Smtp banner modify in nethserver 7.8.2003

I think that being a dynamic ip address, the mxtoolbox server checks the ip and its correspondence in the dns name I think … so it signals an error in resolving the inverse name to the ip!

Please just do this:

Set the bannerhost to host-79-42...telecomitalia.it and the mxtoolbox test should be successful.

1 Like

Certainly yes, but being dynamic it’s all useless. What I wanted to know was just the source of the problem. Anyway, thanks Markuz for the information you gave me.
So from what I understand the error is the reverse dns ip that does not match with the ddns name, ie my server.ddns.net is resolved correctly with the provider ip. The problem I think is the ptr of the provider which is clearly a host host different from mine.

No, if you set the bannerhost to the name ( host-79-42...telecomitalia.it) set in DNS by your provider it will work.

Yes, but if I turn off the router the banner will be different

1 Like

You’re right.

The name is easy to guess so maybe a script could do the job of updating the bannerhost when the IP changes.

Hi, I think we can do everything … However, you have confirmed my doubts, it is enough for me. The solution as written before is to have a static ip, and ask the provider to change the dns name on the ip pool you buy. Thank you

1 Like

Hi Markus,

I have the same problem with https://mxtoolbox.com:
“SMTP Banner Check Reverse DNS does not match SMTP Banner”

I googled a lot and finally been lucky, I found this thread.

I am testing DNS records on my main NethServer directly connected to the internet. I have a few domains on that server.

  • Main domain: toto.org.
  • Testing domain: toto.info.

I am using toto.info to make sure i don’t ruin my main domain. When everything will be working properly, I will do the same configuration on toto.org as I did on toto.info.

# postconf | grep myhostname
lmtp_lhlo_name = $myhostname
local_transport = local:$myhostname
milter_macro_daemon_name = $myhostname
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = server-name.toto.org
myorigin = $myhostname
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_proxy_ehlo = $myhostname

The above looks OK but my problem is that I am testing with toto.info.

  • I created a mail server for toto.info, DNS entries, alias, etc. in the NS Manager.
  • All the DNS records at the registrar look OK.

QUESTION:
Is it possible to have more than one SMTP banner and associate each one of them to the right domain on the server?

Thank you in advance for your judicious advice,

Michel-André

The PTR/Reverse DNS record is normally set by those who own the IP address space. For example, I was able to purchase a static block of 8 IPV4 addresses with my business internet connection and then was able ask my internet service provider to set a reverse dns record for mail.example.com to one of the static IP addresses. AFAIK i was able to score a 9 or higher at https://www.mail-tester.com/ and my mail deliverable most inboxes without a proper rDNS set.

1 Like

Hi, exactly. When I configured the servers in production with static addresses it was necessary in the dns management to indicate the MX record to the IP of your server, give the weight eg. 10 or 20, also configure spf record. It was also necessary to ask the provider to select the IP of your MX server from the purchased pool and assign the relative domain name. So when you did a reverse lookup of the IP that belongs to the pool purchased by the provider it was solved correctly. My reality is different because my connection is dynamic and therefore I cannot make this request. Hi

Hi all,

I have one static IP address.

So what you are saying is that it is not possible to have two mail servers, for two different domains, correctly configured on the same NethServer with only one static address?

If so, I believe something is missing somewhere.
Example: Let’s Encrypt makes it possible, on the same NethServer, to have 2 different certificates for 2 different domains even if they have the same static address.

I think Posfix should take inspiration from Let’s Encrypt.

… or there is surely another way for the PTR record …

I am sure my case is not unique, so there is a way that I must find.

Michel-André

No, sorry for the English translation, but I wanted to say that I agree with what you wrote for the procedure regarding the reverse lookup and the request to the provider.

@michelandre

Salut Michel-André

I just wanted to confirm to you that DNS and SMTP protocols allow using the same mailserver with a single IP address for several independent domains.

Sure, the mailserver will have a FQDN name (That does NOT need to be part of any of the domains it handles) and a PTR (Here also the PTR does NOT need to be part of any of the domains the server handles…).

Proof of concept?

See what any mail/hosting provider is doing:

A Mailserver (Or mail-cluster) with a FQDN of (for example) mail.big-provider.com.
They handle business for clients A-ZZ…
The PTR of that mailserver is mail.big-provider.com.

The important part are the MX records for the clients (A-ZZ) Domains, the SPF, DKIM and DMARC.
The “trustworthyness” of your IP is also important.

You just need to make sure all is right, and your mail server rolls as smooth as if you’re running GMail…

:slight_smile:

My 2 cents
Andy

1 Like

Hi Andy,

Thank you a thousand times for your judicious answer.

Googling, I saw in several places what you say above, but I thought the ISP, with so many mail servers must surely be blacklisted somewhere. I just checked the ISP-FQDN and mail.ISP-FQDN and they are not on any blacklist.

So, it is possible to have 2 mail servers correctly configured for 2 different domains sharing the same IP address.

My main domain is toto.org. Currently I only work on toto.info which is a second domain. Once toto.info passes all the verification tests at https://mxtoolbox.com I will repeat the same procedure for toto.org.

Now, the problem is knowing which DNS records to use.

No problem
A → for IP-toto.info (11.22.33.44)
TXT → for SFT pointing to @
TXT → for DMARC pointing to _dmarc
TXT → for DKIM pointing to default._domainkey
CNAME → for server-name pointing to @
CNAME → for www pointing to @
CNAME → for wpad pointing to @ (in case the server offers DHCP on the LOCAL network)

MAIL
A → for mail.toto.info(11.22.33.44)
MX → for 10 mail.toto.info

???
A → for myhelo (11.22.33.44, or IP-ISP-FQDN, or one for each ???)
PTR → for myhelo (11.22.33.44, or IP-ISP-FQDN, or one for each ??? // pointing to @ for toto.info and pointing to IP-ISP-FQDN or ISP-FQDN for ISP ???)

Michel-André

@michelandre

To make things easier to think through:

Imagine toto.info as a major provider.
It’s mail server would be called mail.toto.info.

It’s major client would be toto.org.

So, these are (more or less) what DNS entries toto.info/org would need additionally:

toto.org in MX 10 mail.toto.org (MX is MX, 'nuff said)
toto.org in MX 20 mail.toto.info (MX is MX, 'nuff said)

mail.toto.org IN A 11.22.33.44 (For mail generally)
smtp.toto.org IN CNAME mail.toto.org (For mail clients like Android, iOS, PCs, Macs)
imap.toto.org IN CNAME mail.toto.org (For mail clients like Android, iOS, PCs, Macs)

SPF: points / allows BOTH mail.toto.org and mail.toto.info

This is most likely the important one here, with this SPF, you’re telling any other SMTP Server that if it’s coming from the listed mail servers, it’s legit mail, not spam! Even though SPF isn’t really super important otherwise…

PTR exists ONLY for mail.toto.info.

I’m only listing actual mail relevant DNS entries here, any other stuff like the Servers FQDN, or eg. entries for webmail are not really issues, these should pose no problems for you.

25 years ago, I was running a small ISP service… :slight_smile:

Just for further comparison: If you test any major hosters mail server, be it Digital River, Cloudflare, Contabo or whatever: These servers respond to telnet:25 (You can use PuTTY to test telnet) with their correct helo: namely the mail.provider.com or whatever that cluster node happens to be called. It does NOT respond with the domain which happens to be hosted on that server.
However: it does usually correspond to the PTR (check with nslookup or dig, whatever you prefer!).
Cluster nodes are usually handled specially. And mail servers at major providers are almost always clusters.

My 2 cents
Andy

3 Likes

Hi Andy,

Thank you again for your reply.

Banner Check failed :frowning:
Gives srv-1.toto.org <= something wrong ?

Without the myhelo 1800 IN PTR @, https://mxtoolbox.com gives Unable to connect after 15 seconds

Michel-André

@michelandre

Actually, if you read it right, it’s complaining ONLY about the incorrect PTR (That shows the ISP).

-> Reverse DNS does not match SMTP Banner. (!)

Your ISP would need to register srv-1.toto.org as your PTR…

:slight_smile:

In the second Pic, line 3 is wrong. The actual PTR is 11.22.33.44.dsl.teksawy.com, wheras your entry reads mail.ISP-FQDN…

Nothing not correctable!

My 2 cents
Andy

1 Like

Hi Andy,

Thank you for your precious time.

The srv-1.toto.info is realy my real server.FQDN for the main domain servername.toto.org, I just changed it in the screen shot.
- So this should mean that my server name.FQDN, for my main domain, is registered with the ISP ???

- There might be a misconfiguration in the DNS records for the main domain ???
- Maybe I have to start with the PTR record of the main domain first ???

For line 3, I put: @ 1800 IN MX 10 11.22.33.44.dsl.teksawy.com.

But now, https://mxtoolbox.com/ is timing out - maybe I changed DNS records too often, I will have to wait for the propagation of the records…

Now https://mxtoolbox.com/ is reponding, but with the same answer as before.

Time to take a walk outside,

Michel-André

1 Like

@michelandre

To be on the safe side, I would register both (in your case, as if I were you…):

srv-1.toto.info IN A 11.22.33.44 (This could be a cname to mail.toto.info)
mail.toto.info IN A 11.22.33.44
toto.info IN MX 10 mail.toto.info (Note, here it’s the full domain on the left, not a “host”)

This can be done at your normal DNS Registrar/Provider (Gandi?).

I would additionally register
11.22.33.44 IN PTR mail.toto.info
This must be registered with your ISP Provider (Teksawy.com?). They “own” that IP…
This is one of the most important things, for a decent mail service and a good IP reputation!

A good mail server can have a FQDN - but for all relevant mail aspects, it should show up as mail.domain.com - as that domains logical main mail server! (Yours should always give mail.toto.info ).

Global DNS propagation can take from 1-2 hours (very fast) to 24-36 hours (very slow)…

My 2 cents
Andy

2 Likes

22 posts were split to a new topic: Smtp myhelo modify in nethserver 7.8.2003