From Newsgroup: comp.sys.acorn.networking

My email host provider xencentric hosting updated their servers on
saturday night from Dovecot 2.3 to 2.4 and in so doing broke Hermes
pop3 and smptp. The company is suggesting that It's just me and by
inference that it's Hermes.

I'm getting certificate errors which I can't get passed. I've updates
my machines certs but no improvement.

I can sometimes pull email using port 110 but with no secure
connection just APOP but it mostly fails with "Connection lost".

SMTP is almost none functional for the same reasons and I've swapped
to using virgin media severs for own domain emails which actually
works fine.

What to do?

I'm not convinced xencentric are bothered about 1 customer, I hope
I'm wrong.

My phone and iPad use imap and they're working fine.

So has email moved past what Hermes can handle now?

Should I change provider?


Any suggestions?

Bob.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

Bob Latham <bob@sick-of-spam.invalid> wrote:

My email host provider xencentric hosting updated their servers on
saturday night from Dovecot 2.3 to 2.4 and in so doing broke Hermes
pop3 and smptp. The company is suggesting that It's just me and by
inference that it's Hermes.

I'm getting certificate errors which I can't get passed. I've updates
my machines certs but no improvement.

What are the names of xencentric's POP and SMTP servers? They should be in Hermes settings.

Theo
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

In article <ioE*VrdiA@news.chiark.greenend.org.uk>,
Theo <theom+news@chiark.greenend.org.uk> wrote:

Bob Latham <bob@sick-of-spam.invalid> wrote:

My email host provider xencentric hosting updated their servers
on saturday night from Dovecot 2.3 to 2.4 and in so doing broke
Hermes pop3 and smptp. The company is suggesting that It's just
me and by inference that it's Hermes.

I'm getting certificate errors which I can't get passed. I've
updates my machines certs but no improvement.

What are the names of xencentric's POP and SMTP servers? They
should be in Hermes settings.

Do you have no other devices (computers, tablets, phones) that you can
try? That would confirm whether the problem is with RISC OS or
xencentric.

Martin
--
Martin Avison
Note that unfortunately this email address will become invalid
without notice if (when) any spam is received.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

In message <5c40e29be5bob@sick-of-spam.invalid>
Bob Latham <bob@sick-of-spam.invalid> wrote:

My email host provider xencentric hosting updated their servers on
saturday night from Dovecot 2.3 to 2.4 and in so doing broke Hermes
pop3 and smptp. The company is suggesting that It's just me and by
inference that it's Hermes.

No, it's not you! It's Xencentric's problem. You have already asked this question in the AW List, and the workaround has already been suggested.

I am on Xencentric with Hermes and it not happening here its there setup.

I'm getting certificate errors which I can't get passed. I've updates
my machines certs but no improvement.

It's their end that is giving the error, Hermes has nothing to do with the certificate error, that comes from AcornSSL module, ensure you are using
the latest available version. version 1.07 (28 Mar 2025) mbedTLS 3.6.3

I can sometimes pull email using port 110 but with no secure
connection just APOP but it mostly fails with "Connection lost".

That is timeout error. I have already reported that their primary Mail
server is not responding fast enough to requests

SMTP is almost none functional for the same reasons and I've swapped
to using virgin media severs for own domain emails which actually
works fine.

Which proves it not your end that is the issue.

What to do?

Have you send them a snapshot of the Certificate error message.

I'm not convinced xencentric are bothered about 1 customer, I hope
I'm wrong.

Complain to Neil, and send them a snapshot of the certificate error.

My phone and iPad use imap and they're working fine.

So has email moved past what Hermes can handle now?

NO, It's NOT Hermes! Certificates are handled by the AcornSSL module, not Hermes as Alan Wrigley has already pointed out in the thread on AW mailing list.

Should I change provider?

Up to you. I moved my personal domain away from Xencentric awhile ago,
only have the club's domain still on their servers and might be moving
them.

Any suggestions?

Don't mention RISC OS or Hermes to them, as that is not relevant. Your
issue is certificate errors and timeout messages (connection lost).

There are websites out on the web that will analyse your domain including
the mail servers being used and advising if they are working correctly.
--
Chris Hughes
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

In message <5c40ec2e60News03@avisoft.f9.co.uk>
Martin <News03@avisoft.f9.co.uk> wrote:

In article <ioE*VrdiA@news.chiark.greenend.org.uk>,
Theo <theom+news@chiark.greenend.org.uk> wrote:

Bob Latham <bob@sick-of-spam.invalid> wrote:

My email host provider xencentric hosting updated their servers
on saturday night from Dovecot 2.3 to 2.4 and in so doing broke
Hermes pop3 and smptp. The company is suggesting that It's just
me and by inference that it's Hermes.

I'm getting certificate errors which I can't get passed. I've
updates my machines certs but no improvement.

What are the names of xencentric's POP and SMTP servers? They
should be in Hermes settings.

Do you have no other devices (computers, tablets, phones) that you can
try? That would confirm whether the problem is with RISC OS or
xencentric.

Martin, I use Xencentric for the WROCC domain, and we had the same issue
about 6 weeks ago and after spending a lot of time investigating it was
issues with Xencentric's SSL certs, plus their authoritative server being slow to respond which caused the "connection lost" timeouts. They use
Let's Encrypt SSL certs per customer domain it appears and when we were migrated from one server to another on their system, it broken the SSL
chain. They eventually fixed those issues. So we do not have the issue.

Bob has said he has used his phone and tablet via IMAP with the same Xencentric servers and its working.
--
Chris Hughes
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

In article <ioE*VrdiA@news.chiark.greenend.org.uk>,
Theo <theom+news@chiark.greenend.org.uk> wrote:

Bob Latham <bob@sick-of-spam.invalid> wrote:

My email host provider xencentric hosting updated their servers on
saturday night from Dovecot 2.3 to 2.4 and in so doing broke Hermes
pop3 and smptp. The company is suggesting that It's just me and by inference that it's Hermes.

I'm getting certificate errors which I can't get passed. I've updates
my machines certs but no improvement.

What are the names of xencentric's POP and SMTP servers? They should be in Hermes settings.

I can't give you what mine is set to because it is based on my domain
so it would publish my email in effect.
mail.<>.org.uk
However, as part of the testing they asked me to try: Server2.xencentrichosting.uk
Which behaved exactly the same.

Thanks.

Bob.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

In article <5c40ec2e60News03@avisoft.f9.co.uk>,
Martin <News03@avisoft.f9.co.uk> wrote:

In article <ioE*VrdiA@news.chiark.greenend.org.uk>,
Theo <theom+news@chiark.greenend.org.uk> wrote:

Do you have no other devices (computers, tablets, phones) that you can
try? That would confirm whether the problem is with RISC OS or
xencentric.

All iPads and phones are fine but they use imap not pop3.

Bob.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

In article <4186ee405c.chris@mytardis>,
Chris Hughes <news13@noonehere.co.uk> wrote:

Martin, I use Xencentric for the WROCC domain, and we had the same
issue about 6 weeks ago and after spending a lot of time
investigating it was issues with Xencentric's SSL certs, plus
their authoritative server being slow to respond which caused the "connection lost" timeouts. They use Let's Encrypt SSL certs per
customer domain it appears and when we were migrated from one
server to another on their system, it broken the SSL chain. They
eventually fixed those issues. So we do not have the issue.

Bob has said he has used his phone and tablet via IMAP with the
same Xencentric servers and its working.

What he said ^^^^

Bob.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

In article <9204ec405c.chris@mytardis>,
Chris Hughes <news13@noonehere.co.uk> wrote:

In message <5c40e29be5bob@sick-of-spam.invalid>
Bob Latham <bob@sick-of-spam.invalid> wrote:

My email host provider xencentric hosting updated their servers
on saturday night from Dovecot 2.3 to 2.4 and in so doing broke
Hermes pop3 and smptp. The company is suggesting that It's just
me and by inference that it's Hermes.

No, it's not you! It's Xencentric's problem.

Good to know, I think.

You have already asked this question in the AW List,

I have yes.

and the workaround has already been suggested.

I've not seen that and I've just looked and I've not received that.

I have been asked a question on there which i'm about to answer.

I am on Xencentric with Hermes and it not happening here its there
setup.

Sorry, I don't understand the logic of that.

I'm getting certificate errors which I can't get passed. I've
updates my machines certs but no improvement.

It's their end that is giving the error, Hermes has nothing to do
with the certificate error, that comes from AcornSSL module,
ensure you are using the latest available version. version 1.07
(28 Mar 2025) mbedTLS 3.6.3

I am now since Andrew sent it to me a couple of hours ago.

I can sometimes pull email using port 110 but with no secure
connection just APOP but it mostly fails with "Connection lost".

That is timeout error. I have already reported that their primary
Mail server is not responding fast enough to requests

SMTP is almost none functional for the same reasons and I've
swapped to using virgin media severs for own domain emails which
actually works fine.

Which proves it not your end that is the issue.

Well xencentric are telling me their logs say my machine is not
configured right, they've pointed out some errors. I'm still trying
to understand it.

What to do?

Have you send them a snapshot of the Certificate error message.

I have.

I'm not convinced xencentric are bothered about 1 customer, I
hope I'm wrong.

Complain to Neil, and send them a snapshot of the certificate error.

I have.

My phone and iPad use imap and they're working fine.

So has email moved past what Hermes can handle now?

NO, It's NOT Hermes! Certificates are handled by the AcornSSL
module, not Hermes as Alan Wrigley has already pointed out in the
thread on AW mailing list.

i've not seen that and still have not.

Should I change provider?

Up to you. I moved my personal domain away from Xencentric awhile
ago, only have the club's domain still on their servers and might
be moving them.

Who to?

Any suggestions?

Don't mention RISC OS or Hermes to them, as that is not relevant.
Your issue is certificate errors and timeout messages (connection
lost).

OK.

There are websites out on the web that will analyse your domain
including the mail servers being used and advising if they are
working correctly.

Thanks.

Bob.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

In message <5c40fa350fbob@sick-of-spam.invalid>
Bob Latham <bob@sick-of-spam.invalid> wrote:

In article <ioE*VrdiA@news.chiark.greenend.org.uk>,
Theo <theom+news@chiark.greenend.org.uk> wrote:

Bob Latham <bob@sick-of-spam.invalid> wrote:

My email host provider xencentric hosting updated their servers on
saturday night from Dovecot 2.3 to 2.4 and in so doing broke Hermes
pop3 and smptp. The company is suggesting that It's just me and by
inference that it's Hermes.

I'm getting certificate errors which I can't get passed. I've updates
my machines certs but no improvement.

What are the names of xencentric's POP and SMTP servers? They should be in >> Hermes settings.

I can't give you what mine is set to because it is based on my domain
so it would publish my email in effect.
mail.<>.org.uk

No it won't. They would need your other login details for that.

However, as part of the testing they asked me to try: Server2.xencentrichosting.uk
Which behaved exactly the same.

Yes the mail servers are currently linked to that server.

Thanks.

Bob.

--
Chris Hughes
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

In message <5c40fb7588bob@sick-of-spam.invalid>
Bob Latham <bob@sick-of-spam.invalid> wrote:

In article <9204ec405c.chris@mytardis>,
Chris Hughes <news13@noonehere.co.uk> wrote:

In message <5c40e29be5bob@sick-of-spam.invalid>
Bob Latham <bob@sick-of-spam.invalid> wrote:

My email host provider xencentric hosting updated their servers
on saturday night from Dovecot 2.3 to 2.4 and in so doing broke
Hermes pop3 and smptp. The company is suggesting that It's just
me and by inference that it's Hermes.

and the workaround has already been suggested.

I've not seen that and I've just looked and I've not received that.

The workaround was to switch to using the non-SSL ports. Thus avoiding the
SSL certificate error. You might get the "Connection Lost" message
sometimes but that is a different problem.

I have been asked a question on there which i'm about to answer.

I am on Xencentric with Hermes and it not happening here its there
setup.

Sorry, I don't understand the logic of that.

I am saying I am using Xencentric Hosting (you get your emails from WROCC
via them). I am using the SSL Certs and not having any issues.

I'm getting certificate errors which I can't get passed. I've
updates my machines certs but no improvement.

It's their end that is giving the error, Hermes has nothing to do
with the certificate error, that comes from AcornSSL module,
ensure you are using the latest available version. version 1.07
(28 Mar 2025) mbedTLS 3.6.3

I am now since Andrew sent it to me a couple of hours ago.

Did you reboot after installing the newer version of AcornSSL ?

I can sometimes pull email using port 110 but with no secure
connection just APOP but it mostly fails with "Connection lost".

That is timeout error. I have already reported that their primary
Mail server is not responding fast enough to requests

SMTP is almost none functional for the same reasons and I've
swapped to using virgin media severs for own domain emails which
actually works fine.

Which proves it not your end that is the issue.

Well xencentric are telling me their logs say my machine is not
configured right, they've pointed out some errors. I'm still trying
to understand it.

What sort of errors?

What to do?

Have you send them a snapshot of the Certificate error message.

I have.

I'm not convinced xencentric are bothered about 1 customer, I
hope I'm wrong.

Complain to Neil, and send them a snapshot of the certificate error.

I have.

My phone and iPad use imap and they're working fine.

So has email moved past what Hermes can handle now?

NO, It's NOT Hermes! Certificates are handled by the AcornSSL
module, not Hermes as Alan Wrigley has already pointed out in the
thread on AW mailing list.

i've not seen that and still have not.

It was in his initial response to your post on his mailing list.

Should I change provider?

Up to you. I moved my personal domain away from Xencentric awhile
ago, only have the club's domain still on their servers and might
be moving them.

Who to?

I moved to 20i

Any suggestions?

Don't mention RISC OS or Hermes to them, as that is not relevant.
Your issue is certificate errors and timeout messages (connection
lost).

OK.

There are websites out on the web that will analyse your domain
including the mail servers being used and advising if they are
working correctly.

Thanks.

--
Chris Hughes
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

In article <128c03415c.chris@mytardis>,
Chris Hughes <news13@noonehere.co.uk> wrote:

In message <5c40fb7588bob@sick-of-spam.invalid>
Bob Latham <bob@sick-of-spam.invalid> wrote:

I've not seen that and I've just looked and I've not received
that.

The workaround was to switch to using the non-SSL ports. Thus
avoiding the SSL certificate error.

Yes, eventually I got to that myself, in my plodding way.

You might get the "Connection Lost" message sometimes but that is a
different problem.

In my case it was almost 100% of the time - connection lost.

Sorry, I don't understand the logic of that.

I am saying I am using Xencentric Hosting (you get your emails from
WROCC via them). I am using the SSL Certs and not having any
issues.

I'm getting certificate errors which I can't get passed. I've
updates my machines certs but no improvement.

It's their end that is giving the error, Hermes has nothing to
do with the certificate error, that comes from AcornSSL module,
ensure you are using the latest available version. version 1.07
(28 Mar 2025) mbedTLS 3.6.3

I am now since Andrew sent it to me a couple of hours ago.

Did you reboot after installing the newer version of AcornSSL ?

I can sometimes pull email using port 110 but with no secure
connection just APOP but it mostly fails with "Connection lost".

That is timeout error. I have already reported that their primary
Mail server is not responding fast enough to requests

SMTP is almost none functional for the same reasons and I've
swapped to using virgin media severs for own domain emails which
actually works fine.

Which proves it not your end that is the issue.

Well xencentric are telling me their logs say my machine is not
configured right, they've pointed out some errors. I'm still trying
to understand it.

What sort of errors?

Complaining about my host name and domain name.

Who to?

I moved to 20i

no issues for RISC OS i take it then.


Cheers,

Bob.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

In article <73b802415c.chris@mytardis>,
Chris Hughes <news13@noonehere.co.uk> wrote:

In message <5c40fa350fbob@sick-of-spam.invalid>
Bob Latham <bob@sick-of-spam.invalid> wrote:

I can't give you what mine is set to because it is based on my
domain so it would publish my email in effect. mail.<>.org.uk

No it won't. They would need your other login details for that.

Publish my email 'address' was what I meant.

Thanks.

Bob.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

In message <5c410cd720bob@sick-of-spam.invalid>
Bob Latham <bob@sick-of-spam.invalid> wrote:

In article <128c03415c.chris@mytardis>,
Chris Hughes <news13@noonehere.co.uk> wrote:

In message <5c40fb7588bob@sick-of-spam.invalid>
Bob Latham <bob@sick-of-spam.invalid> wrote:

I've not seen that and I've just looked and I've not received
that.

The workaround was to switch to using the non-SSL ports. Thus
avoiding the SSL certificate error.

Yes, eventually I got to that myself, in my plodding way.

You might get the "Connection Lost" message sometimes but that is a
different problem.

In my case it was almost 100% of the time - connection lost.

[snip]

Well xencentric are telling me their logs say my machine is not
configured right, they've pointed out some errors. I'm still trying
to understand it.

What sort of errors?

Complaining about my host name and domain name.

Hmm for email it's mail.<your domain name>.org.uk

for both SMTP and POP3

Have you turned on detailed logging on in Hermes for your accounts that
use Xencentric, as they will show the interaction between your computer
and their server and might give you more information.

Who to?

I moved to 20i

no issues for RISC OS i take it then.

Nope.
--
Chris Hughes
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

In article <bdf316415c.chris@mytardis>,
Chris Hughes <news13@noonehere.co.uk> wrote:

In message <5c410cd720bob@sick-of-spam.invalid>
Bob Latham <bob@sick-of-spam.invalid> wrote:

What sort of errors?

Complaining about my host name and domain name.

Hmm for email it's mail.<your domain name>.org.uk
for both SMTP and POP3

It is indeed and mine has been set that way for a very long time
which is why I didn't wish to reveal that full url as it publishes my
email address.

Have you turned on detailed logging on in Hermes for your accounts
that use Xencentric,

Yes, first thing I did.

as they will show the interaction between your computer
and their server and might give you more information.

The xentric (or whatever its called) people told me my problem is in
the helo message but having got passed the issues of certificates and
AcornSSL it is not preventing me posting so I have time to fiddle.

Their error log tells me to look at certain rfc specs and that tells
me that the helo needs to be either an ip address in square brackets
[x.x.x.x] or an FQDN. The logs from Hermes shows that mine is neither
at the moment. My best efforts to change that in RISC OS not Hermes
didn't do anything according to Hermes logs. I'm working on it...

I'm at a loss to understand why the "local domain" field is greyed
out unless you have "try name server too" ticked. The whole local
domain thing makes zero sense to me.

Yes, I do know that Hermes can set the helo for each smtp server it
connects to and no, I'm not using that feature at the moment.

I want to experiment to learn more before I decide which path suits
me best.

Bob.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

Bob Latham <bob@sick-of-spam.invalid> wrote:

The xentric (or whatever its called) people told me my problem is in
the helo message but having got passed the issues of certificates and AcornSSL it is not preventing me posting so I have time to fiddle.

Their error log tells me to look at certain rfc specs and that tells
me that the helo needs to be either an ip address in square brackets [x.x.x.x] or an FQDN. The logs from Hermes shows that mine is neither
at the moment. My best efforts to change that in RISC OS not Hermes
didn't do anything according to Hermes logs. I'm working on it...

I'm at a loss to understand why the "local domain" field is greyed
out unless you have "try name server too" ticked. The whole local
domain thing makes zero sense to me.

I think you're conflating two things. The HELO/EHLO is something said
during the SMTP handshaking - I type 'HELO example.wibble' when connecting
to the SMTP server:

$ nc -v Server2.xencentrichosting.uk 25
Connection to Server2.xencentrichosting.uk (193.35.57.251) 25 port [tcp/smtp] succeeded!
220 server2.xencentrichosting.uk ESMTP Exim 4.98.2 Thu, 24 Jul 2025 10:46:29 +0100
HELO example.wibble
250 server2.xencentrichosting.uk Hello example.wibble [redacted.my.publicip.address]
QUIT
221 server2.xencentrichosting.uk closing connection

That's entirely different from anything set in your machine's IP address
config for talking to the local network.

Perhaps Xencentric are deciding that anyone who declares themselves to be a made up name like example.wibble is a spammer and blocking them.

Yes, I do know that Hermes can set the helo for each smtp server it
connects to and no, I'm not using that feature at the moment.

Try using that. Thunderbird sends the string 'ehlo.thunderbird.net' to
any server (in order to avoid leaking the local IP address): https://support.mozilla.org/en-US/kb/thunderbird-smtp-ehlo

You could tell Hermes to use the same. At least then it would be identical
to a popular mail client.


There's a second issue with Server2.xencentrichosting.uk specifically that
it's using a self-signed certificate, but I suspect that might be different with the mail.yourdomain.com servers. So may not be relevant in your case.

Theo
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

In article <ioE*-diiA@news.chiark.greenend.org.uk>,
Theo <theom+news@chiark.greenend.org.uk> wrote:

Bob Latham <bob@sick-of-spam.invalid> wrote:

The xentric (or whatever its called) people told me my problem is
in the helo message but having got passed the issues of
certificates and AcornSSL it is not preventing me posting so I
have time to fiddle.

Their error log tells me to look at certain rfc specs and that
tells me that the helo needs to be either an ip address in square
brackets [x.x.x.x] or an FQDN. The logs from Hermes shows that
mine is neither at the moment. My best efforts to change that in
RISC OS not Hermes didn't do anything according to Hermes logs.
I'm working on it...

I'm at a loss to understand why the "local domain" field is
greyed out unless you have "try name server too" ticked. The
whole local domain thing makes zero sense to me.

I think you're conflating two things. The HELO/EHLO is something
said during the SMTP handshaking - I type 'HELO example.wibble'
when connecting to the SMTP server:

Yes, that is where that issue occurs.

That's entirely different from anything set in your machine's IP
address config for talking to the local network.

I'm confused again.

Here is what the isp sent to me from their logs...

2025-07-23 10:46:43 H=dudl [snip details] .virginm.net (iMX6-1)
[82.34.xx.xx] F=bob@somewhere.org.uk rejected RCPT rcomp@rcomp.co.uk:
R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)

So I looked at the RFC. It says either an ip address in square
brackets or an FQDN.

Mine is/was just iMX6-1.

So my reading of that is it should be either:

[192.168.1.31] Can't be a WAN address that changes quite a bit and
it seems to need to specify the machine which the
Wan address can't do due to NAT. On the other hand
the LAN address is irrelevant to anything on the
WAN.
or
iMX6-1.somewhere.org.org.uk

Why can't articles be clear what they mean by IP address !

Try using that. Thunderbird sends the string
'ehlo.thunderbird.net' to any server (in order to avoid leaking the
local IP address):
https://support.mozilla.org/en-US/kb/thunderbird-smtp-ehlo

That article suggests its the WAN IP address it's after. Grrrr.

Sorry but what do you mean by local IP address? Lan or Wan?

You could tell Hermes to use the same. At least then it would be
identical to a popular mail client.

Right so we don't touch the OS settings just the smtp setting in
Hermes for that account?

I'll give that a spin over the next day or two. Bit sick of it at the
moment.

There's a second issue with Server2.xencentrichosting.uk
specifically that it's using a self-signed certificate, but I
suspect that might be different with the mail.yourdomain.com
servers. So may not be relevant in your case.

Oh no. Please make it stop !!

Thanks,

Bob.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

Bob Latham <bob@sick-of-spam.invalid> wrote:

In article <ioE*-diiA@news.chiark.greenend.org.uk>,
Theo <theom+news@chiark.greenend.org.uk> wrote:

Bob Latham <bob@sick-of-spam.invalid> wrote:

I'm confused again.

Here is what the isp sent to me from their logs...

2025-07-23 10:46:43 H=dudl [snip details] .virginm.net (iMX6-1)
[82.34.xx.xx] F=bob@somewhere.org.uk rejected RCPT rcomp@rcomp.co.uk:
R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)

So I looked at the RFC. It says either an ip address in square
brackets or an FQDN.

Mine is/was just iMX6-1.

So my reading of that is it should be either:

[192.168.1.31] Can't be a WAN address that changes quite a bit and
it seems to need to specify the machine which the
Wan address can't do due to NAT. On the other hand
the LAN address is irrelevant to anything on the
WAN.
or
iMX6-1.somewhere.org.org.uk

It doesn't really matter. It used to, years ago, but nowadays it's only
being used by the spam filtering rules as a shibboleth: if you say something silly the server will decide you're a spammer and tell you to go away. As
long as you say something sensible the server will be happy. What you say
will appear in the headers of your sent emails but that doesn't mean very
much.

eg if I find a mail you sent to the StrongEd mailing list I see this in the headers:

Received: from dudl....virginm.net ([82.34.xx.xx] helo=iMX6-1)
by server4.xencentrichosting.uk with esmtpsa (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
(Exim 4.98.2)
(envelope-from <you@yourdomain.com>)
id <message-id>

but those header lines are the only place it'll show up.

Why can't articles be clear what they mean by IP address !

Try using that. Thunderbird sends the string
'ehlo.thunderbird.net' to any server (in order to avoid leaking the
local IP address): https://support.mozilla.org/en-US/kb/thunderbird-smtp-ehlo

That article suggests its the WAN IP address it's after. Grrrr.

Sorry but what do you mean by local IP address? Lan or Wan?

In this particular case Thunderbird are worried about people connecting via
a VPN to hide their location. If you connect from a VPN provider IP address but say:

HELO bob.pentagon.mil

then it's leaked something about where you happen to be, ie the VPN didn't properly hide your location. That's why they just set it to something valid but not real, that's the same for everyone.

You could tell Hermes to use the same. At least then it would be
identical to a popular mail client.

Right so we don't touch the OS settings just the smtp setting in
Hermes for that account?

Exactly. It's a mail client setting not a networking setting.

Theo
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

In article <koE*hKkiA@news.chiark.greenend.org.uk>,
Theo <theom+news@chiark.greenend.org.uk> wrote:

It doesn't really matter.

Okay. So to sum up.

The 'helo' setting for smtp outgoing email must adhere to a
specification ie. an ip address in square brackets or a fully
qualified domain name BUT !!! the values in those setting no longer
matters, it's only the format that matters.

It is therefore okay to use ehlo.thunderbird.net or similar. I have
tested that as far as I can and it works but I can't see the server
logs.

Best to do this in Hermes smtp settings and not the machines network
settings. This will prevent your domain being 'published' in that
setting.

Have I got it at last?

Thanks Theo.

Cheers,

Bob.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.acorn.networking

Bob Latham <bob@sick-of-spam.invalid> wrote:

In article <koE*hKkiA@news.chiark.greenend.org.uk>,
Theo <theom+news@chiark.greenend.org.uk> wrote:

It doesn't really matter.

Okay. So to sum up.

The 'helo' setting for smtp outgoing email must adhere to a
specification ie. an ip address in square brackets or a fully
qualified domain name BUT !!! the values in those setting no longer
matters, it's only the format that matters.

It is therefore okay to use ehlo.thunderbird.net or similar. I have
tested that as far as I can and it works but I can't see the server
logs.

Best to do this in Hermes smtp settings and not the machines network settings. This will prevent your domain being 'published' in that
setting.

Have I got it at last?

Yes, that's all correct.

Theo
--- Synchronet 3.21a-Linux NewsLink 1.2