Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 34605 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reverse DNS does not match SMTP Banner

Owen

It appears that this question, or ones similar, have been asked previously, but I did not find a solution in the responses that were given.

 

Here is my scenario...

I have a Exchange server behind the UTM that hosts multiple domains (my own personal domains). Recently I have been experiencing more occasions where mail messages sent from my domains are ending up in a users junk/spam folder. Obviously this is undesirable.

Tests on MXToolbox return no errors, but there are a few warnings, the one I am most concerned about being "Reverse DNS does not match SMTP Banner"

I recently changed ISPs and that meant that my fixed IP changed too. Initially there was a problem with my reverse DNS, but that was resolved.

 

On the Exchange server you can configure multiple Send Connectors (one for each domain) and these normally deal with the HELO/EHLO requests. However, these are overridden by the UTM (Email Protection > SMTP > Advanced > Advanced Settings > SMPT Hostname). It would appear that whatever is set there is what is seen for a HELO/EHLO request.
I have tried leaving the SMTP Hostname blank, but that is worse. Then the UTM simply reverts to the UTM's hostname.

The end result is that the "Received: from" header does not match any of my email domains, which I assume is causing me the issues.

 

I believe that technically I could set the SMTP Hostname on the UTM to the MX name of one of my domains and set the MX records of my other domains to match, but that would be quite undesirable. I need the Received header to match the hostname of the email being sent.
Receiving mail to multiple domains is not an issue at all.

 

So, this is my question...

Is there a way I can use the SMTP proxy on the UTM but have my Exchange Send Connectors do the HELO/EHLO response?

Or maybe there is another way I can get around this issue of multiple email domains behind the UTM.

 

As always, I am open to suggestions.

 

UTM v9.502-4

Home License



This thread was automatically locked due to age.
Parents
  • 0

    You can ignore the warning on mxtoolbox about the rdns entry. The main thing is to actually have an rdns as most spam filters will do an rdns check to make sure there is one.

    What the actual entry is doesn't really matter in my experience.

  • 0 in reply to Louis-M

    Yeah.... I thought that too, but this does not account for an increased amount of messages now being seen as SPAM.

    I have run the same Exchange server for over 10 years and this has only become a problem since changing my ISP about 12 months ago. As mentioned, my RDNS is valid.
    I am in the planning stages of upgrading my server environment and wanted to address this issue at the same time, but I am not finding any solutions as yet.

  • 0 in reply to Owen

    Have you tried to nslookup <your public IP-address that your Sophos mail protection is using>

    and then enter the name that appears as the SMTP-hostname in settings? That is wat did the trick in my environment.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    Yes, I did think of doing that and in fact I tested it too.

    As much as it appears to resolve the SMPT banner issue, I am concerned that it will create even more problems, as this contains my ISPs domain name, not mine.

    RDNS = static-xxx-xxx.grapevine.transact.net.au (where xxx-xxx is the last 2 octets of my fixed IP address)

    My concern is that using the above will make it look like I am a relay, as the RDNS does not include any of my domains.
    What I think should work is to configure multiple send connectors in Exchange, as you can specify the HELO/EHLO FQDN there, but I do not see a way of doing this with the UTM in front of the Exchange server.

  • 0 in reply to Owen

    You can safely do this. Spam filters check various ways but some things that most insist on is the IP comes from a static range and has a valid rdns entry.

    I've never had an issue apart from Microsoft and that was down to some sort of reputation filter that only allows x amount of mail. Never had an issue with rdns though and if you are concerned, you could strenghten it up with SPF and DKIM

  • 0 in reply to Louis-M

    Okay... even if the SMTP Banner issue is resolved by using the RDNS string in the UTM, I am still seeing messages to some recipients being classified as SPAM/Junk.

    The UTM, as I see it, only allows you to set a single HELO/EHLO response and if the RDNS sting is used it does not resemble any of my email domains in any shape or fashion.
    I am in no way a mail expert, so I may be seeing issues that do not actually exist, but I would think that some weight for "is it SPAM or isn't it?" would involve the HELO/EHLO response a mail server gets from my UTM.

    gMail was fine to send to a week ago, but now when I send test mail messages to that domain every message is going into the Junk folder. I now fear that my IP address has been identified by gMail (and others) as "dubious" and no matter what I change from this point onward will have no effect.

    I have been running my own mail server for nearly 20 years now and this is the first time I have had problems like this. I am currently at the point where I have run out of ideas about how to fix this issue of my mail messages being seen as SPAM.

  • 0 in reply to Owen

    Your IP can have only one PTR record or RDNS name. Has nothing to do with sophos hostname
    The simple way is to put that hostname in every MX record

Reply Children
No Data
Unfiltered HTML