reverse DNS and SMTP banner issues.

[carliebentley]

Greetings Everyone.

Here's my configuration (then I'll get to the problem).

Hardware: Quad Core Xeon + 8GB Ram + 500GB Raid 5

Software: CentOS 5.4 (Updated regularly) + Plesk 9.2.2 Unlimited + Atomic Secured Linux + eliminated postfix for Qmail.

8 IP addresses

Hosting ~250 simple sites + ~125 e-mail accounts.

My problem as stated in the title is that I haven't figured out how to configure reverse DNS across multiple domains on shared IP addresses.

for example:

IP address 1 hosts the domains: example.com with 3 e-mail accounts, + example2.com with 4 e-mail accounts.
IP address 2 hosts the domains: example3.com with 10 e-mail accounts + example 4 with 15 e-mail accounts.

Using MXtoolbox.com, everything checks out fine except for the warning:
"Warning - Reverse DNS does not match SMTP Banner"

Obviously the Plesk server has a name, and that's what is showing up in the HELO/SMTP banner reply.

Normally, since the server has never been on a blacklist of any kind, this has never presented a problem. Unfortunately, companies like AOL, Yahoo, and Bellsouth.net are now checking the reverse DNS and SMTP banner before allowing the mail to be delivered.

If one of my clients sends an e-mail to someone at bellsouth.net, bellsouth is rejecting the e-mail because the reverse DNS and SMTP banner do not match.

Is there a way to add something into the DNS settings for each domain in order to get this to display the correct SMTP banner?

Will I have to configure an individual qmail process for every domain on the server?

Normally, I would tell these clients to just go get a gmail account and use that, but they really want e-mail at their domain.

 

[IgorG]

Do you have content of /var/qmail/control/me file in FQDN format?

 

[carliebentley]

Yes.

yes the "me" file has the fully qualified domain name of the server.

That's all the me file has in it.

should it have other domain/mail server names listed in it?

 

[IgorG]

No, there is should be name of Plesk server in FQDN format and this hostname should be correctly resolvable and IP should be with corresponding PTR record.

 

[carliebentley]

No, there is should be name of Plesk server in FQDN format and this hostname should be correctly resolvable and IP should be with corresponding PTR record.

Yes, the "me" file has the correct and resolvable FQDN which corresponds with the PTR record.

After much more investigation, I'm not the only one with this problem.

I'm using qmail and virtual hosts, and in this configuration, qmail will only respond with the information in the "me" file.

Even if mail is sent from @example1.com the SMTP HELO Banner replies with the FQDN from the "me" file.

There is possibly a patch for qmail to resolve this issue, however this is a live server and I don't want to break it by recompiling qmail with the patch.

 

[IgorG]

I have not found any mentions in our internal resources regarding this problem in Plesk context. According google seems it is common mailservers or DNS related issue.

 

[carliebentley]

A known issue

It's a known issue with qmail (I'm not sure about postfix), when using virtual hosting.

Qmail defaults to the primary IP address and the "control/me" file for any HELO request.

This has recently become an issue because some e-mail servers with anti-spam filtering will reject an e-mail if the SMTP banner doesn't match the reverse DNS look up.

Again,

Server FQDN: server.example.com
virtual domain: www.virtualdomain.com
e-mail client: [email protected]
SMTP Banner/HELO Response: server.example.com

This is a problem for some spam filters and blacklisting services.

The article in the link below talks about this very situation, and in all honesty, I think it's something that Plesk should address. Certainly it should be addressed for Plesk users using qmail, and if the problem exists in postfix, it should be fixed as well.

http://www.digitaldaemon.com/FreeBSD/qmail/index.html

I'm considering adding the patch above, and recompiling qmail to eliminate this problem, so the SMTP banner will respond with the virtual domain name, instead of the default server name.

 

[John Marston]

Assistance

I too am having a ton of trouble with this. We send quite a few emails a day that are being flagged as 'spam' to our clients because the header information does not match. We use Media Temple for hosting and they said the way Plesk and Qmail were configured there was no way around it other than to build an entirely new custom server.

Did you successfully attempt the patch you mentioned above? I am unable to follow the 'instructions', which are not very clear. Do we in fact need vpopmail as well?

 

[gvhoofst]

Had similar issues with all domains except the server domain

Server details:
server host name is mydomainA.com
mydomainA.com is hosted op ip-address IP-A and has proper DNS records setup and acts also as name server.
Plesk 9.5.2 Linux CentOS5 using qmail for email

The process for an email sent from [email protected]
Any email sent from the server by qmail will always say it has been sent by the hostname mydomainA.com. (mydomainA.com should also be in your me and control files)

At the receiving end most servers will first do a reverse look-up of the sending smtp-server. So reverse look-up must be properly setup to point the ip-address (in my case IP-A) to mydomainA.com. Ask your ISP to setup rDNS on your ip-address if you cannot do it yourself.

If that passes, many then check the SPF record of the domain which is sending the email, which is in this example mydomainB.com

Assume you have domain mydomainB.com hosted on a different ip-address: IP-B. As mydomainB.com has a different ip-address, then with the standard SPF setup in Plesk, this will cause a failing SPF check in the form of "domain of [email protected] does NOT designate IP-A as permitted sender" . Hence, the receiving server may reject the email. The way to solve this is to adjust the SPF record of mydomainB.com This record should be something like: v=spf1 ip4:IP-A +a +mx -all where IP-A is the ip-adress of the hostname.

If you're adding more domains to your server, make sure that your default DNS template has an SPF record which is the same. In that way when you add an domain it autocratically gets the correct SPF record.
Note that when you host a domain on the same ip-address as the server is hosted, the SPF record can be v=spf1 +a +mx -all

This solved all my problems on emails not getting through at certain clients (mostly large companies having strict rules in accepting email in order to ban spam).

NOTE: An easy way to check if it works is to sent an email to a gmail account and at that account chek the header of the received email (show original). It gives you information on the checks it has done and the result

 

[femotvaff]

now after 5 years there is plesk 12 ....and still same problem...
with Plesk we can't change the SMTP banner to something other than the hostname, that have no sense, in many configurations

 

[IgorG]

now after 5 years there is plesk 12 ....and still same problem...
with Plesk we can't change the SMTP banner to something other than the hostname, that have no sense, in many configurations

This is under review according to request http://plesk.uservoice.com/forums/1...you-adapt-the-main-domain-name-of-an-ip-as-th
You can add your description of problem and vote there.