Reverse DNS does not match SMTP Banner
we've been getting complaints ( since we upgraded from Exchnage 2010 to Exchange 2013 ) from our users stating that emails don't arrive at its destination it has arrived in junk folder.
I decided to do an SMTP scan using mxtoolbox.com and i get the following inflammations -----
Category Host Result
dns Mydomain.com SOA Serial Number Format is Invalid
dns mydomain.com SOA Expire Value out of recommended range
smtp mail.mydomain.com Reverse DNS does not match SMTP Banner
smtp mail.mydomain.com Warning - Does not support TLS.
I decided to do an SMTP scan using mxtoolbox.com and i get the following inflammations -----
Category Host Result
dns Mydomain.com SOA Serial Number Format is Invalid
dns mydomain.com SOA Expire Value out of recommended range
smtp mail.mydomain.com Reverse DNS does not match SMTP Banner
smtp mail.mydomain.com Warning - Does not support TLS.
Connecting to 12.12.12.12
220 ***************************************************** [875 ms]
EHLO PWS3.mxtoolbox.com
250-Antispam.MYDomain.com says EHLO to 64.20.227.134:53351
250-SIZE 15485760
250-8BITMIME
250-PIPELINING
250 ENHANCEDSTATUSCODES [922 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 2.0.0 MAIL FROM accepted [922 ms]
RCPT TO:<test@example.com>
554 5.1.2 Recipient address rejected: User unknown [922 ms]
PWS3v2 5625ms
All Mail received in junk folder or particular domain. if particular domain then add domain in safe send list in exchange.
The issue happen with all user or single users if single user then add domain in user safe sender list.
The issue happen with all user or single users if single user then add domain in user safe sender list.
you need to make sure that you have the correct DNS configured on the send connector, and you will need to ask you ISP to have a reverse DNS record for you with the correct settings.
are u using any e-mail appliances if yes check the mail server configurations in E-mail appliance ..
if not
do you have internal and external Domain name are same/ different ? then did u configure Reverse dns on the server ?
is recently did u change external dns name ? if yes the tell your mail server DNS hosting provider/ISP to check your Reverse DNS records,
last but not lease check your SSL verification.
all the best
if not
do you have internal and external Domain name are same/ different ? then did u configure Reverse dns on the server ?
is recently did u change external dns name ? if yes the tell your mail server DNS hosting provider/ISP to check your Reverse DNS records,
last but not lease check your SSL verification.
all the best
ASKER
Sajid, thank you for your reply
i have SMG in between Firewall (FG) and EXchnage 2013 ,
i have internal and external Domain name are same
yes , i had configured Reverse DNS on the server
SSL verification following the information
i have SMG in between Firewall (FG) and EXchnage 2013 ,
i have internal and external Domain name are same
yes , i had configured Reverse DNS on the server
SSL verification following the information
mail.Mydomain.com resolves to Myip
Server Type: Microsoft-IIS/8.5
The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).
The certificate was issued by GoDaddy.
Write review of GoDaddy
The certificate will expire in 507 days.
Remind me
The hostname (mail.mydomain.com) is correctly listed in the certificate.
yes , i had configured Reverse DNS on the server
Have you got your reverse dns configured on your internet line as well? If this hasn't been setup the external servers will mark it as failed.
Run an nslookup on your external IP - the hostname it comes back with should match the external name fo your mail server.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Andy
I did run ns lookup on external IP - the hostname it comes back matching with the external name fo mail server. in addition the following Nslookup information
I did run ns lookup on external IP - the hostname it comes back matching with the external name fo mail server. in addition the following Nslookup information
C:\Users\user>nslookup
Default Server: homerouter.cpe
Address: 192.168.1.1
> server 8.8.8.8
Default Server: google-public-dns-a.google.com
Address: 8.8.8.8
> 83.83.83.10
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Name: mail.domain.com
Address: 83.83.83.10
> mail.domain.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: mail.domain.com.domain.com
Address: 83.83.83.12
Have a look at https://www.mail-tester.com/ - it isn't specific to newsletter emails and will tell you all sorts that's wrong with your mail setup regarding spam classification.
In your screenshot look at line 21. mail.domain.com.domain.com
Is 83.83.83.12 your actual Mail Server IP?
In your screenshot look at line 21. mail.domain.com.domain.com
Is 83.83.83.12 your actual Mail Server IP?
ASKER
No is not my mail ip
Results of mail-tester.com?
ASKER
here is the results
83.83.83.10 is for Mail. Domain.Com
83.83.83.12 is for our website WWW.domain.com with is showing with antispam.domain.com
83.83.83.10 is for Mail. Domain.Com
83.83.83.12 is for our website WWW.domain.com with is showing with antispam.domain.com
You're not fully authenticated
We check if the server you are sending from is authenticated
Your message is not signed with DKIM
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.
Your reverse DNS does not match with your sending domain.
Reverse DNS lookup or reverse DNS resolution (rDNS) is the determination of a domain name that is associated with a given IP address.
Some companies such as AOL will reject any message sent from a server without rDNS, so you must ensure that you have one.
You cannot associate more than one domain name with a single IP address.
Your IP address 83.83.83.10 is associated with the domain mail.domain.com.
Nevertheless your message appears to be sent from Antispam.domain.com.
You may want to change your pointer (PTR type) DNS record and the host name of your server to the same value.
Here are the tested values for this check:
IP: 83.83.83.10
HELO: Antispam.domain.com
rDNS: mail.domain.com
Your hostname Antispam.domain.com is assigned to a server.
We check if there is a server (A Record) behind your hostname Antispam.domain.com.
A records (Antispam.domain.com) :
83.83.83.12
Your message could be improved
Checks whether your message is well formatted or not.
Weight of the HTML version of your message: 2KB.
Your message contains 30% of text.
You have no images in your message
Your content is safe
We didn't find short URLs
Your message does not contain a List-Unsubscribe header
The List-Unsubscribe header is required if you send mass emails, it enables the user to easily unsubscribe from your mailing list.
Your message does not contain a List-Unsubscribe header
Thanks, that's good progress.
Looks like your answer is to adjust your PTR / rDNS record to antispam.domain.com instead of mail.domain.com, then try the test again.
Looks like your answer is to adjust your PTR / rDNS record to antispam.domain.com instead of mail.domain.com, then try the test again.
ASKER
I should add one more PTR record or I will change the mail .domain,com to antispam.domain.com
I will share with you the Domain DNS Configurations could you pls advise in regard
I will share with you the Domain DNS Configurations could you pls advise in regard
Out of interest, what is your Exchange Send Connector advertising itself as?
You can only have one ptr record per up address so, as things currently stand, you would need to update your existing ptr for 83.83.83.10 to antispam.Domain.com.
You can only have one ptr record per up address so, as things currently stand, you would need to update your existing ptr for 83.83.83.10 to antispam.Domain.com.
ASKER
I did and still showing Reverse DNS does not match SMTP Banner. in order, now the remaining on the mail-tester is the following:
In addition, I was facing an issue Some messages cannot be delivered successfully to certain domains. It's going to junk folders such as Gmail, Hotmail the and the below found when I check the message header the following noted:
Your message is not signed with DKIM
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.
--------------------------------------------------------------
The body of your message contains errors
Checks whether your message is well formatted or not.
Weight of the HTML version of your message: 27KB.
Your message contains 5% of text.
We found 2 images without alt attribute in your message body
ALT attributes provide a textual alternative to your images.
[list=1]It is a useful fallback for people suffering from sight problems and for cases where your images cannot be displayed.
<img border="0" width="42" height="53" id="Picture_x0020_6" src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIf IiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESU[/list]
[list]<img border="0" width="479" height="43" id="Picture_x0020_11" src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIf IiEmKzcvJik0KSEiMEExNDk7Pj4+JS5E
If you don't want to add an alt attribute, add an empty one: alt=""
[/list]
Your message does not contain a List-Unsubscribe header
The List-Unsubscribe header is required if you send mass emails, it enables the user to easily unsubscribe from your mailing list.
Your message does not contain a List-Unsubscribe headerIn addition, I was facing an issue Some messages cannot be delivered successfully to certain domains. It's going to junk folders such as Gmail, Hotmail the and the below found when I check the message header the following noted:
Forefront Antispam Report Header–
Language en
Spam Confidence Level 5
Spam Filtering Verdict SPM
HELO/EHLO String BLU004-MC1F24.hotmail.comASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
it is working with me
did you configure external FQDN on send connector?
EMC --> mail flow --> send connector --> select and edit connector --> scoping tab --> fqdn.
If it is set as your external name, then maybe mxtoolbox test is mistaking :)
Regards,
Ivan.