After migrating to a new cPanel server i found several users getting the message “550 Access Denied – Invalid HELO name” when trying to send email. After a bit of digging we were able to find 2 fixes
So what does this error mean?
- 550 is the error code (with a handy message “Access Denied”) this means there is a permission or authentication issue.
- Invalid HELO name shows that the mailserver is not accepting the SMTP or mail handshake
Further investigations lead me to find this statement by cPanel
By default, WHM uses POP before SMTP authentication. This means that when a user on a POP mail server authenticates a session, he will be allowed to send messages for 30 minutes without re-authenticating through SMTP.
However it looked like in our case SMTP authenticate was being forced already.
Enough of the tech talk here’s the fixes.
You can choose either option. Fix 1 is more secure, though may impact users as they have to configure their mail client.
Fix 1 – Enable SMTP Authentication (mail client)
This fix can be completed on the user end. In the email account properties in the mail client / program, enable the outgoing authentication option (provide the email username / password)
This will authenticate with the SMTP server during the send process.
Fix 2 – Disable Forced SMTP Authentication (server end)
This one is a quick fix, that modifies WHM. It disables the forced SMTP Authentication.
Note: It still keeps the pop before SMTP authentication option active – which is important to stop open relay spammers on the server
Disable forced SMTP
Issue the following command in shell logged in or SU’d to root to Disable forced SMTP auth
/usr/local/cpanel/bin/tailwatchd --enable=Cpanel::TailWatch::Antirelayd
Enable forced SMTP
Issue the following command in shell logged in or SU’d to root to enable forced SMTP auth
/usr/local/cpanel/bin/tailwatchd --disable=Cpanel::TailWatch::Antirelayd
All done Yay! That should do the trick, let me know how you go with implementing either fix.