Minor problem with the smtp server name

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
User avatar
Bob.Dig
New user
New user
Posts: 17
Joined: 2020-06-29 09:18
Location: Berlin

Minor problem with the smtp server name

Post by Bob.Dig » 2020-07-01 16:51

Thanks to hmailserver, I run my own, personal mailserver at home (behind a pfSense).

I only get a residential IP-address. So I got myself a cheap VPS, installed OpenVPN on it and route my mails from home with pfSense out to the internet over that vps...
I configured rDNS for that IP-address and put that name in the "local host name" field in the hmail smtp settings, so far so good.
But if I get email, than that name will not match, because it is the ip of the VPS, not my home.

So what can I do about it? I don't want to run the mailserver at any other place then my home. So I guess I have to install a relay on my VPS... Is there another solution? Or maybe just leave it as it is? Seem to work.

User avatar
johang
Senior user
Senior user
Posts: 291
Joined: 2008-09-01 09:20

Re: Minor problem with the smtp server name

Post by johang » 2020-07-01 18:21

Bob.Dig wrote:
2020-07-01 16:51
Thanks to hmailserver, I run my own, personal mailserver at home (behind a pfSense).

I only get a residential IP-address. So I got myself a cheap VPS, installed OpenVPN on it and route my mails from home with pfSense out to the internet over that vps...
I configured rDNS for that IP-address and put that name in the "local host name" field in the hmail smtp settings, so far so good.
But if I get email, than that name will not match, because it is the ip of the VPS, not my home.

So what can I do about it? I don't want to run the mailserver at any other place then my home. So I guess I have to install a relay on my VPS... Is there another solution? Or maybe just leave it as it is? Seem to work.
But if I get email, than that name will not match, because it is the ip of the VPS, not my home
.
what do you mean ? what name is it that you want matching when recieving ?? ( it is more important it matches when you send...... " Delivery of email" )


does it work ?
what is your actual question ?
___________________________________________________________end of the line
spam filter appliance gateway: www.mailcleaner.org

User avatar
Bob.Dig
New user
New user
Posts: 17
Joined: 2020-06-29 09:18
Location: Berlin

Re: Minor problem with the smtp server name

Post by Bob.Dig » 2020-07-02 10:29

johang wrote:
2020-07-01 18:21
does it work ?
what is your actual question ?
It is all in my post, which you quoted fully...

Virinum
Normal user
Normal user
Posts: 105
Joined: 2018-11-23 14:42
Location: Germany

Re: Minor problem with the smtp server name

Post by Virinum » 2020-07-02 13:24

Bob.Dig wrote:
2020-07-01 16:51
But if I get email, than that name will not match, because it is the ip of the VPS, not my home.
Can you explain that in more detail? I don't understand your problem.

Generally the rDNS is mostly important for sending mail.

User avatar
Bob.Dig
New user
New user
Posts: 17
Joined: 2020-06-29 09:18
Location: Berlin

Re: Minor problem with the smtp server name

Post by Bob.Dig » 2020-07-02 13:34

Virinum wrote:
2020-07-02 13:24
Generally the rDNS is mostly important for sending mail.
That is true so it is not as important, but still not looking perfect.
E.g. if I do the smtp-test on mxtoolbox.com:
SMTP Banner Check Reverse DNS does not match SMTP Banner
That is why I am asking.

Virinum
Normal user
Normal user
Posts: 105
Joined: 2018-11-23 14:42
Location: Germany

Re: Minor problem with the smtp server name

Post by Virinum » 2020-07-02 13:45

Is your incoming and outgoing mail traffic routet over your VPS? Or only the outgoing?

Maybe you could send me your domain via pm?

User avatar
SorenR
Senior user
Senior user
Posts: 3703
Joined: 2006-08-21 15:38
Location: Denmark

Re: Minor problem with the smtp server name

Post by SorenR » 2020-07-02 14:11

My server is no longer FCrDNS as I changed provider last year. I now use 4G router (fixed IP). 8)

I have not registered any issues with rDNS not matching HELO greeting since the change last year. I do however have active SPF and DMARC records. Also over time I have had to "register" with DNSBL's to validate my IP addresses as they have all been residential allthough fixed. IIRC I've had 3 different IP addresses over the past 14 years.
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
Bob.Dig
New user
New user
Posts: 17
Joined: 2020-06-29 09:18
Location: Berlin

Re: Minor problem with the smtp server name

Post by Bob.Dig » 2020-07-02 21:09

Virinum wrote:
2020-07-02 13:45
Or only the outgoing?
Only that, email is "policy routed" by pfSense out to the vpn at my VPS.

Virinum
Normal user
Normal user
Posts: 105
Joined: 2018-11-23 14:42
Location: Germany

Re: Minor problem with the smtp server name

Post by Virinum » 2020-07-02 22:29

Then just ignore the rDNS for incoming mail. Take a look at the receiving mailserver of google: https://mxtoolbox.com/SuperTool.aspx?ac ... tworktools

It doesn’t match, too. No sending mailserver will check if the rDNS is correct. Just a receiving mailserver will do that.

User avatar
Bob.Dig
New user
New user
Posts: 17
Joined: 2020-06-29 09:18
Location: Berlin

Re: Minor problem with the smtp server name

Post by Bob.Dig » 2020-07-03 14:18

Virinum wrote:
2020-07-02 22:29
No sending mailserver will check if the rDNS is correct. Just a receiving mailserver will do that.
Thanks, wasn't sure about that.

User avatar
mattg
Moderator
Moderator
Posts: 20970
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Minor problem with the smtp server name

Post by mattg » 2020-07-10 08:07

Virinum wrote:
2020-07-02 22:29
No sending mailserver will check if the rDNS is correct. Just a receiving mailserver will do that.
Although some sending servers WILL check the SSL certifciate name matches the rNDS

The OP doesn't state if they have a certificate or not

ALSO, as stated by some above, very few receiving servers will demand that the rDNS matches the local host name. Normally just a valid rDNS is OK

If this really is a concern, why don't you use the VPS for both incoming and outgoing mail

Much more important in my view to have a valid certificate, issued from a real Authority (not self signed) and have DMARK and SPF set up correctly on your domain. I use LetsEncrypt - they are free

And off topic slightly, but was the VPS actually cheaper than getting business grade internet at home?
Here in Australia, Business grade Internet with static IP is perhaps $10 per month more expensive than home grade internet (same speed), where as a VPS is at least $60 per month
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
Bob.Dig
New user
New user
Posts: 17
Joined: 2020-06-29 09:18
Location: Berlin

Re: Minor problem with the smtp server name

Post by Bob.Dig » 2020-07-10 09:08

mattg wrote:
2020-07-10 08:07
And off topic slightly, but was the VPS actually cheaper than getting business grade internet at home?
Hello mattg,

my idea is to have as few data as possible outside my own hmailserver installation at home. So even the vps counts against that. LE, DMARK and SPF and even DANE, I managed to set that up. :D
Although DANE is not automated here.

And with vps, I meant a virtual server, not a dedicated one. So its cost my less then 3 bugs (€) a month, which is still expensive for what it is doing, but so far, I am ok with it.

Virinum
Normal user
Normal user
Posts: 105
Joined: 2018-11-23 14:42
Location: Germany

Re: Minor problem with the smtp server name

Post by Virinum » 2020-07-10 09:42

mattg wrote:
2020-07-10 08:07
Although some sending servers WILL check the SSL certifciate name matches the rNDS
Ok, that's new to me. I always tought only the hostname in the mx record is checked against the certificate.
Bob.Dig wrote:
2020-07-10 09:08
Although DANE is not automated here.
Just keep the private key and you don't have to set a new DANE record every time the certificates gets renewed. Most LE clients provide an option for keeping the private key.

User avatar
Bob.Dig
New user
New user
Posts: 17
Joined: 2020-06-29 09:18
Location: Berlin

Re: Minor problem with the smtp server name

Post by Bob.Dig » 2020-07-10 10:28

Virinum wrote:
2020-07-10 09:42
mattg wrote:
2020-07-10 08:07
Although some sending servers WILL check the SSL certifciate name matches the rNDS
Ok, that's new to me. I always tought only the hostname in the mx record is checked against the certificate.
I am just a novice user, but to have a matching cert is not a problem I think, mine is even a wildcard.
Bob.Dig wrote:
2020-07-10 09:08
Although DANE is not automated here.
Virinum wrote:
2020-07-10 09:42
Just keep the private key and you don't have to set a new DANE record every time the certificates gets renewed. Most LE clients provide an option for keeping the private key.
Actually on my side is nothing automated. I use pfSense for the certificate and than manually copy the cert over.
I'm ok doing this four times a year, because I'm the only one using this server anyway.

I'm not sure if I got DANE correct, but I think, if the intermediate certificate is not changing, than I don't have to update the DANE record, will look closely, when this will happen next time.

A lot of I's in that. :shock:

User avatar
mattg
Moderator
Moderator
Posts: 20970
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Minor problem with the smtp server name

Post by mattg » 2020-07-11 06:48

Virinum wrote:
2020-07-10 09:42
mattg wrote:
2020-07-10 08:07
Although some sending servers WILL check the SSL certifciate name matches the rNDS
Ok, that's new to me. I always tought only the hostname in the mx record is checked against the certificate.
If you SMTP relay from hMailserver to another server that requires a secure connection and you have in SSL settings 'verify remote server SSL /TLS certificates' set (which is the default), then your hmailserver as the SENDING mailserver will confirm that the name on the certificate matches the name self identified by the remote server, and also the chain of trusted issuers. We noticed this issue with gmail >> https://www.hmailserver.com/forum/viewt ... 21&t=32158

Some servers will check who issued a certificate (matches a CAA record on DNS) for a particular server, and also DNSSEC confirms DNS records are correct

This is an example of a tool that can test the rdns and compare to certificate name
https://github.com/drwetter/testssl.sh/issues/1116
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply