MXToolbox reports "Reverse DNS does not match SMTP Banner"

Brand new exchange install and I am trying to understand why I am getting this result.
Unfortunately the domain/server was built in a .local domain.
How do I go about making the Reverse DNS match SMTP Banner?

I get this error when I try to change the:
FQDN: Specify the FQDN this connector will provide in response to HELO or EHLO. on the Default Frontend Receive Connector.
I want to add my FQDN of the MX record mail.example.com with the hopes that would clear up the warning that MXtoolbox is throwing.  Thank you for your help in advance!!
2015-07-12-1902.png
LVL 9
K BAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
The error says that the way your server greats the incoming connection is the issue.
Your forward and reverse say mail.example.com but when you connect to the server (telnet mail.example.com 25)
The 220 response on establishing a connection does not say mail.example.com

I.e. Internally your system is known as myexchange.addomain.local and this is what is returned in the greeting that the probe errors on.
K BAuthor Commented:
Thanks for your reply!
Yes that's what I was thinking.  Is there any way around this issue?
arnoldCommented:
You can configure your exchange, masquerade to issue the greeting as mail.example.com on the external SMTP connector configuration.
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

K BAuthor Commented:
Arnold thank you.  I cannot seem to find it in Exchange 2013 anywhere. Any ideas?
arnoldCommented:
The greeting can be controlled through the connector configuration,

Here is a link that ..

http://brainlitter.com/2013/01/30/how-to-set-the-exchange-2013-mail-headerbanner-for-smtp/
K BAuthor Commented:
Great info!!!
Strangest thing... I made the change to the receive connector Default Frontend ServerName and restarted the transport service but I still get the same 220 ************************
Any thoughts? this is a fresh install where nothing has really been altered.
arnoldCommented:
Do you have multiple transports? Do you have a front end mail filter such as barracuda, etc. if so, that is where the greeting is.

Check your external firewall to identify to which connector inbound port 25 traffic is directed.

If you telnet internalIP 25 does the greeting reflects your change?
K BAuthor Commented:
I actually set the banner on all 3 default receive connectors and restarted the transport service.  We are still in a change window should I reboot?


Default FrontEnd <server name>   Accepts connections from SMTP senders over port 25. This is the common messaging entry point into your organization.
Outbound Proxy Frontend <server name>   Accepts messages from a Send Connector on a back-end server, with front-end proxy enabled.
Client Frontend <server name>   Accepts secure connections, with Transport Layer Security (TLS) applied.

Open in new window


There is a direct NAT from the firewall to the exchange 2013 server.

Could the issue be that the Cisco firewall has inspect esmtp enabled?

Thank you so much for your help on this one.
K BAuthor Commented:
I did just find this article http://www.petenetlive.com/KB/Article/0000536.htm

It does however state

Disable ESMTP Inspection on Cisco ASA Via command line
Note: If you send mail via TLS DO NOT do this. (see here).

Thoughts?
arnoldCommented:
I am uncertain what it is you are asking, is your certificate match the name you use externally mail.example.com?

On your Asa do you have inside, outside ruke for SMTP?
K BAuthor Commented:
Yes certificate matches.
UCC Certificate
-Domain.com
-Mail.domain.com
-Autodiscover.domain.com

Mail flows fine so rule I presume is correct.
arnoldCommented:
is the certificate for mail.example.com exist on the Cisco

here are your options:
1) leave the situation as is since the notice from mxtools is advisory by nature.
 Sending mailservers connect to the host based in MX/A records. Few if any concern themselves with validating the greeting

2) make the adjustment bypassing ASA as the proxy partial shield of your SMTP connection..


The greeting on the incoming is also the greeting on the outgoing connection.  The outgoing connection server identification is more likely to be rejected/marked as a possible source of spam and this be rejected.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
K BAuthor Commented:
Thank you.
K BAuthor Commented:
Arnold, turning off esmtp inspection on the Cisco firewall fixed everything.  MXTOOLBOX reports no warnings now.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.