Many invalid HELO from

Question

I've been recieving many invalid helo requests from a Microsoft domain.

I already did send a question about this but they still do not respond.

maillog:

Jan 14 19:27:14 relay postfix/smtpd[57104]: connect from va3outboundsmtppool1.messaging.microsoft.com[157.55.133.163]
Jan 14 19:27:14 relay postfix/smtpd[57104]: NOQUEUE: reject: RCPT from va3outboundsmtppool1.messaging.microsoft.com[157.55.133.163]: 450 4.7.1 <VA3EHSNDR001.bigfish.com>: Helo command rejected: Host not found; from=<> to=<postmaster@relay.mydomain.com.br> proto=ESMTP helo=<VA3EHSNDR001.bigfish.com>
Jan 14 19:27:14 relay postfix/smtpd[57104]: disconnect from va3outboundsmtppool1.messaging.microsoft.com[157.55.133.163]
Jan 14 19:27:16 relay postfix/smtpd[57104]: connect from tx2outboundsmtppool2.messaging.microsoft.com[65.55.83.132]
Jan 14 19:27:17 relay postfix/smtpd[57104]: NOQUEUE: reject: RCPT from tx2outboundsmtppool2.messaging.microsoft.com[65.55.83.132]: 450 4.7.1 <TX2EHSNDR001.bigfish.com>: Helo command rejected: Host not found; from=<> to=<postmaster@relay.mydomain.com.br> proto=ESMTP helo=<TX2EHSNDR001.bigfish.com>
Jan 14 19:27:17 relay postfix/smtpd[57104]: disconnect from tx2outboundsmtppool2.messaging.microsoft.com[65.55.83.132]
Jan 14 19:27:19 relay postfix/smtpd[57104]: connect from mail14-co1on0066.outbound.messaging.microsoft.com[157.56.73.66]
Jan 14 19:27:19 relay postfix/smtpd[57104]: NOQUEUE: reject: RCPT from mail14-co1on0066.outbound.messaging.microsoft.com[157.56.73.66]: 450 4.7.1 <CO1EHSNDR001.bigfish.com>: Helo command rejected: Host not found; from=<> to=<postmaster@relay.mydomain.com.br> proto=ESMTP helo=<CO1EHSNDR001.bigfish.com>

My conf abou it is:

postconf:

smtp_helo_timeout = 10s
smtpd_helo_required = yes
smtpd_helo_restrictions =   permit_mynetworks, 
                reject_unknown_helo_hostname, 
                reject_non_fqdn_hostname, 
                reject_invalid_hostname, 
                permit
smtpd_recipient_restrictions =  reject_invalid_hostname, 
                reject_non_fqdn_sender, 
                reject_unverified_recipient, 
                reject_non_fqdn_recipient, 
                reject_unknown_sender_domain, 
                reject_non_fqdn_helo_hostname, 
                reject_invalid_helo_hostname, 
                reject_unknown_recipient_domain, 
                reject_unauth_pipelining, 
                permit_mynetworks, 
                reject_unauth_destination, 
                permit

Can some one explain if it's a problem of my structure?

---

I've been catched by backscatterer list.

Can be, these invalids HELO tries, the source of problem?

If I understood, the Microsoft server "va3outboundsmtppool1.messaging.microsoft.com" tries use my mail server as relay, because my server port 25 is open, and starts the conversation, trying send HELO. This HELO is invalidated by my configuration, then my server sends back a NDR to Microsoft mail server. Is this a backscatter?

Does these HELO rejects is creating NDRs and abckscatter attack to Microsoft mail servers?

So I think possible block the connections of this server using firewall and / or a system as fail2ban to supress it.

Am I right?

Answer 1

The remote end (i.e. Microsoft) is identifying itself in HELO (or more likely EHLO) by a hostname that apparently doesn't exist. Thus the connection is being rejected since you have reject_unknown_helo_hostname in smtpd_helo_restrictions.

What you do about it is up to you. If it were me, I'd consider telling Microsoft that they have broken mail servers, though I wish you good luck finding the right person to tell.

Answer 2

you can always firewall those IPs, problem solved.