my host says thunderbird outgoing email is presenting itself in the HELO as spam
Below is what Hostmonster told me was wrong with Thunderbird sending mail through thier service: I don't know what the ehlo-helo value should be .
This is a link they sent on how to change it in TB but I don't know exactly what to change what to what:
Hostmonster answer to TB problem sending out mail thru them----------------------------------------------
It's an issue with how thunderbird is presenting itself in the HELO
It's using a method that spammers typically use, by claiming to be a localhost user when it isn't
In the information it is giving, it is claiming to be a localhost user, or coming from 127.0.0.1, when it is not a part of our server at bluehost
The ehlo-helo value needs to be fixed.
This guide may help: blog.plee.me/2014/11/mozilla-thunderbird-changing-the-ehlo-helo-value-in-the-received-header-for-outgoing-mail
Thank you,
HostMonster Support
Here is my current TB settings. Some are for Hostclear which I am currently trying to switch to.
Application Basics
Name: Thunderbird Version: 45.3.0 User Agent: Mozilla/5.0 (Windows NT 5.1; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 Profile Folder: Show Folder
(Local drive) Application Build ID: 20160825102941 Enabled Plugins: about:plugins Build Configuration: about:buildconfig Memory Use: about:memory
Mail and News Accounts account1: INCOMING: account1, , (none) Local Folders, plain, passwordCleartext
account4: INCOMING: account4, , (pop3) pop.csi.com:110, plain, passwordCleartext OUTGOING: , smtp.csi.com:25, alwaysSTARTTLS, passwordCleartext, true
account5: INCOMING: account5, , (imap) h1.hostclear.com:993, SSL, passwordCleartext OUTGOING: , h1.hostclear.com:465, SSL, passwordCleartext, true
account7: INCOMING: account7, , (imap) h1.hostclear.com:993, SSL, passwordCleartext OUTGOING: , h1.hostclear.com:465, SSL, passwordCleartext, true
account12: INCOMING: account12, , (imap) h1.hostclear.com:993, SSL, passwordCleartext OUTGOING: , mail.ntp-led-driver.com:587, alwaysSTARTTLS, passwordCleartext, true
account13: INCOMING: account13, , (imap) host120.hostmonster.com:143, alwaysSTARTTLS, passwordCleartext OUTGOING: , host120.hostmonster.com:26, alwaysSTARTTLS, passwordCleartext, true
Crash Reports http://crash-stats.mozilla.com/report/index/bp-55624f69-402e-4612-8959-856b12160320 (3/20/2016) http://crash-stats.mozilla.com/report/index/bp-f32cb41a-7736-4db9-807a-54d332150308 (3/8/2015)
Extensions AttachExtraTools, 1.7.1, true, attachextratools@kaosmos.nnp Remove Duplicate Messages, 0.1.14, true, {12345678-1234-1234-1234-123456789abc} AttachmentExtractor, 1.3.5.1, false, {35834d20-efdb-4f78-ab77-9635fb4e56c4}
Important Modified Preferences
Name: Value
browser.cache.disk.capacity: 262144 browser.cache.disk.filesystem_reported: 1 browser.cache.disk.smart_size_cached_value: 358400 browser.cache.disk.smart_size.first_run: false browser.cache.disk.smart_size.use_old_max: false browser.display.use_system_colors: true dom.apps.reset-permissions: true dom.max_chrome_script_run_time: 0 extensions.lastAppVersion: 45.3.0 font.size.variable.x-western: 14 gfx.crash-guard.glcontext.appVersion: 45.3.0 gfx.crash-guard.glcontext.deviceID: 0x06e4 gfx.crash-guard.glcontext.driverVersion: 6.14.13.1407 gfx.crash-guard.glcontext.gfx.driver-init.direct3d11-angle: true gfx.crash-guard.glcontext.gfx.driver-init.webgl-angle: true gfx.crash-guard.glcontext.gfx.driver-init.webgl-angle-force-d3d11: false gfx.crash-guard.glcontext.gfx.driver-init.webgl-angle-force-warp: false gfx.crash-guard.glcontext.gfx.driver-init.webgl-angle-try-d3d11: true gfx.crash-guard.status.glcontext: 2 mail.openMessageBehavior.version: 1 mailnews.database.global.datastore.id: c8d81253-a412-493c-824d-689df0fc24b network.cookie.prefsMigrated: true network.predictor.cleaned-up: true places.database.lastMaintenance: 1474484291 places.history.expiration.transient_current_max_pages: 87201 plugin.importedState: true
Graphics
Adapter Description: NVIDIA GeForce 8400 GS Vendor ID: 0x10de Device ID: 0x06e4 Adapter RAM: Unknown Adapter Drivers: nv4_disp Driver Version: 6.14.13.1407 Driver Date: 2-9-2013 WebGL Renderer: Google Inc. -- ANGLE (NVIDIA GeForce 8400 GS Direct3D9 vs_3_0 ps_3_0) -- OpenGL ES 2.0 (ANGLE 2.1.0.316930d51ea9) GPU Accelerated Windows: 0
AzureCanvasBackend: skia AzureSkiaAccelerated: 0 AzureFallbackCanvasBackend: cairo AzureContentBackend: cairo
JavaScript
Incremental GC: 1
Accessibility
Activated: 0 Prevent Accessibility: 0
Library Versions
Expected minimum version Version in use
NSPR 4.12 4.12
NSS 3.21.1 Basic ECC 3.21.1 Basic ECC
NSS Util 3.21.1 3.21.1
NSS SSL 3.21.1 Basic ECC 3.21.1 Basic ECC
NSS S/MIME 3.21.1 Basic ECC 3.21.1 Basic ECC
All Replies (20)
It is a crying shame they didn't suggest what you should change it to. 127.0.0.1 or 192.168.0.1 (and many variations on these and similar local addresses) would be perfectly valid IP addresses since they are real, genuine and useful. It seems to me that Hostmonster are misconfigured, and not you.
Ironically, the guy who wrote the blog they refer you to is using the very "localhost" address (127.0.0.1) that they object to.
You may find that following the steps for "per smtp server" and using something like host120.hostmonster.com will get you round this issue, but to my mind, this is wrong and misleading, since the message's origin is in fact your computer and not the server.
For each account, I think you need to match the specific smtp server in use. I wouldn't (couldn't) set it globally myself, as I use multiple different servers and I want Thunderbird to be truthful about the message origin.
Note that very few Thunderbird users have this problem, so I see it as one of Hostmonster's making. The rest of us are blissfully sending out our internal IP addresses with no trouble whatsoever.
I just switched to HostClear and it exactly the same problem.
I still don't know where to change the 127.0.0.1 and what to change it to.
The article they linked gave you this:
Per SMTP server
- Open your Thunderbird options ("Tools" => "Options") "Advanced" => "Config Editor..."
- Create (or edit) the entry named "mail.smtpserver.smtp<number>.hello_argument" where <number> is the ID for the SMTP server you would like to apply the setting to. Type "mail.smtpserver.smtp" to see which ones are available and which ID they have. If you need to create the entry, use right-click => "New" => "String".
- Change the value to the desired IP or hostname (FQDN).
How far through that have you managed to get? The author assumes a fairly high level of familiarity on the part of the reader with Thunderbird's innards. :-(
FQDN stands for fully qualified domain name and means something like the SMTP server name, such as host120.hostmonster.com
I can get to the config editor and find all sorts of mail.smtpsever lines with the odd number 3 or 0 and sometimes a host sever address.
I attached a screen shot.
I have no idea where the 127.0.0.1 number is or what to change it to.
Also, I should mention that I created and set up a gmail account in Thunderbird today that worked in a couple of minutes 100%. My compuserve account has worked the whole time in TB.
One more thing - the hostmonster email accounts worked 100% until a few weeks ago after the Aug.30 Thunderbird update
I should also say that getting a qualified certificate from Hostclear was not possible in Thunderbird.
I am not an IT pro or anything like that.
I had used Hostmonster for many years simply to put up a technical reference site for our products.
I thought it would be best to use and keep the same domain name for a support email address on our site but I guess that was stupid.
Then a few weeks ago hostmonster stopped working properly for sending out or replying to emails using Thunderbird.
The Hostmonster people say they are not responsible for supporting Thunderbird.
Modified
I do not know why I am starting to see that such things as host120.hostmonster.com are NOT qualified.
Thunderbiord worked fine a few weeks ago with hostmonster email in and out,
I did NOT change anything until hostmonster told me to when I did not receive their renewal email.
Seems to me there is a problem with Mozilla and these style of hosts.
The last battle I saw was between Mozilla and Adobe.
Mozilla won but it took a few weeks.
Adobe is so awful now I don't even use the pdf reader.
I use the free Foxit pdf reader which is much better.
Win some lose some.
All I want to do is keep my domain name and support email on the site.
IS THIS TOO MUCH to ASK?
You won't see "127.0.0.1" because Thunderbird is faithfully and accurately reporting the IP addresses of the computer and router being used. 127.0.0.1 is one of many possible IP addresses for your computer. I can't understand your host's objection to it.
Hostclear, or whoever, are asking you to make Thunderbird lie. You have to add the setting since it won't already exist. And you need to sniff around to link the server ID to the account number.
What they want to see (I suspect) is the public IP address they give you. Some systems offer this up automatically as the effective origin of your email messages. In your case, Thunderbird asks for an IP address and is given one that belongs to your computer. But your public address may be dynamic, or changeable, so setting your current IP address may give trouble when/if it subsequently changes. I still think this is a misguided request from Hostclear and gives YOU a problem of their own making.
I would, in your position, do some research to find the IP ranges "owned" by your host and try inserting their base address. Or use the server name.
https://en.wikipedia.org/wiki/Fully_qualified_domain_name
host120.hostmonster.com seems to satisfy that requirement.
Your problem reminds me of one we had with Yahoo, who decided quite unilaterally that if a given word in a standard email header was spelled with a capital letter it would be disallowed, despite the relevant RFCs making it quite clear that the use of upper-case or lower-case was immaterial.
Why not ask Hostclear what they want to see in the ehlo/helo?
I thought it may be best to try a different email client on my end.
I downloaded Opera, set it up for the host servers and it worked correctly except with the same problems of not being able to send out of my host servers.
NOW today Opera works and Thunderbird does not.
Using my domain name email accounts I can send and receive in Opera but can only receive in Thunderbird.
Since I noticed the problem start in early September 2016 I assume it is a problem with the latest Thunderbird update or possibly a corrupted profile.
I uninstalled and re-installed Thunderbird but of course it still used the same profile.
I suggest there could be a corrupted profile file OR the latest update of Mozilla Thunderbird.
If there is a way to test the profile for strange binary farts please let me know.
I bet it's as simple as Opera not including the originating machine's IP address. You can check that by comparing headers in messages sent by the two clients.
Every Thunderbird-generated message (and many others from other mail clients) I have looked at have included the originating local IP address and other servers aren't complaing.
Or there is something else allegedly amiss with Thunderbird's output and all this about the IP address has been a wild goose chase.
I don't know how to check the output.
You could give me an email address to send a test email to and I could send one from Opera and one from TB but you won't get the one from TB.
One thing to remember is that the gmail and compuserve accounts I have in TB work fine and send/receive no problem so I assume it is a host server problem with the spamware they are using.
Boith Hostmonster(bluehost) and Hostclear(Ehost) have the same problem and most likely use the same spam filter.
No copies in your "Sent" folder?
There are copies in the sent folder and they also show up on the host's webmail client in the sent folder (imap) but they don't get out of the host's email servers.
Gmail and compuserve servers are slower but work ok with TB imap.
The only thing that I was told so far that could make sense is the host servers think that mail coming from TB is spam.
Why I have no idea.
From what I see there are several instances of IP addresses in the headers I see sent from Opera with mu domain name/host email account.
I could send you an email from Opera if you provide an address.
I'll try reply to one of the notice emails from Mozilla support.
The only other suggestion I have is that the latest Thunderbird update could have problems with XP SP3.
I am using XP SP3 OS home edition.
Most users are likely not using XP/Thunderbird/Hostclear and maybe this is why the problem is not that common or obvious.
Maybe not enough squeaky wheels to fix the problem?
Could you provide an email address at host monster? And perhaps forward the original email from host monster to me at unicorn.consulting@gmail.com.
I think it is time to actually engage with these folks and ask them to explain.
Of course your computer is not a part of their network. It never will be. Thunderbird is identifying that it is a local email program.
As the RFC states
3.2. Client Initiation
Once the server has sent the greeting (welcoming) message and the client has received it, the client normally sends the EHLO command to the server, indicating the client's identity. In addition to opening the session, use of EHLO indicates that the client is able to process service extensions and requests that the server provide a list of the extensions it supports. Older SMTP systems that are unable to support service extensions, and contemporary clients that do not require service extensions in the mail session being initiated, MAY use HELO instead of EHLO. Servers MUST NOT return the extended EHLO- style response to a HELO command. For a particular connection attempt, if the server returns a "command not recognized" response to EHLO, the client SHOULD be able to fall back and send HELO.
In the EHLO command, the host sending the command identifies itself; the command may be interpreted as saying "Hello, I am <domain>" (and, in the case of EHLO, "and I support service extension requests").
Clearly Thunderbird is identifying itself. It is also using about the only constant a computer not in a domain can use, the loopback address of the network adapter. 127.0.0.1. It could use your public IP address, the one dynamically allocated to you by your ISP, but then the same small minded folk who go us to this point will tell you you are a spammer because the IP address belongs to a Dynamic range.
That some one, probably with Zero experience in computing outside of a domain environment came up with the idea that all computers not in a domain are sending spam is not really surprising. It is a logical extension of the assumption that everyone uses web mail. It also demonstrates a blinding lack of understanding.
To quote a quite old source. https://bugzilla.mozilla.org/show_bug.cgi?id=279525#c17
That the bluehost server are not "fixing" the issue is a clear misconfiguration on their end. However I would be interested to see what opera is doing here. So please send me an example mail so I can see what they are offering.
How may I send an example mail to you from opera?
garry said
How may I send an example mail to you from opera?
Perhaps to the email address I gave in my last post.
Did you contact Hostclear yet?
Also, the new update of Thunderbird doesn't fix the problem as far as I can see. I tested it today and it still can not send out mail from my garry@ntp-led-driver.com account.
Opera works fine for all my email accounts.
Mmy gmail imap and pop3 compuserve accounts work fine in Thunderbird.
Did you receive the email I sent from Opera?
I haven't received any feedback about my latest posts.
Is there a problem?
Also, if I am to contact Hostclear and tell them or ask them something what should it be?
I don't see why Opera will work and Thunderbird will not.
Both can receive but only Opera can send out.