Exim HELO/EHLO Protections Print

HELO/EHLO is a greeting used by the sender mail server to the recipient mail server, to identify itself before initiating email sending.

 

The recently upgraded cPanel 11 comes with Exim HELO/EHLO protections, which detects and blocks remote hosts attempting to use a forged local host/domain name as their sender address or HELO/EHLO.

 

The Exim HELO/EHLO will be checked based on the following 5 conditions :

 

1) HELO/EHLO is empty or not sent : The sender mail server not specified / blank (empty).

 

 

2) HELO/EHLO is not a fully qualified domain name (FQDN) : The mail server specified were 'abc' instead of 'abc.com', which does not meet the requirement as a Fully Qualified Domain Name.

 

 

3) IP Only is sent as the HELO/EHLO : The mail server is specified in a plain IP address format instead of the accepted Fully Qualified Domain Name.

 

 

4) Someone is trying to spoof the mail server IP : An unauthorized sender is using IP Address of the receiving mail server as a mean to impersonate that it exist valid hence tricking the receiving mail server to receive the email.

 

 

5) Someone is trying to spoof a domain on the server : An unauthorized sender is using domain name of the receiving mail server as a mean to impersonate that it exist valid hence tricking the receiving mail server to receive the email.

 

 

NOTE : Users that run their own local mail servers are required to update their hosts/remote name to any other names excluding hostnames that already existed in cPanel (addon/sub domains), in order to be able to send inbound messages using a local or relay domain name without being rejected as a forged sender.