Reverse DNS does not match SMTP Banner

we've been getting complaints ( since we upgraded from Exchnage 2010 to Exchange 2013 ) from our users stating that  emails don't arrive at its destination it has arrived in junk folder.

I decided to do an SMTP scan using mxtoolbox.com and i get the following inflammations -----


Category      Host                                 Result      
dns                    Mydomain.com                 SOA Serial Number Format is Invalid       
dns                    mydomain.com                 SOA Expire Value out of recommended range       
smtp            mail.mydomain.com        Reverse DNS does not match SMTP Banner       
smtp            mail.mydomain.com        Warning - Does not support TLS.



 Connecting to 12.12.12.12 

220 ***************************************************** [875 ms]
EHLO PWS3.mxtoolbox.com
250-Antispam.MYDomain.com says EHLO to 64.20.227.134:53351
250-SIZE 15485760
250-8BITMIME
250-PIPELINING
250 ENHANCEDSTATUSCODES [922 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 2.0.0 MAIL FROM accepted [922 ms]
RCPT TO:<test@example.com>
554 5.1.2 Recipient address rejected: User unknown [922 ms]

PWS3v2 5625ms

Open in new window

MansourIT ManagerAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
MansourConnect With a Mentor IT ManagerAuthor Commented:
I have solved this was the ESMTP inspection on the ASA firewall
0
 
IvanSystem EngineerCommented:
Hi,

did you configure external FQDN on send connector?
EMC --> mail flow --> send connector --> select and edit connector --> scoping tab --> fqdn.

If it is set as your external name, then maybe mxtoolbox test is mistaking :)

Regards,
Ivan.
0
 
Sushil SonawaneCommented:
All Mail received  in junk folder or particular domain. if particular domain then add domain in safe send list in exchange.

The issue happen with all user or single users if single user then add domain in user safe sender list.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
BusbarSolutions ArchitectCommented:
you need to make sure that you have the correct DNS configured on the send connector, and you will need to ask you ISP to have a reverse DNS record for you  with the correct settings.
2
 
Sajid Shaik MSr. System AdminCommented:
are u using any e-mail appliances if yes check the mail server configurations in E-mail appliance ..

if not

do you have internal and external Domain name are same/ different ?  then did u configure Reverse dns on the server ?

is recently did u change external dns name ? if yes the tell your mail server DNS hosting provider/ISP to check your Reverse DNS records,

last but not lease check your SSL verification.

all the best
0
 
MansourIT ManagerAuthor Commented:
Sajid, thank you for your reply

i have SMG in between Firewall (FG) and EXchnage 2013 ,
i have internal and external Domain name are same
yes , i had configured Reverse DNS on the server
SSL verification following the information

mail.Mydomain.com resolves to Myip
Server Type: Microsoft-IIS/8.5
The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).
The certificate was issued by GoDaddy.	
Write review of GoDaddy
The certificate will expire in 507 days.	
Remind me
The hostname (mail.mydomain.com) is correctly listed in the certificate.

Open in new window

0
 
Andy MInternal Systems ManagerCommented:
yes , i had configured Reverse DNS on the server

Have you got your reverse dns configured on your internet line as well? If this hasn't been setup the external servers will mark it as failed.

Run an nslookup on your external IP - the hostname it comes back with should match the external name fo your mail server.
0
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
Did the test really come back with this:

3:220 ***************************************************** [875 ms]

If so, that will cause problems with email delivery. If there are SMTP scanning functionality on the firewall, turn it off.
0
 
MansourIT ManagerAuthor Commented:
Andy

I did run  ns lookup on external IP - the hostname it comes back matching with the external name fo mail server. in addition the following Nslookup information
C:\Users\user>nslookup
Default Server:  homerouter.cpe
Address:  192.168.1.1

> server 8.8.8.8
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

> 83.83.83.10
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    mail.domain.com
Address:  83.83.83.10

> mail.domain.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    mail.domain.com.domain.com
Address:  83.83.83.12

Open in new window

0
 
MdlinnettCommented:
Have a look at https://www.mail-tester.com/ - it isn't specific to newsletter emails and will tell you all sorts that's wrong with your mail setup regarding spam classification.

In your screenshot look at line 21.  mail.domain.com.domain.com?

Is 83.83.83.12 your actual Mail Server IP?
0
 
MansourIT ManagerAuthor Commented:
No is not my mail ip
0
 
MdlinnettCommented:
Results of mail-tester.com?
0
 
MansourIT ManagerAuthor Commented:
here is the results

83.83.83.10 is for Mail. Domain.Com

83.83.83.12 is for our website WWW.domain.com with is showing with antispam.domain.com


You're not fully authenticated
        We check if the server you are sending from is authenticated
                Your message is not signed with DKIM
                     DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a     person, role, or organization to claim some responsibility for the message.


Your reverse DNS does not match with your sending domain.
Reverse DNS lookup or reverse DNS resolution (rDNS) is the determination of a domain name that is associated with a given IP address.
Some companies such as AOL will reject any message sent from a server without rDNS, so you must ensure that you have one.
You cannot associate more than one domain name with a single IP address.

Your IP address 83.83.83.10 is associated with the domain mail.domain.com.
Nevertheless your message appears to be sent from Antispam.domain.com.

You may want to change your pointer (PTR type) DNS record and the host name of your server to the same value.

Here are the tested values for this check:
IP: 83.83.83.10
HELO: Antispam.domain.com
rDNS: mail.domain.com

Your hostname Antispam.domain.com is assigned to a server.
We check if there is a server (A Record) behind your hostname Antispam.domain.com.
A records (Antispam.domain.com) : 
83.83.83.12

Your message could be improved
Checks whether your message is well formatted or not.
Weight of the HTML version of your message: 2KB.
Your message contains 30% of text.
You have no images in your message
Your content is safe
We didn't find short URLs
Your message does not contain a List-Unsubscribe header
The List-Unsubscribe header is required if you send mass emails, it enables the user to easily unsubscribe from your mailing list.
Your message does not contain a List-Unsubscribe header

Open in new window

0
 
MdlinnettCommented:
Thanks, that's good progress.

Looks like your answer is to adjust your PTR / rDNS record to antispam.domain.com instead of mail.domain.com, then try the test again.
0
 
MansourIT ManagerAuthor Commented:
I should add one more PTR record or I will change the mail .domain,com to antispam.domain.com

I will share with you the Domain DNS Configurations could you pls advise in regard
0
 
MdlinnettCommented:
Out of interest, what is your Exchange Send Connector advertising itself as?

You can only have one ptr record per up address so, as things currently stand, you would need to update your existing ptr for 83.83.83.10 to antispam.Domain.com.
0
 
MansourIT ManagerAuthor Commented:
I did and still showing Reverse DNS does not match SMTP Banner. in order, now the remaining on the  mail-tester is the following:


Your message is not signed with DKIM
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.

--------------------------------------------------------------
The body of your message contains errors
        Checks whether your message is well formatted or not.
                    Weight of the HTML version of your message: 27KB.
                    Your message contains 5% of text.
We found 2 images without alt attribute in your message body
       ALT attributes provide a textual alternative to your images.
        [list=1]It is a useful fallback for people suffering from sight problems and for cases where your images cannot be displayed.
<img border="0" width="42" height="53" id="Picture_x0020_6" src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIf IiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESU[/list]
        [list]<img border="0" width="479" height="43" id="Picture_x0020_11" src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIf IiEmKzcvJik0KSEiMEExNDk7Pj4+JS5E
If you don't want to add an alt attribute, add an empty one: alt=""
[/list]

Your message does not contain a List-Unsubscribe header
          The List-Unsubscribe header is required if you send mass emails, it enables the user to easily unsubscribe from your               mailing list.
           Your message does not contain a List-Unsubscribe header

Open in new window



In addition, I was facing an issue Some messages cannot be delivered successfully to certain domains. It's going to junk folders  such as Gmail, Hotmail the and the below found when I check the message header the following noted:


Forefront Antispam Report Header– 
Language	en
Spam Confidence Level	5
Spam Filtering Verdict	SPM
HELO/EHLO String	BLU004-MC1F24.hotmail.com

Open in new window

0
 
MansourIT ManagerAuthor Commented:
it is working with me
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.