cancel
Showing results for 
Search instead for 
Did you mean: 
Dorset_Vinney
Aspiring Expert
1,311 Views
Message 1 of 4

Odd entries mentioning homehub in mail server logs

I've moved this to its own thread after a request from other users.

 

The HomeHub makes the following appearance in a server mail log - anyone care to comment, as the mail server operator owner needs some friendly peer to peer advice and support.  (not a BT customer). The sender and recipient email addresses have been edited to remove PII - they are ordinary domain addresses (not bt ones)

 

The mail server owner is the recipient of the mail

 

Feb  8 20:41:39 xxxx postfix/smtpd[15776]: NOQUEUE: reject: RCPT from host86-147-21x-xx.range86-147.btcentralplus.com[86.147.21x.xx]: 450 4.x.x <BThomehub.home>: Helo command rejected: Host not found; from=<*********@*******.com> to=<*******@xxxxxxxxxx.com> proto=ESMTP helo=<BThomehub.home>

What sort of event could produce that type of log entry please? Should I be worried?

Dorset Vinney - I speak up when I'm worried
3 REPLIES 3
GeneralDisquiet
Aspiring Expert
1,298 Views
Message 2 of 4

Re: Odd entries mentioning homehub in mail server logs

Hi Dorset,

 

I can't see anything to worry about here. The SMTP HELO clause is the stage of the SMTP protocol when SMTP servers introduce themselves to one another. The sending server will identify who it is and the receiving server will  accept any given name. There is no requirement to give the correct information at this stage of the SMTP protocol.

 

Unless, of course, its someone pretending to have a BT domain name!

 

 

"To forbid us anything is to make us have a mind for it."
-- Michel de Montaigne, Essays, 1559

0 Ratings
Dorset_Vinney
Aspiring Expert
1,265 Views
Message 3 of 4

Re: Odd entries mentioning homehub in mail server logs

Thanks for the reply. I'm trying to troubleshoot these two things seperately - one thread relates to how to avoid rejection of BT mail, and this one is trying to work out why the mail logs mention BTHomeHub in the logs of certain spam email handling processes.

 

The friend I am trying to assist has said this:


So you think this is more likely to be some spam malware spoofing an address and identifying itself as a BThomehub rather than a BThomehub which is somehow being used to send spam? What about a FON connection?

It just seemed an odd coincidence that at the same time as people are worrying about  remote access to the HH that the HH is used in the HELO response on a spam email from a BT IP address.

 

The main concern is about identifying what is going on with the incoming spam that the operator of this mail server is seeing in their logs.

Dorset Vinney - I speak up when I'm worried
Distinguished Guru
1,254 Views
Message 4 of 4

Re: Odd entries mentioning homehub in mail server logs

 


@Dorset_Vinney wrote:

Thanks for the reply. I'm trying to troubleshoot these two things seperately - one thread relates to how to avoid rejection of BT mail, and this one is trying to work out why the mail logs mention BTHomeHub in the logs of certain spam email handling processes.

 

The friend I am trying to assist has said this:


So you think this is more likely to be some spam malware spoofing an address and identifying itself as a BThomehub rather than a BThomehub which is somehow being used to send spam? What about a FON connection?

It just seemed an odd coincidence that at the same time as people are worrying about  remote access to the HH that the HH is used in the HELO response on a spam email from a BT IP address.

 

The main concern is about identifying what is going on with the incoming spam that the operator of this mail server is seeing in their logs.


 

 

Virtually all the header info can be faked. I think your friend is getting worried over nothing to be honest - it looks like part of a typical spam header.

 

For example, I've had one today with :-

 

Received: from 86.155.27.xxx  (EHLO api.home) (86.155.27.xxx)

 

an infected BTinternet user - notice the EHLO bit.

0 Ratings