Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Reverse DNS does not match SMTP Banner

Posted on 2016-07-20
18
Medium Priority
?
333 Views
Last Modified: 2016-08-11
we've been getting complaints ( since we upgraded from Exchnage 2010 to Exchange 2013 ) from our users stating that  emails don't arrive at its destination it has arrived in junk folder.

I decided to do an SMTP scan using mxtoolbox.com and i get the following inflammations -----


Category      Host                                 Result      
dns                    Mydomain.com                 SOA Serial Number Format is Invalid       
dns                    mydomain.com                 SOA Expire Value out of recommended range       
smtp            mail.mydomain.com        Reverse DNS does not match SMTP Banner       
smtp            mail.mydomain.com        Warning - Does not support TLS.



 Connecting to 12.12.12.12 

220 ***************************************************** [875 ms]
EHLO PWS3.mxtoolbox.com
250-Antispam.MYDomain.com says EHLO to 64.20.227.134:53351
250-SIZE 15485760
250-8BITMIME
250-PIPELINING
250 ENHANCEDSTATUSCODES [922 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 2.0.0 MAIL FROM accepted [922 ms]
RCPT TO:<test@example.com>
554 5.1.2 Recipient address rejected: User unknown [922 ms]

PWS3v2 5625ms

Open in new window

0
Comment
Question by:Mansour
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
18 Comments
 
LVL 17

Expert Comment

by:Ivan
ID: 41722226
Hi,

did you configure external FQDN on send connector?
EMC --> mail flow --> send connector --> select and edit connector --> scoping tab --> fqdn.

If it is set as your external name, then maybe mxtoolbox test is mistaking :)

Regards,
Ivan.
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 41722229
All Mail received  in junk folder or particular domain. if particular domain then add domain in safe send list in exchange.

The issue happen with all user or single users if single user then add domain in user safe sender list.
0
 
LVL 33

Expert Comment

by:Busbar
ID: 41722250
you need to make sure that you have the correct DNS configured on the send connector, and you will need to ask you ISP to have a reverse DNS record for you  with the correct settings.
2
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 17

Expert Comment

by:Sajid Shaik M
ID: 41722261
are u using any e-mail appliances if yes check the mail server configurations in E-mail appliance ..

if not

do you have internal and external Domain name are same/ different ?  then did u configure Reverse dns on the server ?

is recently did u change external dns name ? if yes the tell your mail server DNS hosting provider/ISP to check your Reverse DNS records,

last but not lease check your SSL verification.

all the best
0
 

Author Comment

by:Mansour
ID: 41722267
Sajid, thank you for your reply

i have SMG in between Firewall (FG) and EXchnage 2013 ,
i have internal and external Domain name are same
yes , i had configured Reverse DNS on the server
SSL verification following the information

mail.Mydomain.com resolves to Myip
Server Type: Microsoft-IIS/8.5
The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).
The certificate was issued by GoDaddy.	
Write review of GoDaddy
The certificate will expire in 507 days.	
Remind me
The hostname (mail.mydomain.com) is correctly listed in the certificate.

Open in new window

0
 
LVL 14

Expert Comment

by:Andy M
ID: 41722965
yes , i had configured Reverse DNS on the server

Have you got your reverse dns configured on your internet line as well? If this hasn't been setup the external servers will mark it as failed.

Run an nslookup on your external IP - the hostname it comes back with should match the external name fo your mail server.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 2000 total points
ID: 41723463
Did the test really come back with this:

3:220 ***************************************************** [875 ms]

If so, that will cause problems with email delivery. If there are SMTP scanning functionality on the firewall, turn it off.
0
 

Author Comment

by:Mansour
ID: 41723583
Andy

I did run  ns lookup on external IP - the hostname it comes back matching with the external name fo mail server. in addition the following Nslookup information
C:\Users\user>nslookup
Default Server:  homerouter.cpe
Address:  192.168.1.1

> server 8.8.8.8
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

> 83.83.83.10
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    mail.domain.com
Address:  83.83.83.10

> mail.domain.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    mail.domain.com.domain.com
Address:  83.83.83.12

Open in new window

0
 
LVL 5

Expert Comment

by:Mdlinnett
ID: 41723832
Have a look at https://www.mail-tester.com/ - it isn't specific to newsletter emails and will tell you all sorts that's wrong with your mail setup regarding spam classification.

In your screenshot look at line 21.  mail.domain.com.domain.com?

Is 83.83.83.12 your actual Mail Server IP?
0
 

Author Comment

by:Mansour
ID: 41724059
No is not my mail ip
0
 
LVL 5

Expert Comment

by:Mdlinnett
ID: 41724079
Results of mail-tester.com?
0
 

Author Comment

by:Mansour
ID: 41724950
here is the results

83.83.83.10 is for Mail. Domain.Com

83.83.83.12 is for our website WWW.domain.com with is showing with antispam.domain.com


You're not fully authenticated
        We check if the server you are sending from is authenticated
                Your message is not signed with DKIM
                     DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a     person, role, or organization to claim some responsibility for the message.


Your reverse DNS does not match with your sending domain.
Reverse DNS lookup or reverse DNS resolution (rDNS) is the determination of a domain name that is associated with a given IP address.
Some companies such as AOL will reject any message sent from a server without rDNS, so you must ensure that you have one.
You cannot associate more than one domain name with a single IP address.

Your IP address 83.83.83.10 is associated with the domain mail.domain.com.
Nevertheless your message appears to be sent from Antispam.domain.com.

You may want to change your pointer (PTR type) DNS record and the host name of your server to the same value.

Here are the tested values for this check:
IP: 83.83.83.10
HELO: Antispam.domain.com
rDNS: mail.domain.com

Your hostname Antispam.domain.com is assigned to a server.
We check if there is a server (A Record) behind your hostname Antispam.domain.com.
A records (Antispam.domain.com) : 
83.83.83.12

Your message could be improved
Checks whether your message is well formatted or not.
Weight of the HTML version of your message: 2KB.
Your message contains 30% of text.
You have no images in your message
Your content is safe
We didn't find short URLs
Your message does not contain a List-Unsubscribe header
The List-Unsubscribe header is required if you send mass emails, it enables the user to easily unsubscribe from your mailing list.
Your message does not contain a List-Unsubscribe header

Open in new window

0
 
LVL 5

Expert Comment

by:Mdlinnett
ID: 41725129
Thanks, that's good progress.

Looks like your answer is to adjust your PTR / rDNS record to antispam.domain.com instead of mail.domain.com, then try the test again.
0
 

Author Comment

by:Mansour
ID: 41725600
I should add one more PTR record or I will change the mail .domain,com to antispam.domain.com

I will share with you the Domain DNS Configurations could you pls advise in regard
0
 
LVL 5

Expert Comment

by:Mdlinnett
ID: 41725760
Out of interest, what is your Exchange Send Connector advertising itself as?

You can only have one ptr record per up address so, as things currently stand, you would need to update your existing ptr for 83.83.83.10 to antispam.Domain.com.
0
 

Author Comment

by:Mansour
ID: 41726432
I did and still showing Reverse DNS does not match SMTP Banner. in order, now the remaining on the  mail-tester is the following:


Your message is not signed with DKIM
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.

--------------------------------------------------------------
The body of your message contains errors
        Checks whether your message is well formatted or not.
                    Weight of the HTML version of your message: 27KB.
                    Your message contains 5% of text.
We found 2 images without alt attribute in your message body
       ALT attributes provide a textual alternative to your images.
        [list=1]It is a useful fallback for people suffering from sight problems and for cases where your images cannot be displayed.
<img border="0" width="42" height="53" id="Picture_x0020_6" src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIf IiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESU[/list]
        [list]<img border="0" width="479" height="43" id="Picture_x0020_11" src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIf IiEmKzcvJik0KSEiMEExNDk7Pj4+JS5E
If you don't want to add an alt attribute, add an empty one: alt=""
[/list]

Your message does not contain a List-Unsubscribe header
          The List-Unsubscribe header is required if you send mass emails, it enables the user to easily unsubscribe from your               mailing list.
           Your message does not contain a List-Unsubscribe header

Open in new window



In addition, I was facing an issue Some messages cannot be delivered successfully to certain domains. It's going to junk folders  such as Gmail, Hotmail the and the below found when I check the message header the following noted:


Forefront Antispam Report Header– 
Language	en
Spam Confidence Level	5
Spam Filtering Verdict	SPM
HELO/EHLO String	BLU004-MC1F24.hotmail.com

Open in new window

0
 

Accepted Solution

by:
Mansour earned 0 total points
ID: 41745929
I have solved this was the ESMTP inspection on the ASA firewall
0
 

Author Closing Comment

by:Mansour
ID: 41751801
it is working with me
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out the latest tech news, community articles, and expert highlights in August's newsletter.
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question