Issue 421 EHLO MXIN201 Your HELO/EHLO example.com is not matching your DNS configuration s2.myserver.com

[DaarGaJeDan]

hi Guys,

I have problems setting up the mail servers and the DNS settings.

I try to mail to ziggo.nl but i keep getting the following error:
421 EHLO MXIN201 Your HELO/EHLO example.com is not matching your DNS configuration s2.myserver.com

i should expect that example.com should be mail.example.com.
it looks like ziggo doesnt use the MX record to check the domein.
My A record for example.com goes to a different ip address then mail.example.com (= plesk servers ip and the rDNS ip for s2.myserver.com)

 

[Dave W]

Does your srever hostname resolve to serer IP resolve to the same server hostname?

 

[DaarGaJeDan]

Does your srever hostname resolve to serer IP resolve to the same server hostname?

Yes it does!

My hostname is s2.myserver.com
Reverse dns is s2.myserver.com

 

[DaarGaJeDan]

I found something is wrong with the SPF. Looks like postfix uses a local ip 127.0.0.1 instead of the public ip.

How can i set the public ip adres here?

____________ MXTools report: _____________

spf:example.com:127.0.0.1

v=spf1 +a +mx +a:s2.example.com +a:mail.example.com +a:example.com -all

Prefix	Type	Value	PrefixDesc	Description
	v	spf1		The SPF record version
+	a		Pass	Match if IP has a DNS 'A' record in given domain.
+	mx		Pass	Match if IP is one of the MX hosts for given domain name.
+	a	s2.myserver.com	Pass	Match if IP has a DNS 'A' record in given domain.
+	a	mail.example.com	Pass	Match if IP has a DNS 'A' record in given domain.
+	a	example.com	Pass	Match if IP has a DNS 'A' record in given domain.
-	all		Fail	Always matches. It goes at the end of your record.

	Test	Result
	SPF Authentication	SPF Failed for IP - 127.0.0.1	More Info
	SPF Record Published	SPF Record found
	SPF Record Deprecated	No deprecated records found
	SPF Multiple Records	Less than two records found
	SPF Alignment	Domain found in SPF
	SPF Contains characters after ALL	No items after 'ALL'.
	SPF Syntax Check	The record is valid
	SPF Included Lookups	Number of included lookups is OK
	SPF Type PTR Check	No type PTR found
	SPF Void Lookups	Number of void lookups is OK
	SPF MX Resource Records	Number of MX Resource Records is OK
	SPF Record Null Value	No Null DNS Lookups found

 

[mow]

You might want to edit that "More info" link ...

Normally SPF should only check the IP that tries to connect and deliver mail, which can't ever be 127.0.0.1 on a host where the name isn't recognized as local, so I wonder what mxtools does there and why. Received: lines aren't trustworthy and should not be checked.
As a dirty fix, you could include +ip4:127.0.0.1 to your spf record.

 

[DaarGaJeDan]

But it isnt something the plesk server is doing?

 

[Bitpalast]

Postfix is using 127.0.0.1 when you are sending emails not through SMTP auth from an external source but from a webmail source on the server. In that case, the webmail software is the first hop, and that inserts the IP 127.0.0.1 to the chain in the mail header. To fix that issue, edit /etc/postfix/main.cf and add this line:
myhostname = <public hostname of your server>
Then restart postfix and try again with sending a mail from the server.

 

[DaarGaJeDan]

Ok but i know for sure i sended this test with apple mail client

Also my

myhostname = s2.example.com
I found:
mydestination = localhost, localhost.localdomain, localhost
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128

 

[Bitpalast]

Could you please update your Postfix file as described an try again?
Also could you please verify that in your /etc/hosts file you have at least one line with your public IPv4 or IPv6 address and your public hostname? Maybe that file only lists the 127.0.0.1 and localhost association.

 

[Bitpalast]

Ok but i know for sure i sended this test with apple mail client

Also my

myhostname = s2.example.com
I found:
mydestination = localhost, localhost.localdomain, localhost
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128

That is correct.

 

[DaarGaJeDan]

Still have the spf issue

 

[Bitpalast]

Also could you please verify that in your /etc/hosts file you have at least one line with your public IPv4 or IPv6 address and your public hostname? Maybe that file only lists the 127.0.0.1 and localhost association.

Have you done that, too? It is often tiresome to having to ask the same questions over and over again and not to get the feedback. These are points that must be checked when symptoms like you describe them occur. Have you checked it? What was the result?

 

[DaarGaJeDan]

Yes i have and it has the ipv4 public ip address

 

[Bitpalast]

In Plesk GUI: What is set as "Outgoing mail mode" in Tools & Settings > Server.-Wide Mail Settings?
Outgoing mail mode
Send from domain IP addresses
Send from domain IP addresses and use domain names in SMTP greeting
Send from the specified IP addresses
?

Also I suggest to send an email to any external address, then open the hidden mail headlines and to paste them here so that we can see what is really listed between "From" and the recipient. We'll need to find out where the 127.0.0.1 sender IP is coming from. Recipient name and sender hostname can be anonymized.

 

[DaarGaJeDan]

We use Send from domain IP addresses because of other issues.

Here are the headers: I masked some domainnames and ip addresses you can still see the 127 address:

Received: from pv33p00im-smtpin032.me.com ([17.142.180.58])
by ms62004.mac.com (Oracle Communications Messaging Server 8.0.2.5.20200127
64bit (built Jan 27 2020)) with ESMTP id <[email protected]>
for [email protected]; Sat, 19 Feb 2022 20:40:13 +0000 (GMT)
Original-recipient: rfc822;[email protected]
Return-path: <[email protected]>
Received: from s2.example.com (s2.example.com [80.200.100.100])
by pv33p00im-smtpin032.me.com (Postfix) with ESMTPS id 37B92761E97 for
<[email protected]>; Sat, 19 Feb 2022 20:40:10 +0000 (UTC)
X-ICL-SCORE: 3.3330333300
X-ICL-INFO:
GAtbVUseBVFGSVVESwMGUldZCh4MXUMRSFsIVVhDQ19XFwkZHRIWBxFERBo4Bl9MGxVEVx5UC0BD
EEgZFBIWERwJW1VABxhQQEpIRkwIGFNGQURXEFVaDUhbFUVWBl9MGxVEVwhERF9XClRZTlkYDBlb
RhMcDRRUHFcIG1oQWwsRRERLSHIDJkxMUk9VdHJWNlRSR0kJGyMzSyRaTXYAVkQ4IzI7AXJQNU8P
WRZcCEBVCwVKWl1XBgccEBILcFsHWxoJGlo=
Authentication-results: dmarc.icloud.com; dmarc=pass header.from=example.com
x-dmarc-info: pass=pass; dmarc-policy=none; s=r1; d=r1
x-dmarc-policy: v=DMARC1; p=none
Authentication-results: dkim-verifier.icloud.com; dkim=pass (1024-bit key)
header.d=example.com [email protected] header.b=dgDoSXMq
Authentication-results: spf.icloud.com; spf=pass (spf.icloud.com: domain of
[email protected] designates 80.200.100.100 as permitted sender) smtp.mailfrom=[email protected]
Received-SPF: pass (spf.icloud.com: domain of [email protected] designates 80.200.100.100
as permitted sender) receiver=spf.icloud.com; client-ip=80.200.100.100;
helo=s2.example.com; envelope-from=[email protected]
Received: from s2.example.com (localhost.localdomain [127.0.0.1])
by s2.example.com (Postfix) with ESMTP id 49A4913BE45 for <[email protected]>; Sat,
19 Feb 2022 21:40:09 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com; s=default;
t=1645303209; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
h=Received:Received:From:Subject:To;
b=dgDoSXMqfJI67RvTqVvIxVSYiX92RBbteSHp0dn2VkjhCN0r06F5mRcoyU6bHVQvA
o8w7CCOQ6A826VJbezb/UfKm0oPV852dcf7xVWs7aSq64nYQSpkkapLZjDJdL+DQqZ
ZbICYQDNirr7HbYWE3qJukJGoBfU7mIXve1s2Z+M=
Authentication-results: s2.example.com; spf=pass (sender IP is 127.0.0.1)
smtp.mailfrom=[email protected] smtp.helo=s2.example.com
Received-SPF: pass (s2.example.com: localhost is always allowed.)
client-ip=127.0.0.1; envelope-from=[email protected]; helo=s2.example.com;
X-Spam-Flag: NO
X-Spam-Score: -3.1
X-Spam-Level:
X-Spam-Status: No, score=-3.1 tagged_above=-9999 required=5
tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from s2.example.com ([127.0.0.1]) by s2.example.com (s2.example.com [127.0.0.1])
(amavisd-new, port 10024) with ESMTP id aBtK7SvZ4-Oe for <[email protected]>;
Sat, 19 Feb 2022 21:40:06 +0100 (CET)
Received: from smtpclient.apple
(82-72-226-187.cable.dynamic.v4.ziggo.nl [82.72.226.187])
by s2.example.com (Postfix) with ESMTPSA id D5E9413BE16 for <[email protected]>; Sat,
19 Feb 2022 21:40:05 +0100 (CET)
Received-SPF: pass (s2.example.com: connection is authenticated)
From: Jan Janssen <[email protected]>
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7bit
MIME-version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\))
Subject: Test
Message-id: <[email protected]>
Date: Sat, 19 Feb 2022 21:40:01 +0100
To: Jan Janssen <[email protected]>
X-Mailer: Apple Mail (2.3693.60.0.1.1)
X-PPP-Message-ID: <[email protected]>
X-PPP-Vhost: example.com
X-MANTSH: 1TEIXWlwZGVoaGkNHB0tNT0ReQ0QeHhofEQpMQxcbGgQbGxgEHBMEGBgfEBseGh8
aEQpMWRcbGhoaEQpZRBdpcFB8R00TAVNoXxEKWU0Xek9YWUVES0ZrRkZFXREKX1kXGxMeEQpfT
RdkRURPEQpZSRcdH3EbBhsfGncGBxwYBhoGGgYbBhgaGnEbGhoQGncGGgYaBhkaBgcfGgYaBhp
xGhAadwYaEQpZXhdsbHkRCkNOF2sSa2RQeR9cTxpOfl5gGUEYWh9tRGccdWB6Y0FZX3lzEQpYX
BcZBBoEHh8HSxsbGxwaTxwFGx0EGx4YBBsTEgQeGBAbHhofGhEKXlkXcHhcWm0RCk1cFxkRCkx
aF1Jpa11rEQpFWRd7EQpMXxd6BQUFBQUFBQUFZREKTU4XaWsRCkxGF01rEQpDWhcSHQQYHxkEG
x4SBBsZEhEKQl4XGxEKQlwXGxEKXk4XGxEKQksXY2R/elBoHWhDGVIRCkJJF2Nkf3pQaB1oQxl
SEQpCRRdmRmBmZ1loX2JHfhEKQk4XY2R/elBoHWhDGVIRCkJMF2J6WVp6TWt6aF5mEQpCbBdsB
R8aGUVIT3p7QBEKQkAXZkhceWl8UAEFGVwRCkJYF2V4RGFSR3gaS2BjEQpCeBdlQF1dGgF+eR9
dQREKTV4XGxEKcGgXYmNHeFJwU0RhTFsQBxsdEQpwbBdpa35ceklTcn9BQhAZGhEKcEwXelNOY
2tkE355cHgQGRoRCnBDF2ZcQ3lsZkNjY0ZkEBkaEQptfhcbEQpYTRdLEQ==
X-CLX-Shades: PersonalAllow

test

 

[Bitpalast]

Yes i have and it has the ipv4 public ip address

For some reason the server resolves its own name to 127.0.0.1. The entry is probably wrong.

 

[DaarGaJeDan]

First i see:
Received: from s2.example.com (s2.example.com [80.200.100.100])

Then
Received: from s2.example.com (localhost.localdomain [127.0.0.1])

Then:
Received: from s2.example.com ([127.0.0.1]) by s2.example.com (s2.example.com [127.0.0.1])

I checked everything, i can't figure out why this is.

 

[DaarGaJeDan]

My host file:

127.0.0.1 localhost.localdomain localhost

# The following lines are desirable for IPv6 capable hosts
::1 localhost.localdomain localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

80.200.100.100 s2.example.com s2

 

[DaarGaJeDan]

I dont know if ipv6 has anything to do with it

 

[Bitpalast]

Are there any internal redirects configured in the mailboxes or a sieve?