SMTP Header

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
dvsatech
New user
New user
Posts: 10
Joined: 2020-07-01 00:54

SMTP Header

Post by dvsatech » 2020-07-12 23:19

All,

I am having a problem with my hmailserver setup. I have worked pretty hard on getting all of the DNS records setup correctly with A, SPF, MX, TXT, etc.. every time I think I;m done I get another email back saying something is wrong... The latest is that my SMTP banner doesnt match.

Banner

220 ****************************

Although when I connect to my mailserver and give the helo command it replies back with the correct HELO I expected with my mail.domainsname.com but when I run tests with mxtools and such it give the reply above.

What am I missing? Any suggestions on a document I can read to setup all my DNS correctly? I have most of my emails going out now but a few systems are very stubborn like optonline.net, earthlink.net, and yahoo.com (actually its an aol.com address) are still blocking my emails saying I am on a spam list. I checked their lists and all the lists in MXTOOLS and I come back clean on all of them.

User avatar
johang
Senior user
Senior user
Posts: 291
Joined: 2008-09-01 09:20

Re: SMTP Header

Post by johang » 2020-07-12 23:50

dvsatech wrote:
2020-07-12 23:19
All,

I am having a problem with my hmailserver setup. I have worked pretty hard on getting all of the DNS records setup correctly with A, SPF, MX, TXT, etc.. every time I think I;m done I get another email back saying something is wrong... The latest is that my SMTP banner doesnt match.

Banner

220 ****************************

Although when I connect to my mailserver and give the helo command it replies back with the correct HELO I expected with my mail.domainsname.com but when I run tests with mxtools and such it give the reply above.

What am I missing? Any suggestions on a document I can read to setup all my DNS correctly? I have most of my emails going out now but a few systems are very stubborn like optonline.net, earthlink.net, and yahoo.com (actually its an aol.com address) are still blocking my emails saying I am on a spam list. I checked their lists and all the lists in MXTOOLS and I come back clean on all of them.

Im guessing you are reffering to the :
SMTP Banner Check OK - Reverse DNS matches SMTP Banner ( which is NOT "ok" for you )


so in layman terms.. in theory ...
1. you set up a mailserver to respond to a hostname in your domain ( and tell it to present itself through HELO as such ..
2. you put that hostname with coresponding IP in a DNS server, and set up an mx record so other servers can find your mailserver and talk to it
3. you talk to the one ( isp/hostingprovider/netowner ) in charge of reverse DNS for the IP-network your server is located in and ask them to put your hostname(including domain-name) as PTR for that IP

NOW most resident delivering ISPs will NOT change the rDNS ptr pointer to match your decided mail server hostname .. they will keep it in their decided customer standard form ..
and in such case you should consider letting your server respond to their decided name instaed of what you wanted it to be .. ( so that the banner respons matches the rDNS )

most hosting providers deliver rDNS as a service to you as customer .. you just have to ask them
so actually.. a bit ass-backwards if you are on a residential line ( residential service ) but if you are on a business/pro service they will most likely help you


if i guessed wrong regarding that question, please tell a bit more regarding your recieved errors


if you are on a spam list .. most of the time the answering server actually writes back to you via SMTP and state why and by what list they make their denying of you delivering email to them ( what does it say in your hmailserver log when "speaking" to aol ?? ) ( you of course have at least SMTP and TCP/IP checked so they enter your log )
IF your IP resides in a block of IPs that they block out of other reasons then public block lists ( their own blocklist ) then you really have to make an effort to reach them and ask why .. i would start by asking abuse@***** for help in mailing their customers
___________________________________________________________end of the line
spam filter appliance gateway: www.mailcleaner.org

dvsatech
New user
New user
Posts: 10
Joined: 2020-07-01 00:54

Re: SMTP Header

Post by dvsatech » 2020-07-13 00:01

I am a commercial environment. I have my own hosting center and I own the /25 IP block in use. The rDNS for the IP in question does return back the url to my mail server and matches whats in the DNS records.

I have NS and SOA records for the root <domain>
A records for www.<domain> and mail.<domain> urls
MX record for mail.<domain>
SPF record for root <domain> and mail.<domain>
TXT records with spf1 for root <domain> and mail.<domain> server
DMARC1 for _dmarc.<domain>
DKIM1 for eamil._domainkey.<domain>

I get green check marks in mxtools for just about every test I run except RED X for smtp banner check and yellow check for SMTP TLS.
The 220 reply has ********** but 250 reply has my mail server url

Does that help?

User avatar
johang
Senior user
Senior user
Posts: 291
Joined: 2008-09-01 09:20

Re: SMTP Header

Post by johang » 2020-07-13 00:22

dvsatech wrote:
2020-07-13 00:01
I am a commercial environment. I have my own hosting center and I own the /25 IP block in use. The rDNS for the IP in question does return back the url to my mail server and matches whats in the DNS records.

I have NS and SOA records for the root <domain>
A records for www.<domain> and mail.<domain> urls
MX record for mail.<domain>
SPF record for root <domain> and mail.<domain>
TXT records with spf1 for root <domain> and mail.<domain> server
DMARC1 for _dmarc.<domain>
DKIM1 for eamil._domainkey.<domain>

I get green check marks in mxtools for just about every test I run except RED X for smtp banner check and yellow check for SMTP TLS.
The 220 reply has ********** but 250 reply has my mail server url

Does that help?
i think you might be using a firewall that obfuscates the 220 reply .. to make it hard for "hackers" ..
perhaps an cisco ASA ??
https://books.google.se/books?id=wf-Vnc ... 50&f=false

Edit..
ohh i forgot .. i have always had a yellow TLS ...
___________________________________________________________end of the line
spam filter appliance gateway: www.mailcleaner.org

dvsatech
New user
New user
Posts: 10
Joined: 2020-07-01 00:54

Re: SMTP Header

Post by dvsatech » 2020-07-13 00:37

yes, I am using a Cisco ASA5506.

I have: "inspect esmtp" in the inspection policy

I read in the Cisco doc's that this can also interfere with TLS so I took it out. I'll see if that makes a difference.

Thanks
DJ

dvsatech
New user
New user
Posts: 10
Joined: 2020-07-01 00:54

Re: SMTP Header

Post by dvsatech » 2020-07-13 00:38

The SMTP header issue was resolved by taking the "inspect esmtp" out of the default inspection policy on my ASA5506

THANKS!

User avatar
SorenR
Senior user
Senior user
Posts: 3703
Joined: 2006-08-21 15:38
Location: Denmark

Re: SMTP Header

Post by SorenR » 2020-07-13 13:36

dvsatech wrote:
2020-07-13 00:38
The SMTP header issue was resolved by taking the "inspect esmtp" out of the default inspection policy on my ASA5506

THANKS!
Classic... It's been a problem for a very long time. Had the same issue with my ASA 5505 on IOS 7.2(3)

https://www.hmailserver.com/forum/viewt ... 408#p65408
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

Post Reply