We help IT Professionals succeed at work.

Reverse DNS does not match SMTP Banner

Hello Everyone,

I'm getting this error on MX Toolbox.
I'm wondering what the problem is.

Currently we have:
Mail.domain.com
webmail.domain.com
servername.domain.com

All pointed to the same IP

We also have PTR records to reflect the forward records. So that one IP points to all of those names, in the reverse lookup zone.
Comment
Watch Question

Commented:
Do you own the IP address for your domain? Where is the MX record pointing to?

Commented:
Is this exchange 2003 or 2007?
In Exchange 2003, open ESM and go to:
Organization > Servers > Exchange Servername > Protocols > SMTP > Properties of Default SMTP Virtual Server > Delivery Tab > Advanced

Check the Fully-qualified domain name: entry and verify it matches one of the records which you have listed above.

I'll post the exchange 2007 instructions next.

Author

Commented:
Yes we own the IP

MX Test

10      mail.domain.com      38.125.103.120      5 min      SMTP Test      Blacklist Check

PTR Test

PTR      38.125.103.120      neptune2.domain.com      5 min
PTR      38.125.103.120      mail.domain.com      5 min
PTR      38.125.103.120      webmail.domain.com      5 min
PTR      38.125.103.120      pop3.domain.com      5 min
PTR      38.125.103.120      smtp.domain.com      5 min
reverse lookup      smtp diag      port scan      blacklist

Commented:
For Exchange 2007:
Exchange Organization Config > Hub Transport > Send Connectors tab > Default Send Connector Properties
Enter one of the records you mention above (mail.domain..) in the "Specify FQDN"

Commented:
The SMTP banner might not match if you have a 3rd party filter (Postini, MailProtector, etc) in front of the Exchange Server for inbound filtering AND your Exchange Server does the outbound delivery itself.  That message may not matter.

Author

Commented:
Hey Rehamris

It's set to mail.domain.com, it's always been set to that. Any other ideas?

Author

Commented:
Hrm, I don't think we're using a 3rd party filter
Steve AgnewSr. Systems Engineer
Commented:
A reverse IP, if I'm not mistaken can only return one name so you're just going to get the first one returned if you set multiple names the others names will just be ignored.

Commented:
so if you telnet mail.domain.com 25

what banner is displayed?

Author

Commented:
Ah I see, neptune2
The banner is one thing, it says mail.domain.com.. But the actual server name is neptune2. Will there be an issue if I remove neptune2's PRT record from DNS? And all the others.

Author

Commented:
as it stands right now, will everything work ok?

Commented:
A PTR is a name from an IP Address so as DeadNight said, you can really only have one.  I'd remove all PTR records EXCEPT mail.domainname.com, make sure mail.domainname.com A-record in DNS points to your IP Address and that when you telnet mail.domainname.com 25, the banner says mail.domainname.com and not neptune....

Author

Commented:
so when our server connects to another, it uses the name neptune2, even though the banner says Mail, so wouldn't this cause an issue, how do I get it to not use it's actual server name.
Commented:
your server's netbios (computername) name is neptune2, right?
As long as internal DNS has the right private IP address for that AND that internal DNS resolves mail.domainname.com to neptune's address (as an A record, not a CNAME), and as long as neptune identifies itself through the EH/HELO banner as mail.domainname.com, you should be fine.

There should be no issue as the server doesn't need to be resolved by the name "neptune" except for internal hosts which is a function of internal DNS (or WINS).

Author

Commented:
I think the server identifies itself through the EH/Helo as Neptune2.

But yes there are 2 A records on the internal server, mail, and of course neptune2, pointing to the same IP

When I do an internal telnet to port 25 I see Neptune2 show up. I see 220 netune2.domain.com Microsoft ESMTP MAIL Service ready

 

Commented:
Change the banner from neptune to mail.  That's in the ESM or Management Console as posted above.  

Author

Commented:
The banner does say mail.. but when you telnet for whatever reason it says neptune instead of mail.

I'm looking straight at my main send connector right now, and it says mail.domain.com NOT neptune2

Any ideas, almost seems like it's being ignored. Is telnetting internally to mail.domain.com a valid banner test?
PowerShell Developer
Top Expert 2010
Commented:

The Send and Receive Connector names for Exchange 2007 / 2010 do not have to match. Telnet will only ever show you the Receive Connector name, it cannot show the Send Connector. It's part of why it's important to identify the mail system in question :)

Which makes the answer to this:

> Is telnetting internally to mail.domain.com a valid banner test?

No for Exchange 2007 and 2010, and yes for Exchange 2000 and 2003.

The only place you're going to see your banner is in message headers, or if you manage to get another mail server up and running, so you can send test messages to it.

The general standpoint for anti-spam systems is that they must look at all PTR records for a given IP and accept the mail if any match. Of course, you cannot be sure everyone will obey that so it can make a great deal of sense to simplify things if possible.

Do you actually suffer because of this? It is entirely possible that MXToolBox simply do not account for multiple PTR records for a single host.

I guess you've tested public name resolution of your PTR record separately?

Chris