Exim HELO/EHLO Protections

HELO/EHLO is a greeting used by the sender mail server to the recipient mail server, to identify itself before initiating email sending.

The recently upgraded cPanel 11 comes with Exim HELO/EHLO protections, which detects and blocks remote hosts attempting to use a forged local host/domain name as their sender address or HELO/EHLO.


The Exim HELO/EHLO will be checked based on the following 5 conditions :


1) HELO/EHLO is empty or not sent : The sender mail server not specified / blank (empty).
 

 
2) HELO/EHLO is not a fully qualified domain name (FQDN) : The mail server specified were 'abc' instead of 'abc.com', which does not meet the requirement as a Fully Qualified Domain Name.
  

 
3) IP Only is sent as the HELO/EHLO : The mail server is specified in a plain IP address format instead of the accepted Fully Qualified Domain Name.
  

 
4) Someone is trying to spoof the mail server IP :
An unauthorized sender is using IP Address of the receiving mail server as a mean to impersonate that it exist valid hence tricking the receiving mail server to receive the email.
  

 
5) Someone is trying to spoof a domain on the server :
An unauthorized sender is using domain name of the receiving mail server as a mean to impersonate that it exist valid hence tricking the receiving mail server to receive the email.
  

 
NOTE : Users that run their own local mail servers are required to update their hosts/remote name to any other names excluding hostnames that already existed in cPanel (addon/sub domains), in order to be able to send inbound messages using a local or relay domain name without being rejected as a forged sender.

Add Feedback