I actually stopped
> flapping about I realised the problem was with the recipients I was sending
> to not myself. Good old qmail been running here since around 98/99 on the
> same installation and its as good as ever - the problem is the users !! ie
> ME.
>
> thanks again
>
> Paul
>
>
> Paul Farrow wrote:
>
> ok I am just going crazy I think, apologies to everyone. I think I need to
> tackle it another way by trying to work out why it comes back as a spoof. I
> thought originally it was because my local address isnt resolved via a
> reverse dns. And that ip address of 192.168.0.2 resolves to a public ip so I
> guess other mail servers are using that to validate against my helo - who
> knows.
>
> I will go away and think about it a bit more.
>
> Thanks everyone.
>
> Paul
>
> Joshua Megerman wrote:
>
> On Friday 29 January 2010 19:51:43 Paul Farrow wrote:
>
>
> Hi Hugo
>
> what I meant was that there doesnt appear to be a second HELO from my
> qmail mail server when I send email from my thunderbird client
>
> Received: from mail.farrowcomputing.com ([83.217.165.190]) byFHSERVER1.farrowhosting.com with MailEnable ESMTP; Sat, 30 Jan 2010
> 00:46:52 +0000
>
>
> The above line is not generated by qmail, and as such you can't expect it to
> generate a received: line using the same format. Apparently MailEnable
> doesn't record the HELO information, at least if it can resolve the reverse
> DNS.
>
>
>
> Received: (qmail 6851 invoked from network); 30 Jan 2010 00:46:51 -0000
>
>
> This line is generated by the handoff from qmail-smtpd to qmail-queue, and thus
> there's no HELO involved.
>
>
>
> Received: from unknown (HELO ?192.168.0.2?) (paulfarrow [at] 192)
> by mail.farrowcomputing.com with SMTP; 30 Jan 2010 00:46:51 -0000
>
>
> This is the original HELO given to qmail-smtpd
>
> <other headers snipped>
>
>
>
> as you can see from the above the only HELO is from 192.168.0.2 which is
> my internal desktop machine. There is no HELO from my qmail servermail.farrowcomputing.com should there be? My colleague has one from his
> qmail server in the same scenario ie sending mail from his internal client.
>
>
>
> Since the HELO from your server is recorded by the next server down the line,
> what the header says is entirely controlled by that server software, and thus
> you cannot expect to see qmail's HELO unless it's sent to another qmail
> server.
>
> Does that explain it?
>
>
>

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads