How to test outbound SMTP HELO response for a possible Websense Email security issue?

Posted on 2012-09-05
Last Modified: 2012-09-06
A client of mine recently was recently downgraded on from Good to Neutral.  This caused a few bounce backs and is obviously something I want to resolve as soon as possible.  I contacted Senderbase support and got this response:

SenderBase uses a variety of techniques to determine what IP addresses are behaving highly suspiciously and are likely to have been compromised into sending spam or viruses. Your mail server is demonstrating suspicious behavior and we suggest that you investigate/fix the following:

* rDNS points to a fully qualified domain name (FQDN)
* rDNS points to a domain which matches the HELO FQDN
* rDNS points to a domain which matches the sender domain or a domain which matches the parent domain

To this end, one of the HELO string we are seeing "" which is not an exact match to the PTR of the IP  (   This contravenes RFC2821, section which states, "These [HELO] commands are used to identify the SMTP client to the SMTP server. The argument field contains the fully-qualified domain name of the SMTP client if one is available." I would suggest speaking with your provider about this if they are really using an improperly formatted HELO string.

With this information in hand I went to an outside machine and ran a "telnet 25".  Initial header listed the proper "", as did helo and ehlo.

*********"Telnet 25" from outside machine**********
220 ESMTP ready at Wed, 05 Sep 2012 14:29:25 -0400
250 Hello , pleased to meet you
250-SIZE 20480000

This client uses a Websense 7.3 Email security server.  I opened server config and under receive service->SMTP Properties I already had the proper "" listed.

I also checked the Send Service and may have found the issue.  Under SMTP EHLO/HELO Command->Specify the domain name: I previously had "".  I have changed that to "".  

My question is how do I test this?  Would a telnet session, run from the Websense server, parrot back the proper FQDN?  Unfortunately all my other clients are Postini clients and I attempted this with a Postini server and it did not parrot back my FQDN.  Is there a way to verify I have corrected this issue?  Does anyone have a site I can run a Telnet 25 session to which would give me the info I'm after.  My Websense server seems to do it, but not Postini.

Or do you think Senderbase support was referring to receive connections?  If so, are they using a tool that digs deeper into the SMTP communication, than my simple telnet test?  Is it something I can replicate to test?

Thanks for your help,
Question by:tw525
    LVL 16

    Accepted Solution

    Senderbase requires that the following are all the same:

    EHLO send/response domain name
    RDNS domain name
    DNS domain name


    If your SMTP transport is using ""
    then a DNS lookup on "" must return the IP address of your mail server
    the IP address sending email must match the DNS lookup above
    and a reverse DNS on the IP address must return the domain name ""

    The telnet test is not going to confirm anything other than what your server is "answering" incoming messages as. You need to test the "outgoing" transport, which is what Senderbase is interested in.

    Send an email from the server to another email address and look at the headers of the message and check that "" appears correctly there. And ideally have someone accept an email from you and get them to send you the headers and log file extract.

    If you wish you can send a message to support -at- and we will send you back the log file extract - mention EE in the subject line
    LVL 16

    Expert Comment

    We received your test email and sent a response back to you, including log file extracts showing that all of your server headers were in keeping with Industy Standards.

    As an extra coment, having a "neutral" rating is not a problem, and quite common particularly if the traffic coming out out your IP is relatively low. To have a consistently "good" rating normally means traffic of at least 50K to 60K sizeable messages per day.
    LVL 1

    Author Closing Comment

    Thank you for your assistance grahamnonweiler.  I was looking for a complex solution, to which you had a very simple and effective one.

    Featured Post

    Are your corporate email signatures appalling?

    Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

    Join & Write a Comment

    Microsoft has released various new features which are capable of handling various tasks. One of these tasks is ‘Migration from pop3 to Exchange Server’. Pop3 data stores various data along mailboxes like contacts, tasks, etc. So, it becomes the need…
    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
    This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now