B SASL AUTHENTICATION
A SMTP HELO/EHLO name
The SMTP helo/ehlo name is the hostname the SMTP server sends with the
SMTP EHLO or HELO command (the Ciphermail gateway uses the HELO or
EHLO command when sending email to another email server). Some email
servers check whether the helo/ehlo name is equal to the reverse IP lookup
(with a reverse IP lookup the name is retrieved that belongs to the IP address)
and if the names do not match they will ﬂag the email as spam.
If the Ciphermail gateway is used to directly send email to external recip-
ients (i.e., outgoing email is not relayed through an external relay host) the
gateway should be setup with the correct helo/ehlo. The SMTP helo name
should be equal to the reverse lookup of the external IP address.
If the external IP address is not known and the Ciphermail gateway uses
the same IP address as the web browser, the external IP address and host-
name (reverse IP) can be retrieved using on-line services likehttp://www.
The shown hostname (the reverse IP lookup) should be used for the SMTP
helo name. If the hostname of the Ciphermail gateway is set to the external
hostname, the SMTP helo name can be left empty because the SMTP helo
name will then be equal to the gateway hostname.
Checking the HELO/EHLO name whether the HELO/EHLO name is cor-
rectly setup can be checked using the helo check services fromhttp://cbl.
The email will be immediately bounced. The bounce message contains the
HELO name used by the gateway.
<firstname.lastname@example.org>: host mail-in.cbl.abuseat.org said:
550 HELO for IP 220.127.116.11 was "secure.djigzo.com"
(in reply to RCPT TO command)
Where 18.104.22.168 is the external IP address of the gateway (IP address
will be different for every server) and “secure.djigzo.com” was the HELO name
used by the gateway.
B SASL authentication
SMTP client authentication is not enabled by default. SMTP client authenti-
cation can be enabled by adding the following lines to the postﬁx main conﬁg
using the “MTA raw conﬁg” page (see4.4):30
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_client_passwd
smtp_sasl_type = cyrus
New SASL credentials for an SMTP host can be added by clicking “add
password”. This opens the “Add SASL password” page (see ﬁgure93). If “mx”
The main conﬁg that comes with Ciphermail gatewayalready contain these lines. They are
however commented out.