So i did an smtp diag on mxtoolbox, and i got a warning saying "Reverse DNS does not match SMTP Banner" so i checked my recieve connectors and change both default to mail.mydomain.com under the EHLO FQDN section, nothing...i did the "Set-Coonector" command in the managment shell still nothing, i have all my records in order, DNS wise, any ideas folks? i'm using exchange 2007.

Are you using a third party spam filter? If so you might want to check the SMTP welcome banner on that

On Mon, 25 Jul 2011 19:45:58 +0000, radray wrote: >So i did an smtp diag on mxtoolbox, and i got a warning saying "Reverse DNS does not match SMTP Banner" so i checked my recieve connectors and change both default to mail.mydomain.com under the EHLO FQDN section, nothing...i did the "Set-Coonector" command in the managment shell still nothing, i have all my records in order, DNS wise, any ideas folks? i'm using exchange 2007. What's the name returned by the PTR record query? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi, Need more information as Rich asked. Besides, I would like to provide a document for your reference:(although it is for 2003, you can refer to it.) http://support.microsoft.com/kb/300171Best Regards!

Ok to answer the questions, yes i have third party spam filter, its symantec mail security for exchange, havent found anyway i could modify my smtp banner within that. Heres the exact diagnostic from mxtoolbox smtp:190.213.106.203 220 *********************** OK - 190.213.106.203 resolves to mail.smctt.com Warning - Reverse DNS does not match SMTP Banner 0 seconds - Good on Connection time Not an open relay. 5.788 seconds - Warning on Transaction time Session Transcript: HELO please-read-policy.mxtoolbox.com 250 mail.smctt.com Hello [64.20.227.133] [125 ms] MAIL FROM: <supertool@mxtoolbox.com> 250 2.1.0 Sender OK [140 ms] RCPT TO: <test@example.com> 550 5.7.1 Unable to relay [5148 ms] QUIT 221 2.0.0 Service closing transmission channel [125 ms] Thanks again

On Tue, 26 Jul 2011 14:38:34 +0000, radray wrote: > > >Ok to answer the questions, > >yes i have third party spam filter, its symantec mail security for exchange, havent found anyway i could modify my smtp banner within that. > >Heres the exact diagnostic from mxtoolbox > > smtp:190.213.106.203 > > >220 *********************** > > OK - 190.213.106.203 resolves to mail.smctt.com Warning - Reverse DNS does not match SMTP Banner 0 seconds - Good on Connection time Not an open relay. 5.788 seconds - Warning on Transaction time > >Session Transcript: HELO please-read-policy.mxtoolbox.com >250 mail.smctt.com Hello [64.20.227.133] [125 ms] >MAIL FROM: <supertool@mxtoolbox.com> >250 2.1.0 Sender OK [140 ms] >RCPT TO: <test@example.com> >550 5.7.1 Unable to relay [5148 ms] >QUIT > > >221 2.0.0 Service closing transmission channel [125 ms] So what's the problem? If I "telnet 190.213.106.203 25" the banner I get is: 220 *********************** That's just what the diagnostics say. It's only after the HELO command that a server name is seen in a 250 response. So, yeah, the name in the 220 banner sure doesn't match the name in the PTR record. You're not going to fix that unless you disable that SMTP fixup stuff in the firewall. But who cares what the 220 banner says when you're sending email? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Radray, Thanks for using our SMTP Tools! This warning is actually because of a masked banner. For more details on that we would recommend reviewing this forum post. SMTP Banner is Masked - http://community.mxtoolbox.com/forums/viewtopic.php?f=5&t=13170 Please let me know if I can help with anything else or if you have any other questions. Thanks, @mxtoolbox Ok to answer the questions, yes i have third party spam filter, its symantec mail security for exchange, havent found anyway i could modify my smtp banner within that. Heres the exact diagnostic from mxtoolbox smtp:190.213.106.203 220 *********************** OK - 190.213.106.203 resolves to mail.smctt.com Warning - Reverse DNS does not match SMTP Banner 0 seconds - Good on Connection time Not an open relay. 5.788 seconds - Warning on Transaction time Session Transcript: HELO please-read-policy.mxtoolbox.com 250 mail.smctt.com Hello [64.20.227.133] [125 ms] MAIL FROM: <supertool@mxtoolbox.com> 250 2.1.0 Sender OK [140 ms] RCPT TO: <test@example.com> 550 5.7.1 Unable to relay [5148 ms] QUIT 221 2.0.0 Service closing transmission channel [125 ms] Thanks again

Radray, Thanks for using our SMTP Tools! This warning is actually because of a masked banner. For more details on that we would recommend reviewing this forum post. SMTP Banner is Masked - http://community.mxtoolbox.com/forums/viewtopic.php?f=5&t=13170 Please let me know if I can help with anything else or if you have any other questions. Thanks, @mxtoolbox Ok to answer the questions, yes i have third party spam filter, its symantec mail security for exchange, havent found anyway i could modify my smtp banner within that. Heres the exact diagnostic from mxtoolbox smtp:190.213.106.203 220 *********************** OK - 190.213.106.203 resolves to mail.smctt.com Warning - Reverse DNS does not match SMTP Banner 0 seconds - Good on Connection time Not an open relay. 5.788 seconds - Warning on Transaction time Session Transcript: HELO please-read-policy.mxtoolbox.com 250 mail.smctt.com Hello [64.20.227.133] [125 ms] MAIL FROM: <supertool@mxtoolbox.com> 250 2.1.0 Sender OK [140 ms] RCPT TO: <test@example.com> 550 5.7.1 Unable to relay [5148 ms] QUIT 221 2.0.0 Service closing transmission channel [125 ms] Thanks again Thanks mxtoolbox, but i already followed that guide and it didnt work, @Rich, i was told that if it doesnt match, my emails could end up as spam when i send them to my clients. and um when you say "disable that SMTP fixup stuff in the firewall" what do you mean exactly, a bit confused =/

On Wed, 27 Jul 2011 14:14:31 +0000, radray wrote: [ snip ] >@Rich, i was told that if it doesnt match, my emails could end up as spam when i send them to my clients. When you SEND e-mail you use a SEND Connector. The information the receiving organization gets is from the HELO or EHLO commnad. What mxtoolbox is reporting is what your RECEIVE Connector sends in its 220 SMTP banner. The two may be (and very often are) different. >and um when you say "disable that SMTP fixup stuff in the firewall" what do you mean exactly, a bit confused =/ The response sent by your firewall (which is actually acting as a SMTP proxy) is rplacing everything in the 220 SMTP banner (except the 220 code itself) with a string of asterisks. Configure the firewall/proxy to stop doing that. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Thank you very very much, as you mentioned firewall and mxtoolbox mentioned masked banner, i figured it out... i overlooked the cisco asa appliance, which apparently masks/corrupts the smtp banner http://www.binarywar.com/2009/11/cisco-pixasa-causes-smtp-banner-corruption/ . Thanks again for all the help :) Edit: Back to square 1, the banner is no longer masked, yet still shows up as "reverse dns does not match", also when i disable the esmtp on my cisco firewall, messages sent to hotmail get stuck in the queue

On Thu, 28 Jul 2011 15:00:17 +0000, radray wrote: > > >Thank you very very much, as you mentioned firewall and mxtoolbox mentioned masked banner, i figured it out... i overlooked the cisco asa appliance, which apparently masks/corrupts the smtp banner http://www.binarywar.com/2009/11/cisco-pixasa-causes-smtp-banner-corruption/ . Thanks again for all the help :) > > > >Edit: Back to square 1, the banner is no longer masked, yet still shows up as "reverse dns does not match", also when i disable the esmtp on my cisco firewall, messages sent to hotmail get stuck in the queue I jsut used mctoolbox to check you SMTP server and it's still sending this: 220 *********************** --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

yeh, thats because i re-enabled the the esmtp inspection, when i disable it my mails wont go to hotmail, i get error 500 unrecognized command

On Fri, 29 Jul 2011 16:34:11 +0000, radray wrote: >yeh, thats because i re-enabled the the esmtp inspection, when i disable it my mails wont go to hotmail, i get error 500 unrecognized command And in your SMTP send protocol log, what command is it that's unrecognized? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP