SMTP Banner Check problem / Postfix install / Ubuntu 18.04 Perfect Server upgraded from 14.04 server

Discussion in 'Server Operation' started by FFG28, Oct 18, 2018.

Tags:
  1. FFG28

    FFG28 Member

    Good Day:

    I know that this question has been covered in the past but, before making any changes to /etc/postfix/main.cf (cause making manual changes to POSTFIX "just because" doesn't seem right, and the tutorial steps were very clear, and the mail server "is working as expected"; except for this particular), I would like to ask why wouldn't POSTFIX give my server FQDN on an SMTP Banner Check if:

    1. hostname -f command gives the proper fqdn (as in mail.mydomain.com)
    2. During the postfix install - following subject tutorial -, the same fqdn was provided (as in mail.mydomain.com)

    For your reference:
    SMTP Banner Check Results (telnet on port 25 Locally to the private IP of the server and externally to the FQDN with MXTOOLBOX yields the same results):
    220 ******************************************
    (As inferred from the above, port 25 is open on the servers Firewall and the ISP)

    Also, take note that MXTOOLBOX is able to do the rest of the TESTS on port 25 (as in reaching the e-mail server and verifying that is not configured as an open relay).

    Reverse DNS lookup is properly configured as well ("PTR : Public IP" points as expected to mail.mydomain.com)

    Also for your reference, Postfix main.cf shows the banner configuration as follows:
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)

    and myhostname configuration as follows:
    myhostname = mail.mydomain.com

    Any comment on the above are greatly appreciated.

    Regards
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    What does this command show:
    Code:
    grep myhostname  /etc/postfix/main.cf
     
    FFG28 likes this.
  3. FFG28

    FFG28 Member

    Good Day Taleman:

    Thank you for your prompt response. To your question:



    Result:
    ---------------------------------------------------------------------------------
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    myhostname = mail.mydomain.com
    ---------------------------------------------------------------------------------

    which is the FQDN of our server (Im changing the actual fqdn with the moniker mail.mydomain.com as you might imagine).



    Also for your reference, exact response from MXTOOLBOX after mail server test (FQDN moniker used as well):
    ---------------------------------------------------------------------------------

    Connecting to "my public IP"

    220 ****************************************** [750 ms]
    EHLO EC2AMAZ-CT1LM3F.mxtoolbox.com
    250-mail.mydomain.com
    250-PIPELINING
    250-SIZE
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250-DSN
    250 XXXXXXXA [687 ms]
    MAIL FROM:<[email protected]>
    250 2.1.0 Ok [690 ms]
    RCPT TO:<[email protected]>
    450 4.7.1 <EC2AMAZ-CT1LM3F.mxtoolbox.com>: Helo command rejected: Host not found [750 ms]

    LookupServerv2 3738ms
    ---------------------------------------------------------------------------------

    Thanks again :)
     
  4. Have you verified that your SMTP banner is matching with PTR record? If it is not matching then either you have to update your PTR record or update your banner to match the PTR record in place.
     
  5. FFG28

    FFG28 Member

    Good Day:
    As mentioned on my last reply, my PTR record points to mail.mydomain.com (same FQDN shown on myhostname in main.cf) as it should. My concern is mostly associated with why doesn't this works automatically from server side.

    grep myhostname /etc/postfix/main.cf shows
    ---------------------------------------------------------------------------------
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    myhostname = mail.mydomain.com
    ---------------------------------------------------------------------------------

    and
    "PTR : My public IP" is pointing to mail.mydomain.com

    Please advise
     
  6. FFG28

    FFG28 Member

    Don't know if related but I'm also getting the following log from one particular server to server handshake.

    -------------------------------------------------------------------------------------------------------------------------------
    Oct 18 14:59:22 mail postfix/smtpd[19219]: connect from mailservername.theirdomain.com[“others public IP”]

    Oct 18 14:59:23 mail postfix/smtpd[19219]: NOQUEUE: reject: RCPT from mailservername.theirdomain.com[“others public IP”]: 450 4.7.1 <theirname.SMTPmail.banner>: Helo command rejected: Host not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<theirname.SMTPmail.banner>

    Oct 18 14:59:23 mail postfix/smtpd[19219]: disconnect from mailservername.theirdomain.com[“others public IP”] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
    -------------------------------------------------------------------------------------------------------------------------------

    I don't know if this means that Im rejecting them or they are rejecting me. Neither user (sender/recipient) receives a message from the server. This is a known recipient for us. I have even tried WHITELISTING them (SPAMFILTER Level) in ISPCONFIG, but still can't seem to be able to receive e-mails from them. They do receive mail from us though.

    Note:
    MXTOOLBOX shows their mail server, also unable to pass a BANNER CHECK.
     
  7. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Are you sure the name service intormation in public name servers is correct? If you only checked info on your own name servers, they may show matching PTR record. Try for example checking what google name servers show like so:
    Code:
    host mail.mydomain.com 8.8.8.8
    and also with your IP-number
    Code:
    host your.ip.here 8.8.8.8
    I like to believe MXToobox does it's text correctly, so there is something wrong.
    By the way, to solve this quickly find someone you can trust with your real hostname and who knows name service and mail server setup, and have him or her check what is wrong. This is just guessing what might be wrong now.
     
  8. FFG28

    FFG28 Member

     
  9. FFG28

    FFG28 Member

    Good day Taleman:
    Results to requested info:
    ------------------------------------------------------
    host mail.mydomain.com 8.8.8.8
    Using domain server:
    Name: 8.8.8.8
    Address: 8.8.8.8#53
    Aliases:

    mail.mydomain.com has address "Public IP"
    ------------------------------------------------------
    host "Public IP" 8.8.8.8
    Using domain server:
    Name: 8.8.8.8
    Address: 8.8.8.8#53
    Aliases:

    "Public IP".in-addr.arpa domain name pointer mail.mydomain.com.
    ------------------------------------------------------
    Some comments:
    We don't host a public DNS. Im using my Service Provider for this purpose. I have been talking with them extensively during the past days to also work out SPF, DKIM and DMARC Records for all our mail domains. Curiously this three RECORDS which tend to be more complicated are working as expected.

    The person I have been talking to on the ISP side, has at least CCNA Credentials and administers the DNS terminal for the ISP.

    I my self don't have that much experience in DNS (Ill agree) but do have years of experience in computer networking (I have a professional degree in Electronics Engineering as well).

    The intent of the above is not presume anything (as I am certain that most users of this Forum have way more experience than I have, but just to assure you that I understand this enough to know that: Our domain has proper A, MX, PTR and NS records configured for its domain on our ISP provider Public DNS.

    I can also say that we have other domains that point to the main domain mx record:

    For example

    For
    mydomain.com
    host: mail
    A Record: "My Public IP"
    MX Record: mail.mydomain.com
    NS Record: ns.myISPdomain.com
    With its Reverse Lookup Zone as you can see from Google's response

    Also for:
    myotherdomains.com
    MX Record: mail.mydomain.com
    NS Record: ns.myISPdomain.com

    As a separate and positive note to the ISP FORUM , the reason Im using this system now is because the company I work for used to have an OSX server mail system that was begging to be changed given that Apple stopped pursuing enterprise services of this type. I am using 1,1 MacPros with UBUNTU 18.04 for this scenario and they work beautifully (even at 64bit) after the Perfect Server Tutorial. Never been happier to administer a server than today. Thank you ISPConfig :).

    So having said the above, if I am to hardcode this, what would be the proper way to do it without braking my PERFECT SERVER :(.
     
  10. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Still guessing blindly:
    Does the mail host have two IP-numbers and uses the not public IP for sending mails?
     
  11. FFG28

    FFG28 Member

    We used to have a DNS record that maybe, could have done this but it was fixed about a week ago

    For
    mydomain.com
    mail IN A Record: "My Public IP"
    www IN A Record: "External Web Host Provider Public IP"
    MX Record: mail.mydomain.com
    NS Record: ns.myISPdomain.com
    REVERSE DNS ZONE included only for A Record: "My Public IP"

    Also for:
    myotherdomains.com
    mail MX Record: "My Public IP"
    www IN A Record: "External Web Host Provider Public IP"
    NS Record: ns.myISPdomain.com
    NO REVERSE DNS ZONE included

    Do take note of my first post (this is PRESENT and not PAST):
    --------------------------------------------------
    For your reference:
    SMTP Banner Check Results (telnet on port 25 Locally to the private IP of the server and externally to the FQDN with MXTOOLBOX yields the same results):
    220 ******************************************
    (As inferred from the above, port 25 is open on the servers Firewall and the ISP)
    --------------------------------------------------
    Comments:
    The above shows that the TELNET test results for BANNER CHECK as follow:
    220 ******************************************
    where on
    1. a Private IP TELNET on 25 (I did this myself from a local network computer)
    2. a Public IP TELNET on 25 (with MXTOOLBOX)

    Hope this clears something
     
    Last edited: Oct 19, 2018
  12. FFG28

    FFG28 Member

    Going a little further in to your comment (Although I believe that it does not apply to the situation but now Im willing to check everything if needed). Maybe something that POSTFIX is expecting differently.
    I don't know...
    ----------------------------------------------------------------------------------
    Internally, we still don't have a PRIVATE DNS so the way we configure the clients, is to reach the SERVER (which is the same for INCOMING and OUTGOING SMTP) by its private IP.

    Same IP / One server (Incoming and Outgoing SMTP) and has a static private IP (local network)
    Incoming SMTP: 192.168.x.x
    Outgoing SMTP 192.168.x.x

    But Publicly its working as it should.
    Server is behind a Firewall on DMZ.
    Incoming SMTP: "Public IP"
    Outgoing SMTP "Public IP"
    ----------------------------------------------------------------------------------

    I still maintain that is properly configured (Public DNS and MSIL SERVER), but I also believe the issue is on the server side (POSTFIX).

    I appreciate your comments.
     
  13. FFG28

    FFG28 Member

    Just to update on this post. I have found the problem.

    A security appliance that we have on the network was masking the BANNER provided by the SERVER.

    Thanks again for the help.
     
    till likes this.

Share This Page