Solved

SMTP outgoing IP, reverse lookup

Posted on 2010-08-30
16
958 Views
Last Modified: 2012-05-10
I am trying to get reverse lookup to work with an smtp server.
Here is my situation:  I have several servers behind a cicso asa5500 firewall.  Two of the servers are configured for SMTP.  These are web servers that generate email traffic.
The web servers use NLM (server farm), and have many IP’s associated with them.  When an email is generated, I think the IP address used by the SMTP server is the first one in the list.  In my case, it is 192.168.1.50.  The NLM address that is used by the server is 192.168.1.119.  This is part o the NLM cluster.
The message goes through the router, and the actual from address is the routers address, not the address that is mapped to the SMTP server.
I’m not sure how to fix this.  It doesn’t appear that there is any control over which IP the SMTP server uses.  I think I need to control the from IP address.
Not sure if I can control the IP address used in the cicso router or not.
0
Comment
Question by:No1Coder
  • 6
  • 5
  • 2
  • +2
16 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 33560022
If you have a particular outside IP you want the mail traffic to use, you can setup some NAT rules to map interal IPs to that specific outside IP.
But as a rule, you will show up as your gateway default outside IP.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33560155
Reverse lookup will NEVER work to an outside SMTP server if you are expecting it to be able to reverse lookup a 192.168.x.x address. 192.168.x.x addresses are PRIVATE, NONROUTABLE addresses and as such will never be exposed to the internet.
You will almost always find that your exposed IP address is the external IP of your internet gateway. You cant assign the 192.x.x.x address to it.
0
 

Author Comment

by:No1Coder
ID: 33560545
The SMTP sevrer is NETed to 192.168.1.50.  It has an external (public) address.
0
 
LVL 37

Expert Comment

by:meverest
ID: 33564276
Hi,

do this from the smtp server:

go to http://whatismyip.com

take the IP address shown, and open a dos shell (start->run->'cmd'->ok) and enter:

ping -a <ip address shown by whatismyip>

Look at what the address resolves to, e.g:

C:\Documents and Settings\mike>ping -a 65.54.245.40

Pinging bay0-mc10-f.bay0.hotmail.com [65.54.245.40] with 32 bytes of data:

the hostname that it resolves to (in the example 'bay0-mc10-f.bay0.hotmail.com') is what you need to enter in smtp server properties under 'delivery' tab, advanced button, 'fully qualified hostname'.

Now, your mail server will connect to the remote and report itself as the same hostname that the remote system will resolve the ip address - all good.

Cheers!
0
 

Author Comment

by:No1Coder
ID: 33567363
Regarding comment from meverest, that is the way it is configured.

I had my hosting provider add a PRT record.  This may help.  Also, I changed my router so that the smtp traffic matches the Ip address of the server name (mail.xyz.com).  This also may help.

When I receive a message from this server, it says (in the message options window)

Received: from unknown [xxx.xx.xxx.xxx] (EHLO mail.xyz.com)

(Names and addressed changed above)

Does the SMTP server have to be enabled through the router for reverse lookup to work?  Is it enoughtto have PTR, A, and MX records defined?
0
 
LVL 37

Expert Comment

by:meverest
ID: 33573618
Hi!

first of all, MX record is not important for outgoing mail.  The only things that you need to consider is how a remote mail server observes your mail server when receiving a connection.

Remember that a remote mail server can only determine the IP address that your mail server connects from.  This is invariably the IP address of your internet connection.  The remote server will then observe a few checks:

1.  If it takes the IP address that you are connecting from, and does a reverse lookup (i.e PTR record) then does it get a real, valid hostname?
2.  Does the hostname received from (1) match the hostname used by your mail server to identify itself?
3.  When it does a forward dns lookup (i.e. 'A' record) on that hostname, does it resolve back to the right IP address? (that is the one that the mail server really is connecting from)

If any of these three basic checks fails, or returns invalid data, then the remote server is likley to refuse to accept your email.

the 'received from: ' lines that appear in the email header when you receive them does not necessaarily have any bearing on how the remote mail server interprets these details, but if it is displayed as 'unknown' like that, as you indicate, then this suggests that there may be a problem with the reverse lookup (i.e. 'PTR' record)  What you might expect to see, when looking at the mail headers, is something like this:

Received: from mail.xyz.com [xxx.xx.xxx.xxx] (EHLO mail.xyz.com)

that is, the hostname resolved by the PTR lookup (from mail.xyz.com) should match what the server identifies itself as in the banner (EHLO mail.xyz.com)

Cheers!
0
 

Author Comment

by:No1Coder
ID: 33575037
If I look at the message options fro one of these messages, it has multiple "received from" segments.  I assume this iis due to the relay that I have setup.  My asp.net application generated an email, it goes to the virtual server, who relays the message on.  Below, where is says Received from Unknown, the hostname matches the ip (set in ptr record, and A record), yet it still says unknown.

Is this because my SMTP server is not open in the router to outside traffic?  This is a Send Only email server.

Return-Path: xxxxx
Received: from mx90.stngva01.us.mxservers.net (198.173.112.7)
      by mail19g.g19.rapidsite.net (RS ver 1.0.95vs) with SMTP id 0-0662567460
      for <xxxxxxxxxxxxxxx>; Wed,  1 Sep 2010 01:04:20 -0400 (EDT)
Received: from unknown [xxx.xxx.xxx.xxx] (EHLO mail.xyz.com)
      by va1-mx90.stngva01.us.mxservers.net (mxl_mta-3.1.0-05)
      with ESMTP id 4dedd7c4.2453666720.297719.00-001.va1-mx90.stngva01.us.mxservers.net (envelope-from <xxxxx>);
      Wed, 01 Sep 2010 01:04:20 -0400 (EDT)
Received: from SUPERGLIDE ([127.0.0.1]) by mail.xyz.com with Microsoft SMTPSVC(6.0.3790.4675);
       Wed, 1 Sep 2010 01:00:06 -0400
MIME-Version: 1.0
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 37

Expert Comment

by:meverest
ID: 33575432
Hi,

it is still the same - the server "va1-mx90.stngva01.us.mxservers.net" is unable to convert the IP address 'xxx.xxx.xxx.xxx' to a hostname.  we can only assume that this is because the DNS used by that remote email server for reverse (address-to-name) lookup can't resolve your PTR.

That is where you need to concentrate: check that the PTR record for that IP address really does resolve properly EVERYWHERE (i.e. not just for your local network)

Cheers.
0
 

Author Comment

by:No1Coder
ID: 33575549
I use nslookup.exe and specify either the IP or the name and they come back the same.  Is there another tool that I might use to test this?

I think the ptr record is setup correctly.  I can't find the missing piece.

The ptr record entry was set by my hosting provided in the datacenter where my mail server resides (yesterday).
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33576125
Then it could still be a proporgation issue. DNS changes can take 48 hours+ to proporgate fully.
0
 
LVL 37

Expert Comment

by:meverest
ID: 33576514
you need to test it from a remote location - one that does not use your local DNS directly for address resolution.  it is not impossible that propagation has not yet made it to that particular remote mail system (though probably unlikely)

more likely that the ptr record is not set up correctly.

is that IP address actually under your control?  If it is an ISP address, you probably have no capability to reflect reverse lookup from your own name server.  Since you continue to mask it in all of your posts, there is no way that we can determine what the real issue might be.  We are working completely in the dark here! ;-)

Cheers.
0
 

Author Comment

by:No1Coder
ID: 33587526
I am outsize of the DNS area where the ptr record is hosted.

I have verified the ptr record using mx toolbox.

I send an email to my datacenter support group.  They received the emal with the proper header, however I  still don't.

I am basing this issue on the "unknown host" in the message header.  Could this be caused by other things.

Also, I have done siome research and found another possibility:

Woud entering a sender policy framework be advisable?

IN TXT "v-spf1 a ptr ~all"
0
 
LVL 37

Accepted Solution

by:
meverest earned 500 total points
ID: 33591988
Hi,

it could be only that remote host that is unable (or perhaps unWILLING?) to resolve your address to hostname.  The fact that you are receiving the email at all suggests that this is no real problem - why does it matter to you?

SPF won't affect whether or not a remote system accepts email from your mail system - it will only prevent some other system from pretending to be an official sender from your domain/s.

Cheers,  Mike.
0
 

Author Comment

by:No1Coder
ID: 33594616
It only matters to me because I have customer who have reported issues receivinbg emails from my server.  Some have needed to white list the IP in order to get it to work.  When I see the "server unknown" in the header, this led me to believe that the reverse lookup wasn't working.  Also, anothey symptom is that when I receive email from the server, it often gets put in the junk folder (not always).  I thought this migt be an indicator of improper setup.

Since starting this thread, I have added the ptr record.  Whilst this has not made a difference in the host header I received, perhaps it will improve the situation with my customers.

Unless you have other thoughts or ideas, I will terminate this thread.  Than you very much for the time you invested.

Dave
0
 
LVL 31

Expert Comment

by:James Murrell
ID: 36591821
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This short article will present "How to import ICS Calendar onto Office 365 Calendar". I was searching for free (or not free) tools to convert ICS to CSV without success. The only tools I found & working well were online tools...this was too hard to…
New-MailboxSearch Powershell Command and step by step approach to Search and Extract Emails form Exchange 2013 Journaling server.
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now