This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reverse DNS does not match SMTP Banner

It appears that this question, or ones similar, have been asked previously, but I did not find a solution in the responses that were given.

 

Here is my scenario...

I have a Exchange server behind the UTM that hosts multiple domains (my own personal domains). Recently I have been experiencing more occasions where mail messages sent from my domains are ending up in a users junk/spam folder. Obviously this is undesirable.

Tests on MXToolbox return no errors, but there are a few warnings, the one I am most concerned about being "Reverse DNS does not match SMTP Banner"

I recently changed ISPs and that meant that my fixed IP changed too. Initially there was a problem with my reverse DNS, but that was resolved.

 

On the Exchange server you can configure multiple Send Connectors (one for each domain) and these normally deal with the HELO/EHLO requests. However, these are overridden by the UTM (Email Protection > SMTP > Advanced > Advanced Settings > SMPT Hostname). It would appear that whatever is set there is what is seen for a HELO/EHLO request.
I have tried leaving the SMTP Hostname blank, but that is worse. Then the UTM simply reverts to the UTM's hostname.

The end result is that the "Received: from" header does not match any of my email domains, which I assume is causing me the issues.

 

I believe that technically I could set the SMTP Hostname on the UTM to the MX name of one of my domains and set the MX records of my other domains to match, but that would be quite undesirable. I need the Received header to match the hostname of the email being sent.
Receiving mail to multiple domains is not an issue at all.

 

So, this is my question...

Is there a way I can use the SMTP proxy on the UTM but have my Exchange Send Connectors do the HELO/EHLO response?

Or maybe there is another way I can get around this issue of multiple email domains behind the UTM.

 

As always, I am open to suggestions.

 

UTM v9.502-4

Home License



This thread was automatically locked due to age.
  • I don't think the problem had anything to do with your SMTP banner.  It sounds like your authoritative public name server is managed by your ISP so they have now configured valid FCrDNS, so I don't think that was the issue either.  Big services like Gmail also have their own "suspicious-senders" lists, and it sounds like the ISP's initial mistake might've gotten you onto some of them.

    Assuming that you followed The Zeroeth Rule in Rulz, I think you could change 'SMTP Hostname' to a blank with no effect on your emails being blocked as spam unless your emails already get high-enough spam scores that this pushes them over the limit.  As Doug commented, getting the headers of emails rejected as spam would be valuable.  You might even want to get a look at spam scores on similar emails that aren't rejected.  It would be interesting to learn your results.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks for your input Bob.

    I too think that the screw up with my ISP not initially configuring the RDNS definitely did not help. It was a few months before I was alerted to this issue, by which time I could have been added to some spammer lists. Grrrrrrrrrrrrrrr!

    How I have things configured now looks to be okay, so I am leaving it that way for a while and will see how things go.