Solved

dnsstuff.com displays one warning:   One or more of your mailservers is claiming to be a host other than what it really is

Posted on 2010-08-26
25
492 Views
Last Modified: 2012-05-10
WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

I host the following domains on an Exchange 2003 server:

mail.domain1.com
mail.domain2.com
mail.domain3.com

As best I understand, A, MX, SPF, and PTR records are all entered and formed properly.
All of these domains are hosted on 69.67.xxx.xxx for their web sites (third party) and on 67.238.xxx.xxx for the email.  That is local to my location here.

Each domain has an @ for 69.67.xxx.xxx and an A record of "mail" poiinting to 67.238.xxx.xxx and a CNAME record of "www" pointing to  69.67.xxx.xxx and an MX pointing to mail.DOMAINNAME.com

Each domain has the same Warning on dnsstuff.com:

WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

mail.DOMAINNAME.com claims to be non-existent host sms.domain1.local: <br /> 220 sms.domain1.local ESMTP Symantec Mail Security <br />

sms.domain1.local is the Symantec Spam Filter between my edge router and my Microsoft Exchange environment.

Is the fix just a matter of entereing an A record for the sms.domain1.local name?
0
Comment
Question by:hooterscasinohotel
  • 10
  • 8
  • 3
  • +1
25 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Your server should be named as a Fully Qualified Domain Name e.g. mail.yourdomain.com
If it isn't then you will have problems with mail-flow.
You should also have Reverse DNS setup to match the FQDN of your mail server and the FQDN should resolve in DNS to the IP Address that you are sending your emails from.
In Exchange 2003, open up the Properties on the SMTP Virtual Server, Click on the Delivery Tab, Click the Advanced Button, then change the FQDN there.
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
If I've read this correctly it's the response to EHLO that is failing.

If you're running Exchange 2007 or 2010 I would create a seperate receive connector for each domain and change it's response to EHLO to match its domain.

I would recommend adding network cards, but you could add IP addresses and bind them to each connector.

0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 333 total points
Comment Utility
Sorry - missed the bit about the Symantec Box.
Does your Yellow box send out mail, or just receive it?
If it sends, then you need to change the FQDN - if not, then it can be ignored as dnsstuff is reporting on the wrong setting.  But do check the location I posted earlier and make sure that is set correctly.
0
 
LVL 28

Assisted Solution

by:sunnyc7
sunnyc7 earned 167 total points
Comment Utility
Go to www.mxtoolbox.com
click SMTP diagnostics.

enter all the 3 domains and see if you have a Reverse DNS doesnt match banner

post back results please.

thanks
0
 

Author Comment

by:hooterscasinohotel
Comment Utility
I do:


220 sms.domain1.local ESMTP Symantec Mail Security


Not an open relay.
0 seconds - Good on Connection time
0.608 seconds - Good on Transaction time
OK - 67.238.xxx.xxx resolves to mail.domain3.com
Warning - Reverse DNS does not match SMTP Banner

0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
check this guide on how to fix it.
http://www.amset.info/exchange/dnsconfig.asp

also you will have to call your ISP and ask them to set a PTR record for

mail.domain1.com
mail.domain2.com
mail.domain3.com

pointing to the same IP address - 67.238.xxx.xxx (public IP of your firewall)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Is your last response a reply to my comment? Can't be sure.

If you are sending all mail out via your Symantec device, you need to reconfigure the Symantec device's name to mail.oneofyourdomains.com not sms.domain1.local

As you have Reverse DNs set to mail.domain3.com, change the Symantec device to this too and as long as mail.domain3.com resolves to your IP in DNS then you should be fine.
0
 

Author Comment

by:hooterscasinohotel
Comment Utility
I did change the hostname of the SMS device as it was set to sms.domain1.local

0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
According to dnsstuff.com it still is set to sms.domain1.local. Please change it as recommended above.
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
Sorry - I missed the bit about the Symantec mail filter too!
0
 

Accepted Solution

by:
hooterscasinohotel earned 0 total points
Comment Utility
Guys thank you for the guidance to the   Reverse DNS doesnt match banner   test.  I was able to navigate my offending device that was delivering the invalid information on the SMTP greeting.

I have re run this test and this now is functional.
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 333 total points
Comment Utility
You have a different greeting now and the report is clean.

Your MX record for domain1 is set to priority 0, which is not recommended as some servers have issues with 0 priority MX records. Please set it to anything other than 0.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
That's the cleanest dnsstuff domain report I have seen in a long time.  Well done.
0
 

Author Comment

by:hooterscasinohotel
Comment Utility
THanks Alan, I was pretty stoked too.....

I will change the priorities to 10
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
So are you going to share some points out? ;)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Would you like me to obscure your domain names now?
No point keeping them in the question to attract unwanted attention, unless you want it that way ; )
0
 

Author Comment

by:hooterscasinohotel
Comment Utility
Not sure I follow?
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
Change your domain name to something generic like
Mydomain.com
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Thanks Sunny : )
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
I am a Zone Advisor and have special powers.  One of those powers can be used to amend posts to obscure / hide / disguise IP Addresses / domain names to protect your domain name / IP's from unwanted attention (hackers / nasty people with computers who have too much time on their hands).
0
 

Author Comment

by:hooterscasinohotel
Comment Utility
Yes please do so!!
0
 

Author Comment

by:hooterscasinohotel
Comment Utility
ANd thank you!!
0
 

Author Comment

by:hooterscasinohotel
Comment Utility
Thank you Alan!!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
You are very welcome.  All part of the service : )
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now