This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

my host says thunderbird outgoing email is presenting itself in the HELO as spam

  • 31 replies
  • 1 has this problem
  • 2 views
  • Last reply by garry

more options

Below is what Hostmonster told me was wrong with Thunderbird sending mail through thier service: I don't know what the ehlo-helo value should be .

This is a link they sent on how to change it in TB but I don't know exactly what to change what to what:

blog.plee.me/2014/11/mozilla-thunderbird-changing-the-ehlo-helo-value-in-the-received-header-for-outgoing-mail



Hostmonster answer to TB problem sending out mail thru them----------------------------------------------

It's an issue with how thunderbird is presenting itself in the HELO

It's using a method that spammers typically use, by claiming to be a localhost user when it isn't

In the information it is giving, it is claiming to be a localhost user, or coming from 127.0.0.1, when it is not a part of our server at bluehost

The ehlo-helo value needs to be fixed.

This guide may help: blog.plee.me/2014/11/mozilla-thunderbird-changing-the-ehlo-helo-value-in-the-received-header-for-outgoing-mail

Thank you,

HostMonster Support

Here is my current TB settings. Some are for Hostclear which I am currently trying to switch to.


 Application Basics
   Name: Thunderbird
   Version: 45.3.0
   User Agent: Mozilla/5.0 (Windows NT 5.1; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
   Profile Folder: Show Folder
             (Local drive)
   Application Build ID: 20160825102941
   Enabled Plugins: about:plugins
   Build Configuration: about:buildconfig
   Memory Use: about:memory
 Mail and News Accounts
   account1:
     INCOMING: account1, , (none) Local Folders, plain, passwordCleartext
   account4:
     INCOMING: account4, , (pop3) pop.csi.com:110, plain, passwordCleartext
     OUTGOING: , smtp.csi.com:25, alwaysSTARTTLS, passwordCleartext, true
   account5:
     INCOMING: account5, , (imap) h1.hostclear.com:993, SSL, passwordCleartext
     OUTGOING: , h1.hostclear.com:465, SSL, passwordCleartext, true
   account7:
     INCOMING: account7, , (imap) h1.hostclear.com:993, SSL, passwordCleartext
     OUTGOING: , h1.hostclear.com:465, SSL, passwordCleartext, true
   account12:
     INCOMING: account12, , (imap) h1.hostclear.com:993, SSL, passwordCleartext
     OUTGOING: , mail.ntp-led-driver.com:587, alwaysSTARTTLS, passwordCleartext, true
   account13:
     INCOMING: account13, , (imap) host120.hostmonster.com:143, alwaysSTARTTLS, passwordCleartext
     OUTGOING: , host120.hostmonster.com:26, alwaysSTARTTLS, passwordCleartext, true
 Crash Reports
   http://crash-stats.mozilla.com/report/index/bp-55624f69-402e-4612-8959-856b12160320 (3/20/2016)
   http://crash-stats.mozilla.com/report/index/bp-f32cb41a-7736-4db9-807a-54d332150308 (3/8/2015)
 Extensions
   AttachExtraTools, 1.7.1, true, attachextratools@kaosmos.nnp
   Remove Duplicate Messages, 0.1.14, true, {12345678-1234-1234-1234-123456789abc}
   AttachmentExtractor, 1.3.5.1, false, {35834d20-efdb-4f78-ab77-9635fb4e56c4}
 Important Modified Preferences
   Name: Value
     browser.cache.disk.capacity: 262144
     browser.cache.disk.filesystem_reported: 1
     browser.cache.disk.smart_size_cached_value: 358400
     browser.cache.disk.smart_size.first_run: false
     browser.cache.disk.smart_size.use_old_max: false
     browser.display.use_system_colors: true
     dom.apps.reset-permissions: true
     dom.max_chrome_script_run_time: 0
     extensions.lastAppVersion: 45.3.0
     font.size.variable.x-western: 14
     gfx.crash-guard.glcontext.appVersion: 45.3.0
     gfx.crash-guard.glcontext.deviceID: 0x06e4
     gfx.crash-guard.glcontext.driverVersion: 6.14.13.1407
     gfx.crash-guard.glcontext.gfx.driver-init.direct3d11-angle: true
     gfx.crash-guard.glcontext.gfx.driver-init.webgl-angle: true
     gfx.crash-guard.glcontext.gfx.driver-init.webgl-angle-force-d3d11: false
     gfx.crash-guard.glcontext.gfx.driver-init.webgl-angle-force-warp: false
     gfx.crash-guard.glcontext.gfx.driver-init.webgl-angle-try-d3d11: true
     gfx.crash-guard.status.glcontext: 2
     mail.openMessageBehavior.version: 1
     mailnews.database.global.datastore.id: c8d81253-a412-493c-824d-689df0fc24b
     network.cookie.prefsMigrated: true
     network.predictor.cleaned-up: true
     places.database.lastMaintenance: 1474484291
     places.history.expiration.transient_current_max_pages: 87201
     plugin.importedState: true
 Graphics
     Adapter Description: NVIDIA GeForce 8400 GS
     Vendor ID: 0x10de
     Device ID: 0x06e4
     Adapter RAM: Unknown
     Adapter Drivers: nv4_disp
     Driver Version: 6.14.13.1407
     Driver Date: 2-9-2013
     WebGL Renderer: Google Inc. -- ANGLE (NVIDIA GeForce 8400 GS     Direct3D9 vs_3_0 ps_3_0) -- OpenGL ES 2.0 (ANGLE 2.1.0.316930d51ea9)
     GPU Accelerated Windows: 0
     AzureCanvasBackend: skia
     AzureSkiaAccelerated: 0
     AzureFallbackCanvasBackend: cairo
     AzureContentBackend: cairo
 JavaScript
 Incremental GC: 1
 Accessibility
   Activated: 0
   Prevent Accessibility: 0
 Library Versions
     Expected minimum version
     Version in use
     NSPR
     4.12
     4.12
     NSS
     3.21.1 Basic ECC
     3.21.1 Basic ECC
     NSS Util
     3.21.1
     3.21.1
     NSS SSL
     3.21.1 Basic ECC
     3.21.1 Basic ECC
     NSS S/MIME
     3.21.1 Basic ECC
     3.21.1 Basic ECC

Below is what Hostmonster told me was wrong with Thunderbird sending mail through thier service: I don't know what the ehlo-helo value should be . This is a link they sent on how to change it in TB but I don't know exactly what to change what to what: blog.plee.me/2014/11/mozilla-thunderbird-changing-the-ehlo-helo-value-in-the-received-header-for-outgoing-mail ---------------------------Hostmonster answer to TB problem sending out mail thru them---------------------------------------------- It's an issue with how thunderbird is presenting itself in the HELO It's using a method that spammers typically use, by claiming to be a localhost user when it isn't In the information it is giving, it is claiming to be a localhost user, or coming from 127.0.0.1, when it is not a part of our server at bluehost The ehlo-helo value needs to be fixed. This guide may help: blog.plee.me/2014/11/mozilla-thunderbird-changing-the-ehlo-helo-value-in-the-received-header-for-outgoing-mail Thank you, HostMonster Support Here is my current TB settings. Some are for Hostclear which I am currently trying to switch to. Application Basics Name: Thunderbird Version: 45.3.0 User Agent: Mozilla/5.0 (Windows NT 5.1; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 Profile Folder: Show Folder (Local drive) Application Build ID: 20160825102941 Enabled Plugins: about:plugins Build Configuration: about:buildconfig Memory Use: about:memory Mail and News Accounts account1: INCOMING: account1, , (none) Local Folders, plain, passwordCleartext account4: INCOMING: account4, , (pop3) pop.csi.com:110, plain, passwordCleartext OUTGOING: , smtp.csi.com:25, alwaysSTARTTLS, passwordCleartext, true account5: INCOMING: account5, , (imap) h1.hostclear.com:993, SSL, passwordCleartext OUTGOING: , h1.hostclear.com:465, SSL, passwordCleartext, true account7: INCOMING: account7, , (imap) h1.hostclear.com:993, SSL, passwordCleartext OUTGOING: , h1.hostclear.com:465, SSL, passwordCleartext, true account12: INCOMING: account12, , (imap) h1.hostclear.com:993, SSL, passwordCleartext OUTGOING: , mail.ntp-led-driver.com:587, alwaysSTARTTLS, passwordCleartext, true account13: INCOMING: account13, , (imap) host120.hostmonster.com:143, alwaysSTARTTLS, passwordCleartext OUTGOING: , host120.hostmonster.com:26, alwaysSTARTTLS, passwordCleartext, true Crash Reports http://crash-stats.mozilla.com/report/index/bp-55624f69-402e-4612-8959-856b12160320 (3/20/2016) http://crash-stats.mozilla.com/report/index/bp-f32cb41a-7736-4db9-807a-54d332150308 (3/8/2015) Extensions AttachExtraTools, 1.7.1, true, attachextratools@kaosmos.nnp Remove Duplicate Messages, 0.1.14, true, {12345678-1234-1234-1234-123456789abc} AttachmentExtractor, 1.3.5.1, false, {35834d20-efdb-4f78-ab77-9635fb4e56c4} Important Modified Preferences Name: Value browser.cache.disk.capacity: 262144 browser.cache.disk.filesystem_reported: 1 browser.cache.disk.smart_size_cached_value: 358400 browser.cache.disk.smart_size.first_run: false browser.cache.disk.smart_size.use_old_max: false browser.display.use_system_colors: true dom.apps.reset-permissions: true dom.max_chrome_script_run_time: 0 extensions.lastAppVersion: 45.3.0 font.size.variable.x-western: 14 gfx.crash-guard.glcontext.appVersion: 45.3.0 gfx.crash-guard.glcontext.deviceID: 0x06e4 gfx.crash-guard.glcontext.driverVersion: 6.14.13.1407 gfx.crash-guard.glcontext.gfx.driver-init.direct3d11-angle: true gfx.crash-guard.glcontext.gfx.driver-init.webgl-angle: true gfx.crash-guard.glcontext.gfx.driver-init.webgl-angle-force-d3d11: false gfx.crash-guard.glcontext.gfx.driver-init.webgl-angle-force-warp: false gfx.crash-guard.glcontext.gfx.driver-init.webgl-angle-try-d3d11: true gfx.crash-guard.status.glcontext: 2 mail.openMessageBehavior.version: 1 mailnews.database.global.datastore.id: c8d81253-a412-493c-824d-689df0fc24b network.cookie.prefsMigrated: true network.predictor.cleaned-up: true places.database.lastMaintenance: 1474484291 places.history.expiration.transient_current_max_pages: 87201 plugin.importedState: true Graphics Adapter Description: NVIDIA GeForce 8400 GS Vendor ID: 0x10de Device ID: 0x06e4 Adapter RAM: Unknown Adapter Drivers: nv4_disp Driver Version: 6.14.13.1407 Driver Date: 2-9-2013 WebGL Renderer: Google Inc. -- ANGLE (NVIDIA GeForce 8400 GS Direct3D9 vs_3_0 ps_3_0) -- OpenGL ES 2.0 (ANGLE 2.1.0.316930d51ea9) GPU Accelerated Windows: 0 AzureCanvasBackend: skia AzureSkiaAccelerated: 0 AzureFallbackCanvasBackend: cairo AzureContentBackend: cairo JavaScript Incremental GC: 1 Accessibility Activated: 0 Prevent Accessibility: 0 Library Versions Expected minimum version Version in use NSPR 4.12 4.12 NSS 3.21.1 Basic ECC 3.21.1 Basic ECC NSS Util 3.21.1 3.21.1 NSS SSL 3.21.1 Basic ECC 3.21.1 Basic ECC NSS S/MIME 3.21.1 Basic ECC 3.21.1 Basic ECC -------------------------------------------------------------------------------------------------------------------------------------------------------------------

All Replies (20)

more options

It is a crying shame they didn't suggest what you should change it to. 127.0.0.1 or 192.168.0.1 (and many variations on these and similar local addresses) would be perfectly valid IP addresses since they are real, genuine and useful. It seems to me that Hostmonster are misconfigured, and not you.

Ironically, the guy who wrote the blog they refer you to is using the very "localhost" address (127.0.0.1) that they object to.

You may find that following the steps for "per smtp server" and using something like host120.hostmonster.com will get you round this issue, but to my mind, this is wrong and misleading, since the message's origin is in fact your computer and not the server.

For each account, I think you need to match the specific smtp server in use. I wouldn't (couldn't) set it globally myself, as I use multiple different servers and I want Thunderbird to be truthful about the message origin.

Note that very few Thunderbird users have this problem, so I see it as one of Hostmonster's making. The rest of us are blissfully sending out our internal IP addresses with no trouble whatsoever.

more options

I just switched to HostClear and it exactly the same problem.

I still don't know where to change the 127.0.0.1 and what to change it to.

more options

The article they linked gave you this:

Per SMTP server

  1. Open your Thunderbird options ("Tools" => "Options") "Advanced" => "Config Editor..."
  2. Create (or edit) the entry named "mail.smtpserver.smtp<number>.hello_argument" where <number> is the ID for the SMTP server you would like to apply the setting to. Type "mail.smtpserver.smtp" to see which ones are available and which ID they have. If you need to create the entry, use right-click => "New" => "String".
  3. Change the value to the desired IP or hostname (FQDN).

How far through that have you managed to get? The author assumes a fairly high level of familiarity on the part of the reader with Thunderbird's innards. :-(

FQDN stands for fully qualified domain name and means something like the SMTP server name, such as host120.hostmonster.com

more options

I can get to the config editor and find all sorts of mail.smtpsever lines with the odd number 3 or 0 and sometimes a host sever address.

I attached a screen shot.

I have no idea where the 127.0.0.1 number is or what to change it to.

Also, I should mention that I created and set up a gmail account in Thunderbird today that worked in a couple of minutes 100%. My compuserve account has worked the whole time in TB.

One more thing - the hostmonster email accounts worked 100% until a few weeks ago after the Aug.30 Thunderbird update

more options

I should also say that getting a qualified certificate from Hostclear was not possible in Thunderbird.

I am not an IT pro or anything like that.

I had used Hostmonster for many years simply to put up a technical reference site for our products.

I thought it would be best to use and keep the same domain name for a support email address on our site but I guess that was stupid.

Then a few weeks ago hostmonster stopped working properly for sending out or replying to emails using Thunderbird.

The Hostmonster people say they are not responsible for supporting Thunderbird.

Modified by Matt

more options

I do not know why I am starting to see that such things as host120.hostmonster.com are NOT qualified.

Thunderbiord worked fine a few weeks ago with hostmonster email in and out,

I did NOT change anything until hostmonster told me to when I did not receive their renewal email.

Seems to me there is a problem with Mozilla and these style of hosts.

The last battle I saw was between Mozilla and Adobe.

Mozilla won but it took a few weeks.

Adobe is so awful now I don't even use the pdf reader.

I use the free Foxit pdf reader which is much better.

Win some lose some.

All I want to do is keep my domain name and support email on the site.

IS THIS TOO MUCH to ASK?

more options

You won't see "127.0.0.1" because Thunderbird is faithfully and accurately reporting the IP addresses of the computer and router being used. 127.0.0.1 is one of many possible IP addresses for your computer. I can't understand your host's objection to it.

Hostclear, or whoever, are asking you to make Thunderbird lie. You have to add the setting since it won't already exist. And you need to sniff around to link the server ID to the account number.

What they want to see (I suspect) is the public IP address they give you. Some systems offer this up automatically as the effective origin of your email messages. In your case, Thunderbird asks for an IP address and is given one that belongs to your computer. But your public address may be dynamic, or changeable, so setting your current IP address may give trouble when/if it subsequently changes. I still think this is a misguided request from Hostclear and gives YOU a problem of their own making.

I would, in your position, do some research to find the IP ranges "owned" by your host and try inserting their base address. Or use the server name.

https://en.wikipedia.org/wiki/Fully_qualified_domain_name

host120.hostmonster.com seems to satisfy that requirement.

Your problem reminds me of one we had with Yahoo, who decided quite unilaterally that if a given word in a standard email header was spelled with a capital letter it would be disallowed, despite the relevant RFCs making it quite clear that the use of upper-case or lower-case was immaterial.

Why not ask Hostclear what they want to see in the ehlo/helo?

more options

I thought it may be best to try a different email client on my end.

I downloaded Opera, set it up for the host servers and it worked correctly except with the same problems of not being able to send out of my host servers.

NOW today Opera works and Thunderbird does not.

Using my domain name email accounts I can send and receive in Opera but can only receive in Thunderbird.

Since I noticed the problem start in early September 2016 I assume it is a problem with the latest Thunderbird update or possibly a corrupted profile.

I uninstalled and re-installed Thunderbird but of course it still used the same profile.

I suggest there could be a corrupted profile file OR the latest update of Mozilla Thunderbird.

If there is a way to test the profile for strange binary farts please let me know.

more options

I bet it's as simple as Opera not including the originating machine's IP address. You can check that by comparing headers in messages sent by the two clients.

Every Thunderbird-generated message (and many others from other mail clients) I have looked at have included the originating local IP address and other servers aren't complaing.

Or there is something else allegedly amiss with Thunderbird's output and all this about the IP address has been a wild goose chase.

more options

I don't know how to check the output.

You could give me an email address to send a test email to and I could send one from Opera and one from TB but you won't get the one from TB.

One thing to remember is that the gmail and compuserve accounts I have in TB work fine and send/receive no problem so I assume it is a host server problem with the spamware they are using.

Boith Hostmonster(bluehost) and Hostclear(Ehost) have the same problem and most likely use the same spam filter.

more options

No copies in your "Sent" folder?

more options

There are copies in the sent folder and they also show up on the host's webmail client in the sent folder (imap) but they don't get out of the host's email servers.

Gmail and compuserve servers are slower but work ok with TB imap.

The only thing that I was told so far that could make sense is the host servers think that mail coming from TB is spam.

Why I have no idea.

more options

From what I see there are several instances of IP addresses in the headers I see sent from Opera with mu domain name/host email account.

I could send you an email from Opera if you provide an address.

I'll try reply to one of the notice emails from Mozilla support.

more options

The only other suggestion I have is that the latest Thunderbird update could have problems with XP SP3.

I am using XP SP3 OS home edition.

Most users are likely not using XP/Thunderbird/Hostclear and maybe this is why the problem is not that common or obvious.

Maybe not enough squeaky wheels to fix the problem?

more options

Could you provide an email address at host monster? And perhaps forward the original email from host monster to me at unicorn.consulting@gmail.com.

I think it is time to actually engage with these folks and ask them to explain.

Of course your computer is not a part of their network. It never will be. Thunderbird is identifying that it is a local email program.

As the RFC states

3.2.  Client Initiation
  Once the server has sent the greeting (welcoming) message and the
  client has received it, the client normally sends the EHLO command to
  the server, indicating the client's identity.  In addition to opening
  the session, use of EHLO indicates that the client is able to process
  service extensions and requests that the server provide a list of the
  extensions it supports.  Older SMTP systems that are unable to
  support service extensions, and contemporary clients that do not
  require service extensions in the mail session being initiated, MAY
  use HELO instead of EHLO.  Servers MUST NOT return the extended EHLO-
  style response to a HELO command.  For a particular connection
  attempt, if the server returns a "command not recognized" response to
  EHLO, the client SHOULD be able to fall back and send HELO.
  In the EHLO command, the host sending the command identifies itself;
  the command may be interpreted as saying "Hello, I am <domain>" (and,
  in the case of EHLO, "and I support service extension requests").


Clearly Thunderbird is identifying itself. It is also using about the only constant a computer not in a domain can use, the loopback address of the network adapter. 127.0.0.1. It could use your public IP address, the one dynamically allocated to you by your ISP, but then the same small minded folk who go us to this point will tell you you are a spammer because the IP address belongs to a Dynamic range.

That some one, probably with Zero experience in computing outside of a domain environment came up with the idea that all computers not in a domain are sending spam is not really surprising. It is a logical extension of the assumption that everyone uses web mail. It also demonstrates a blinding lack of understanding.

To quote a quite old source. https://bugzilla.mozilla.org/show_bug.cgi?id=279525#c17

That the bluehost server are not "fixing" the issue is a clear misconfiguration on their end. However I would be interested to see what opera is doing here. So please send me an example mail so I can see what they are offering.

more options

How may I send an example mail to you from opera?

more options

garry said

How may I send an example mail to you from opera?

Perhaps to the email address I gave in my last post.

more options

Did you contact Hostclear yet?

Also, the new update of Thunderbird doesn't fix the problem as far as I can see. I tested it today and it still can not send out mail from my garry@ntp-led-driver.com account.

Opera works fine for all my email accounts.

Mmy gmail imap and pop3 compuserve accounts work fine in Thunderbird.

more options

Did you receive the email I sent from Opera?

more options

I haven't received any feedback about my latest posts.

Is there a problem?

Also, if I am to contact Hostclear and tell them or ask them something what should it be?

I don't see why Opera will work and Thunderbird will not.

Both can receive but only Opera can send out.

  1. 1
  2. 2