Outlook 2007 and SMTP EHLO/HELO errors

[m4ilm4n]

Scenario - remote users have Outlook 2007 connecting to a Linux server on the DMZ to pull e-mail via secure POP3 or IMAP. Sending mail is via a different Linux box acting as a authenticating relay, running EXIM.

Symptom - after adding anti-spam controls to EXIM, the Outlook client will no longer send mail. The EXIM log shows the connection being rejected due to an invalid HELO. Other mail clients such as Thunderbird work fine.

After wrestling with this for a couple of days, I found that EXIM was configured to follow RFC5321 section 4.1.1.1, which states that a valid EHLO/HELO contains either a fully-qualified domain name or an IP address. However, Outlook 2007 will only send the NetBIOS computer name. Nothing I could configure at the client end would change this behavior, and in fact a Microsoft MVP stated that this was how Outlook worked by design. (I will not get into a rant about non-RFC compliant software).

The workaround I put in place was to modify the EXIM rules processing order such that once the client connecting on port 25 has authenticated, EXIM should bypass other rules checking. EXIM was still doing the check for a valid EHLO/HELO after the client had authenticated.

Just posting this in case anyone else runs into it.

 

[strongm]

>an invalid HELO

If it HELO, then the server is supposed, if it is itself RFC-compliant, to be able to drop back to RFC821 (which is what Outlook's SMTP component is compliant with). In other words it is EXIM, not Outlook, which is non-compliant.

 

[m4ilm4n]

RFC 5321 obsoleted RFC 2821, which obsoleted RFC 821.

 

[strongm]

Please read the RFCs properly. I'll help by quoting the relevant part of section 4.1.1.1 of RFC5321

Older client SMTP systems MAY, as discussed above,
use HELO (as specified in RFC 821) instead of EHLO, and servers MUST
support the HELO command and reply properly to it