One way of testing whether your mail server is misconfigured is to send an email through it to [email protected] You will get a virtually immediate rejection.
In other words, you will get bounce message back that appears to indicate that your email to helocheck didn't work. It did. It's _supposed_ to work that way. The important piece to check is the error message you see.
Examine the error message, and you should see something like one of the following lines:
#5.0.0 SMTP; 554 *** The HELO name for IP address 220.127.116.11 was 'localhost.localdomain' #5.0.0 SMTP; 554 *** The HELO name for IP address 18.104.22.168 was 'localhost' #5.0.0 SMTP; 554 *** The HELO name for IP address 22.214.171.124 was 'smtp' #5.0.0 SMTP; 554 *** The HELO name for IP address 126.96.36.199 was '188.8.131.52' #5.0.0 SMTP; 554 *** The HELO name for IP address 184.108.40.206 was 'My company name Inc' #5.0.0 SMTP; 554 *** The HELO name for IP address 220.127.116.11 was '[18.104.22.168]' #5.0.0 SMTP; 554 *** The HELO name for IP address 22.214.171.124 was 'mail.example.com'
Note that the numeric error code (eg: 554 above) or extended version (5.0.0 above) may not be 550/5.0.0 respectively. The exact values don't really matter. It's the "The HELO name ..." string that matters.
Note that some mail servers (particularly outlook) try to hide the detailed error string and guess what the error is. Outlook frequently guesses wrong. The important thing is to visually scan the entire bounce message until you find the critical string.
It should be the fully qualified domain name for your mail server or an IP address enclosed in square brackets.
Using "[IP address]" is strongly discouraged and should not be used except in exceptional cases - sending email on behalf of multiple domains is NOT one of those cases.
The first five examples are syntactically wrong by RFC2821. The last two are valid.
If it isn't like one of the last two examples, you have found the problem that needs to be fixed.
WARNING If the HELO you see from "helocheck" is a fully qualified domain (such as "mail.example.com"), your mail server software is configured correctly, but something else in your environment is attempting to send email, and you need to hunt it down. Check for sender verify code, challenge/response or proxy trojans (common on certain flavours of web servers). Eg: check the running tasks for anything you don't immediately recognize.
Don't assume that if the HELO is correct that the CBL detection is in error. The CBL is never, ever wrong in this basic test. The fact that the software you know about and tested gets it right doesn't prove there is no malware on your machine doing it wrong - you just haven't looked in the right place yet. That is what you have to search for it until you do find it.
Please don't contact us and say "but our mail server isn't doing it". It may not be, but SOMETHING at the listed IP IS doing it. Find it!