Our support staff has
responded to your request, details of which are described
below:
| Discussion Notes |
| Support Staff
Response |
Dear Sir or Madam,
Thank you for contacting
online support.
216.133.162.187 (mail.mnjtech.com)
is blocked. It was detected sending spam to our users on
2006/12/11 12:29:14 (MST).
It also provided
invalid identifying information when connecting to our
servers. This usually indicates a virus infection. The
system will need to be cleaned of viruses and worms, and
properly configured and secured before we will
unblock.
Bogus helo mnjserver8.mnjtech.com.
The IP address you have submitted
(216.133.162.187) is not currently eligible for
unblocking because the mailserver has returned a 'bogus
helo'. This indicates that the server the email
originated from either has a virus or has not been setup
correctly. Please refer to the following information
regarding this
issue:
--------------------------------------------------------------------------------------------------
The
SMTP HELO command is used by the outgoing mail server to
greet the destination servers that they are connecting
to. It is usually the first command issued when mail is
being sent. It means "Hello, I am ..." Many viruses and
bulk emailers send false or nonstandard HELO messages.
We are starting to filter these messages and block
traffic from email servers that utilize non-standard
HELO settings.
Here are the types of error
messages related to helo issues that you may
experience:
1. bogus helo
This means that
the sending email server connected to our mail server
and said "HELO [their IP]". RFC 1132 says that the HELO
("hello") message should contain "a valid principal host
domain name for the client host". This means a name like
"smtp.exampledomain.com", or "mail.exampledomain.com".
An IP address is not a valid listing for the name of the
server.
In order to resolve this situation, the
sending server's administrators will need to configure
the server properly, which will cause it to identify
itself by name rather than IP address. The
administrators of this server may also want to check it
for viruses, as many viruses use the HELO command with
an IP rather than the name.
2. bogus helo (IP
address listed here)
This means that the sending
server connected to our mail server and said "HELO
(receiving email server's IP)". What this means is that
the sending server tried to say "Hello, I'm you!" This
action is generally caused by a virus.
In order
to resolve this situation, the sending server's
administrators will need to check it for
viruses.
3. bogus helo matches rcpt
This
means that the sending system connected to our mail
server and said "HELO (receiving email server's domain
name)". This is another version of "Hello, I'm you!" but
using the server's domain name rather than the server's
IP address. This is normally caused by a virus or a bulk
emailer.
If this process is not done
intentionally, it is generally created by a virus. The
server's administrators will need to check the machine
for problems.
We hope that this information is
useful in diagnosing and resolving the issue that you
are experiencing.
Sincerely,
Dee F.
Online
Support Technician |
| Customer
Inquiry |
IP: 216.133.162.187
From:
jjonelis@mnjtech.com
Phone: 8008704340
Submitted
by: 69.213.173.144 |
If you need further assistance with this
matter, please reply to this email or contact customer service
at 480-624-2500 and reference [Incident ID:
1411852].
Thanks,
Customer
Service | | |