SMTP Banner Check problem / Postfix install / Ubuntu 18.04 Perfect Server upgraded from 14.04 server

Good Day:

I know that this question has been covered in the past but, before making any changes to /etc/postfix/main.cf (cause making manual changes to POSTFIX "just because" doesn't seem right, and the tutorial steps were very clear, and the mail server "is working as expected"; except for this particular), I would like to ask why wouldn't POSTFIX give my server FQDN on an SMTP Banner Check if:

1. hostname -f command gives the proper fqdn (as in mail.mydomain.com)
2. During the postfix install - following subject tutorial -, the same fqdn was provided (as in mail.mydomain.com)

For your reference:
SMTP Banner Check Results (telnet on port 25 Locally to the private IP of the server and externally to the FQDN with MXTOOLBOX yields the same results):
220 ******************************************
(As inferred from the above, port 25 is open on the servers Firewall and the ISP)

Also, take note that MXTOOLBOX is able to do the rest of the TESTS on port 25 (as in reaching the e-mail server and verifying that is not configured as an open relay).

Reverse DNS lookup is properly configured as well ("PTR : Public IP" points as expected to mail.mydomain.com)

Also for your reference, Postfix main.cf shows the banner configuration as follows:
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)

and myhostname configuration as follows:
myhostname = mail.mydomain.com

Any comment on the above are greatly appreciated.

Regards

 

What does this command show:

Code:

grep myhostname  /etc/postfix/main.cf

 

Good Day Taleman:

Thank you for your prompt response. To your question:

Result:
---------------------------------------------------------------------------------
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
myhostname = mail.mydomain.com
---------------------------------------------------------------------------------

which is the FQDN of our server (Im changing the actual fqdn with the moniker mail.mydomain.com as you might imagine).



Also for your reference, exact response from MXTOOLBOX after mail server test (FQDN moniker used as well):
---------------------------------------------------------------------------------

Connecting to "my public IP"

220 ****************************************** [750 ms]
EHLO EC2AMAZ-CT1LM3F.mxtoolbox.com
250-mail.mydomain.com
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XXXXXXXA [687 ms]
MAIL FROM:<[email protected]>
250 2.1.0 Ok [690 ms]
RCPT TO:<[email protected]>
450 4.7.1 <EC2AMAZ-CT1LM3F.mxtoolbox.com>: Helo command rejected: Host not found [750 ms]

LookupServerv2 3738ms
---------------------------------------------------------------------------------

Thanks again

 

Have you verified that your SMTP banner is matching with PTR record? If it is not matching then either you have to update your PTR record or update your banner to match the PTR record in place.

 

Good Day:
As mentioned on my last reply, my PTR record points to mail.mydomain.com (same FQDN shown on myhostname in main.cf) as it should. My concern is mostly associated with why doesn't this works automatically from server side.

grep myhostname /etc/postfix/main.cf shows
---------------------------------------------------------------------------------
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
myhostname = mail.mydomain.com
---------------------------------------------------------------------------------

and
"PTR : My public IP" is pointing to mail.mydomain.com

Please advise

 

Don't know if related but I'm also getting the following log from one particular server to server handshake.

-------------------------------------------------------------------------------------------------------------------------------
Oct 18 14:59:22 mail postfix/smtpd[19219]: connect from mailservername.theirdomain.com[“others public IP”]

Oct 18 14:59:23 mail postfix/smtpd[19219]: NOQUEUE: reject: RCPT from mailservername.theirdomain.com[“others public IP”]: 450 4.7.1 <theirname.SMTPmail.banner>: Helo command rejected: Host not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<theirname.SMTPmail.banner>

Oct 18 14:59:23 mail postfix/smtpd[19219]: disconnect from mailservername.theirdomain.com[“others public IP”] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
-------------------------------------------------------------------------------------------------------------------------------

I don't know if this means that Im rejecting them or they are rejecting me. Neither user (sender/recipient) receives a message from the server. This is a known recipient for us. I have even tried WHITELISTING them (SPAMFILTER Level) in ISPCONFIG, but still can't seem to be able to receive e-mails from them. They do receive mail from us though.

Note:
MXTOOLBOX shows their mail server, also unable to pass a BANNER CHECK.

 

Are you sure the name service intormation in public name servers is correct? If you only checked info on your own name servers, they may show matching PTR record. Try for example checking what google name servers show like so:

Code:

host mail.mydomain.com 8.8.8.8

and also with your IP-number

Code:

host your.ip.here 8.8.8.8

I like to believe MXToobox does it's text correctly, so there is something wrong.
By the way, to solve this quickly find someone you can trust with your real hostname and who knows name service and mail server setup, and have him or her check what is wrong. This is just guessing what might be wrong now.

 

Good day Taleman:
Results to requested info:
------------------------------------------------------
host mail.mydomain.com 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

mail.mydomain.com has address "Public IP"
------------------------------------------------------
host "Public IP" 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

"Public IP".in-addr.arpa domain name pointer mail.mydomain.com.
------------------------------------------------------
Some comments:
We don't host a public DNS. Im using my Service Provider for this purpose. I have been talking with them extensively during the past days to also work out SPF, DKIM and DMARC Records for all our mail domains. Curiously this three RECORDS which tend to be more complicated are working as expected.

The person I have been talking to on the ISP side, has at least CCNA Credentials and administers the DNS terminal for the ISP.

I my self don't have that much experience in DNS (Ill agree) but do have years of experience in computer networking (I have a professional degree in Electronics Engineering as well).

The intent of the above is not presume anything (as I am certain that most users of this Forum have way more experience than I have, but just to assure you that I understand this enough to know that: Our domain has proper A, MX, PTR and NS records configured for its domain on our ISP provider Public DNS.

I can also say that we have other domains that point to the main domain mx record:

For example

For
mydomain.com
host: mail
A Record: "My Public IP"
MX Record: mail.mydomain.com
NS Record: ns.myISPdomain.com
With its Reverse Lookup Zone as you can see from Google's response

Also for:
myotherdomains.com
MX Record: mail.mydomain.com
NS Record: ns.myISPdomain.com

As a separate and positive note to the ISP FORUM , the reason Im using this system now is because the company I work for used to have an OSX server mail system that was begging to be changed given that Apple stopped pursuing enterprise services of this type. I am using 1,1 MacPros with UBUNTU 18.04 for this scenario and they work beautifully (even at 64bit) after the Perfect Server Tutorial. Never been happier to administer a server than today. Thank you ISPConfig .

So having said the above, if I am to hardcode this, what would be the proper way to do it without braking my PERFECT SERVER .

 

Still guessing blindly:
Does the mail host have two IP-numbers and uses the not public IP for sending mails?

 

We used to have a DNS record that maybe, could have done this but it was fixed about a week ago

For
mydomain.com
mail IN A Record: "My Public IP"
www IN A Record: "External Web Host Provider Public IP"
MX Record: mail.mydomain.com
NS Record: ns.myISPdomain.com
REVERSE DNS ZONE included only for A Record: "My Public IP"

Also for:
myotherdomains.com
mail MX Record: "My Public IP"
www IN A Record: "External Web Host Provider Public IP"
NS Record: ns.myISPdomain.com
NO REVERSE DNS ZONE included

Do take note of my first post (this is PRESENT and not PAST):
--------------------------------------------------
For your reference:
SMTP Banner Check Results (telnet on port 25 Locally to the private IP of the server and externally to the FQDN with MXTOOLBOX yields the same results):
220 ******************************************
(As inferred from the above, port 25 is open on the servers Firewall and the ISP)
--------------------------------------------------
Comments:
The above shows that the TELNET test results for BANNER CHECK as follow:
220 ******************************************
where on
1. a Private IP TELNET on 25 (I did this myself from a local network computer)
2. a Public IP TELNET on 25 (with MXTOOLBOX)

Hope this clears something

 

Going a little further in to your comment (Although I believe that it does not apply to the situation but now Im willing to check everything if needed). Maybe something that POSTFIX is expecting differently.
I don't know...
----------------------------------------------------------------------------------
Internally, we still don't have a PRIVATE DNS so the way we configure the clients, is to reach the SERVER (which is the same for INCOMING and OUTGOING SMTP) by its private IP.

Same IP / One server (Incoming and Outgoing SMTP) and has a static private IP (local network)
Incoming SMTP: 192.168.x.x
Outgoing SMTP 192.168.x.x

But Publicly its working as it should.
Server is behind a Firewall on DMZ.
Incoming SMTP: "Public IP"
Outgoing SMTP "Public IP"
----------------------------------------------------------------------------------

I still maintain that is properly configured (Public DNS and MSIL SERVER), but I also believe the issue is on the server side (POSTFIX).

I appreciate your comments.

 

Just to update on this post. I have found the problem.

A security appliance that we have on the network was masking the BANNER provided by the SERVER.

Thanks again for the help.