[Solved] [Bug] [MercuryS] "554 Invalid HELO format" on valid HELOs/EHLOs

berne

posted Sep 22 '14 at 1:04 am

The bug in TRANSFLTR.MER is still here in Sept. 2014.

I try

to run webmail Roundcube as a client (SMTP, IMAP) of Mercury, on the

same machine as Mercury: so the connections of Roundcube come from

127.0.0.1. The filter described above, in TRANSFLTR.MER, blocked

Roundcube from talking with MercuryS, so I simply removed it and the

problem was gone.

- JF

The bug in TRANSFLTR.MER is still here in Sept. 2014.I try to run webmail Roundcube as a client (SMTP, IMAP) of Mercury, on the same machine as Mercury: so the connections of Roundcube come from 127.0.0.1. The filter described above, in TRANSFLTR.MER, blocked Roundcube from talking with MercuryS, so I simply removed it and the problem was gone. - JF

Rainer

posted Sep 1 '07 at 6:22 pm

Hi,

I was just looking through my log files and found a fair number of "554 Invalid HELO format" replies. To me the HELO/EHLO issued looks RFC compliant. Am I wrong or is there a bug in MercuryS (v.4.52)? My 4.51 logfiles do not show such errors (same HELOs led to successful delivery).

Thanks, Rainer

[...]
T 20070828 095240 46d3d270 EHLO 62.183.15.190.modem-pool.kuban.ru
E 20070828 095240 46d3d270 554 Invalid HELO format
[...]
T 20070828 142010 46d3d3de EHLO 62.57.101.44.dyn.user.ono.com
E 20070828 142010 46d3d3de 554 Invalid HELO format
[...]
T 20070828 150820 46d3d3f8 EHLO 62.183.45.82.modem-pool.kuban.ru
E 20070828 150820 46d3d3f8 554 Invalid HELO format
[...]
T 20070828 162829 46d3d43f HELO 123.59.48.77.static.gemnet.cz
E 20070828 162829 46d3d43f 554 Invalid HELO format
[...]
T 20070828 174704 46d3d4eb HELO 44.2.15.218.broad.mm.gd.dynamic.163data.com.cn
E 20070828 174704 46d3d4eb 554 Invalid HELO format
[...]
T 20070828 202227 46d3d5d0 EHLO 201.47.147.118.adsl.gvt.net.br
E 20070828 202227 46d3d5d0 554 Invalid HELO format
[...]

whereas others do work (not starting with numbers?)
T 20070901 164142 46d96f77 Connection from 86.149.226.185
T 20070901 164142 46d96f77 EHLO host86-149-226-185.range86-149.btcentralplus.com
T 20070901 164143 46d96f77 MAIL FROM:<liberto@oasanet.com> SIZE=1948

[edit] corrected tags[/edit]

Hi, I was just looking through my log files and found a fair number of "554 Invalid HELO format" replies. To me the HELO/EHLO issued looks RFC compliant. Am I wrong or is there a bug in MercuryS (v.4.52)? My 4.51 logfiles do not show such errors (same HELOs led to successful delivery). Thanks, Rainer &nbsp; [...] T 20070828 095240 46d3d270 EHLO 62.183.15.190.modem-pool.kuban.ru E 20070828 095240 46d3d270 554 Invalid HELO format [...] T 20070828 142010 46d3d3de EHLO 62.57.101.44.dyn.user.ono.com E 20070828 142010 46d3d3de 554 Invalid HELO format [...] T 20070828 150820 46d3d3f8 EHLO 62.183.45.82.modem-pool.kuban.ru E 20070828 150820 46d3d3f8 554 Invalid HELO format [...] T 20070828 162829 46d3d43f HELO 123.59.48.77.static.gemnet.cz E 20070828 162829 46d3d43f 554 Invalid HELO format [...] T 20070828 174704 46d3d4eb HELO 44.2.15.218.broad.mm.gd.dynamic.163data.com.cn E 20070828 174704 46d3d4eb 554 Invalid HELO format [...] T 20070828 202227 46d3d5d0 EHLO 201.47.147.118.adsl.gvt.net.br E 20070828 202227 46d3d5d0 554 Invalid HELO format [...] whereas others do work (not starting with numbers?) T 20070901 164142 46d96f77 Connection from 86.149.226.185 T 20070901 164142 46d96f77 EHLO host86-149-226-185.range86-149.btcentralplus.com T 20070901 164143 46d96f77 MAIL FROM:&lt;<A href="mailto:liberto@oasanet.com" mce_href="mailto:liberto@oasanet.com">liberto@oasanet.com</A>&gt; SIZE=1948 [edit] corrected tags[/edit]

Rainer

posted Sep 1 '07 at 7:45 pm

Hi all,

the bug is in the TRANSFLTR.MER delivered with the mercury installer. On the very bottom there are samples that are enabled (not commented out) by default. That's bad because
- some are questionable (some site may not want to reply with "get out of here you worthless scumbag" even to a spammer) - though it is kinda funny :)
- some sites may want to receive job applications
- at least the entry H, "[EHeh][EHeh]LO +[0-9]+.[0-9]+.[0-9]+.[0-9]*", R, "554 Invalid HELO format" is not RFC compliant

easy Solution: comment it out.
Solution for RFC compliance: Insert the line
H, "[EHeh][EHeh]LO +[0-9]+.[0-9]+.[0-9]+.[0-9]+.*", X, ""
directly above H, "[EHeh][EHeh]LO +[0-9]+.[0-9]+.[0-9]+.[0-9]*", R, "554 Invalid HELO format" *

HTH, Rainer

* whereas in HELO greeting IP addresses have to be surrounded by [] it is perfectly okay to have a host name starting with a (reverse) IP.

Hi all, the bug is in the TRANSFLTR.MER delivered with the mercury installer. On the very bottom there are samples that are enabled (not commented out) by default. That's bad because &nbsp;- some are questionable (some site may not want to reply with "get out of here you worthless scumbag" even to a spammer) - though it is kinda funny :) &nbsp;- some sites may want to receive job applications &nbsp;- at least the entry H, "[EHeh][EHeh]LO +[0-9]+.[0-9]+.[0-9]+.[0-9]*", R, "554 Invalid HELO format" is not RFC compliant easy Solution: comment it out. Solution for RFC compliance: Insert the line H, "[EHeh][EHeh]LO +[0-9]+.[0-9]+.[0-9]+.[0-9]+.*", X, "" directly above H, "[EHeh][EHeh]LO +[0-9]+.[0-9]+.[0-9]+.[0-9]*", R, "554 Invalid HELO format" * &nbsp;HTH, Rainer * whereas in HELO greeting IP addresses have to be surrounded by [] it is perfectly okay to have a host name starting with a (reverse) IP.

David Harris

posted Sep 2 '07 at 7:48 am

Just to confirm that Rainer is quite right on all counts.

I'll amend the rule in the next release, and will make sure that it's commented out.

I'd make an observation though: connections from sites with domain names like the one Rainer indicated are almost always from DSL pools, and are fairly unlikely to be legitimate (it's not as reliable as the test the rule is supposed to be making, but it's still a not unreasonable indication), so I don't think the problem is quite as serious as it seems on the surface.

Cheers!

-- David --

Just to confirm that Rainer is quite right on all counts. I'll amend the rule in the next release, and will make sure that it's commented out. I'd make an observation though: connections from sites with domain names like the one Rainer indicated are almost always from DSL pools, and are fairly unlikely to be legitimate (it's not as reliable as the test the rule is supposed to be making, but it's still a not unreasonable indication), so I don't think the problem is quite as serious as it seems on the surface. Cheers! -- David -- &nbsp;

Rainer

posted Sep 2 '07 at 9:47 am

Thanks for the confirmation, David!

I came to the same conclusion as you. It's (almost) only SPAM that gets delivered by those hosts and the number of mail servers on "dialup" accounts* is quite small.*
On the other hand if you run your own mail server and do direct delivery you should use your RDNS for HELO greeting because some mail servers check for that and you're rejected if you don't. And these very few mails would be rejected. It's far from a serious bug, you're right. I am sorry if it sounded alike.

G'day!

Rainer

* worse: Some cheap web hosters for instance in USA and Germany sell you your own fixed-IP-mail-and-webserver and don't give (shared IP) or charge extra money for RDNS entries. Those legit hosts RDNS is often 4.3.2.1.cheaphoster.com

Thanks for the confirmation, David! I came to the same conclusion as you. It's (almost) only SPAM that gets delivered by those hosts and the number of mail servers on&nbsp;"dialup" accounts* is quite small.* On the other hand if you run your own mail server and do direct delivery you should use your RDNS for HELO greeting because some mail servers check for that and you're rejected if you don't. And these very few mails would be rejected. It's far from a serious bug, you're right. I am sorry if it sounded&nbsp;alike. G'day! Rainer * worse: Some cheap web hosters for instance in USA and Germany sell you your own fixed-IP-mail-and-webserver and don't give (shared IP) or charge extra money for RDNS entries. Those legit hosts RDNS is often 4.3.2.1.cheaphoster.com

Rainer

posted Sep 3 '07 at 11:45 am

Hi David,

when further tweaking around I found that the line
H, "[EHeh][EHeh]LO +[0-9]+.[0-9]+.[0-9]+.[0-9]+.*", X, "" contains more than necessary (capitalization is ignored by default).
So in your next release the lines could read H, "[EH][EH]LO +[0-9]+.[0-9]+.[0-9]+.[0-9]+.*", X, "" or H, "[eh][eh]lo +[0-9]+.[0-9]+.[0-9]+.[0-9]+.*", X, ""

HTH, Rainer

Hi David, when further tweaking around I found that the line H, "[EHeh][EHeh]LO +[0-9]+.[0-9]+.[0-9]+.[0-9]+.*", X, "" contains more than necessary (capitalization is ignored by default). So in your next release the lines could read H, "[EH][EH]LO +[0-9]+.[0-9]+.[0-9]+.[0-9]+.*", X, ""&nbsp; or H, "[eh][eh]lo +[0-9]+.[0-9]+.[0-9]+.[0-9]+.*", X, "" HTH, Rainer

David Harris

posted Sep 3 '07 at 3:05 pm

Capitalization is NOT ignored in sets - sets are always explicit groups of characters.

Cheers!

-- David --

Capitalization is NOT ignored in sets - sets are always explicit groups of characters. Cheers! -- David --

Related Topics

Pending draft

Confirm move posts

Insufficient permissions

Select a different topic

Edit history