How to Configure Exim4 HELO/EHLO Hostname to Fix SMTP Rejection Issues


13 views

When your mail server communicates with other SMTP servers, the first thing it does is send a HELO (or EHLO for extended SMTP) greeting. Many receiving servers perform strict checks on this hostname, and if it doesn't match certain criteria (like having a valid reverse DNS), your emails might get rejected.

Before making changes, let's verify what hostname Exim is currently using:


# Test your current HELO setting
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 your.server.name ESMTP Exim 4.94.2
EHLO test

The response should show the hostname Exim is presenting to other servers.

The primary configuration file for Exim4 is typically /etc/exim4/exim4.conf.template or /etc/exim4/update-exim4.conf.conf, depending on your distribution.

Option 1: Using primary_hostname

The most straightforward method is to set the primary_hostname in your configuration:


primary_hostname = mail.yourdomain.com

Option 2: Dynamic HELO based on the outgoing interface

For multi-homed servers, you might want different HELO names per interface:


helo_data = ${if exists{/etc/exim4/helo_$interface_address}\
               {${lookup{$interface_address}lsearch{/etc/exim4/helo_$interface_address}}}\
               {$primary_hostname}}

Option 3: Using a separate transport

For advanced configurations where you need different HELO names for different routes:


remote_smtp:
  driver = smtp
  helo_data = mail-specific.yourdomain.com

After making changes, always test:


# Restart Exim
service exim4 restart

# Test configuration
exim4 -bP primary_hostname
exim4 -bP helo_data

If you're still facing rejections:

  1. Ensure your HELO hostname has proper forward (A) and reverse (PTR) DNS records
  2. Check that the hostname isn't using a dynamic IP range
  3. Verify that your SPF record includes the HELO hostname if you're using SPF checks

For complex scenarios where you need different HELO names based on the recipient domain:


begin routers
  dnslookup:
    driver = dnslookup
    condition = "${if eq{$sender_helo_name}{mail.yourdomain.com}{yes}{no}}"
    domains = ! +local_domains
    transport = remote_smtp
    no_more

When your Exim4 MTA initiates an SMTP conversation, it sends a HELO/EHLO greeting containing a hostname. Many receiving mail servers perform strict HELO checking and may reject messages if:

  • The hostname doesn't match your server's reverse DNS
  • The domain doesn't exist or isn't properly configured
  • The hostname appears in DNSBLs

First verify what hostname Exim is currently sending:


# Method 1: Using exim4 binary
exim -bP helo_data

# Method 2: Test SMTP session
telnet localhost 25
EHLO example.com

There are several ways to configure the HELO hostname in Exim4:

Debian/Ubuntu Style Configuration


# /etc/exim4/update-exim4.conf.conf
dc_other_hostnames='mail.yourdomain.com'
dc_readhost='mail.yourdomain.com'
dc_smarthost=''

# Then update and restart:
update-exim4.conf
systemctl restart exim4

Manual Exim Configuration


# In exim4.conf.template
primary_hostname = mail.yourdomain.com
local_interfaces = <; 127.0.0.1 ; ::1 ; [your.public.ip]

# HELO specific setting
helo_data = mail.yourdomain.com

To ensure your configuration works:


# Check what Exim will advertise:
exim -bP primary_hostname
exim -bP helo_data

# Test remote delivery with debug:
exim -v -d recipient@example.com

If messages are still being rejected:

  • Verify your PTR record matches the HELO hostname
  • Check for DNS resolution issues (both forward and reverse)
  • Ensure the hostname isn't listed in common DNSBLs

For complex environments with multiple domains, consider:


# Conditional HELO based on sender domain
driver = manualroute
condition = ${if eq{$sender_address_domain}{domain1.com}}
transport = remote_smtp
helo_data = mx1.domain1.com