E6320 - administration - Serveur SMTP

De Wik&Tic Wik&siT
La version imprimable n’est plus prise en charge et peut comporter des erreurs de génération. Veuillez mettre à jour les signets de votre navigateur et utiliser à la place la fonction d’impression par défaut de celui-ci.

ip bloquée par le serveur de la poste - 27 mars 2024


Analyse par https://check.spamhaus.org/listed/?searchterm=78.126.208.45

78.126.208.45 is making SMTP connections that leads us to believe it is misconfigured or infected.

Technical information

Recent connections:

(IP, UTC timestamp, HELO value)

78.126.208.45 2024-03-26 00:15:00 e6320

78.126.208.45 2024-03-24 17:40:00 e6320

What should be done about it?

If this is a shared server, please call your hosting company or ISP!

Please correct your HELO 'e6320' and if needed, configure your mail server with correct DNS (forward and reverse) and HELO/EHLO values. Correcting an invalid HELO or a HELO/forward DNS lookup mismatch will stop the IP from being listed again.

HELO is commonly a server setting, not DNS. It is used by an email server to identify itself when connecting to another email server, and is then followed with the sending email server's domain name. The forward DNS lookup (domain name to IP address) of your IP should match the HELO value set in your server.

HELO est généralement un paramètre de serveur, et non de DNS. Il est utilisé par un serveur de messagerie pour s'identifier lors de la connexion à un autre serveur de messagerie, puis est suivi du nom de domaine du serveur de messagerie expéditeur. La recherche DNS directe (nom de domaine vers adresse IP) de votre IP doit correspondre à la valeur HELO définie sur votre serveur.

  • Forward and rDNS should resolve in public DNS for both the IP, and the HELO value.
  • The HELO must be a fully qualified domain name name to be functional.
  • The forward DNS lookup (hostname to IP address) of your IP should match the HELO value set in your server.
  • The domain used should belong to your organisation.

You can test a server's HELO configuration by visiting https://aboutmy.email. From there, send an email from the machine in question to the provided email address, and then examine the results. This tool will give a lot of detail about the email. To check HELO/EHLO, navigate to "Delivery" -> "SMTP" and look for the EHLO line.

  • If the HELO value does NOT exist in DNS, that must be corrected
  • If the HELO value is NOT correct, that must be fixed
  • If the HELO is using a domain that does NOT exist, that must be corrected
  • If the HELO/EHLO IS what you expect it to be AND it exists in DNS, please take measures against the presence of malware.

Why are correct HELO and DNS settings important?

Misconfigurations of this kind will result in problems delivering mail to many systems, including those that do not use Spamhaus data. If an IP is listed in CSS, all technical settings should be double checked for correctness to avoid interrupted delivery of email.

For information on misconfigured SMTP servers, please see this FAQ: https://check.spamhaus.org/faqs/?id=Hacked_misconf_SMTP_server

If all the technical settings are correct, there is some other problem, possibly malware.

If you think your IP or network has been compromised, please call your provider or IT department. This FAQ might provide some additional help: https://check.spamhaus.org/faqs_menu/#help-if-youve-been-hacked

Removal from CSS

If the problem on 78.126.208.45 has been addressed, you can request removal:

Récupérée de « http://stnizier.bernigaud.eu/mediawiki-39c/index.php?title=E6320_-_administration_-_Serveur_SMTP&oldid=6626 »