Problem with configuration?

[titusc]

Hi everyone:

I've got a problem with my server. About a year ago we migrated from Exchange-2000 over to the Scalix Enterprise client, and since then I've had problems with my reverse DNS resolving. I keep getting messages back from certain organizations, like AOL and Comcast for instance, when anyone in my network sends out an email. When I get the message back it tells me that outgoing mail doesn't match my PTR record. I check my PTR and it's set to x.x.x.250. When I send a mail that doesn't resolve in a recipients mail system, I get the message (or a similar message depending on who I send to...):
----------------------------------------------------------------------------------------------------------
The original message was received at Fri, 28 Jul 2006 13:46:49 -0700 from localhost.localdomain [127.0.0.1]

----- The following addresses had permanent fatal errors ----- <csa-45@comcast.net>
(reason: 521-EHLO/HELO from sender x.x.x.2 does not map to exchange-2000.willcox.k12.az.us in DNS)

----- Transcript of session follows ----- ... while talking to gateway-s.comcast.net.:
>>> MAIL From:<titusc@willcox.k12.az.us> SIZE=16585
>>> ENVID="H00001310024d051.1154119608.exchange-2000.willcox.k12.az.us*"
>>> RET=HDRS
<<< 521-EHLO/HELO from sender x.x.x.2 does not map to exchange-2000.willcox.k12.az.us in DNS <<< 521-sending machine name must be provided as a fully <<< 521-qualified domain via EHLO/HELO command.
<<< 521-see section 4.1.1.1 and 4.1.4 of RFC 2821 <<< 521 521: Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mailserver does not fill that requirement. For more information, refer to: http://www.comcast.net/help/faq/index.j ... mail118405
554 5.0.0 Service unavailable
----------------------------------------------------------------------------------------------------------

Now I'm running a PIXX firewall on my network, and it's doing NATting. The address x.x.x.2 is what all my internet data goes out as. What everyone is probably thinking is that I haven't got a static route on outgoing mail going through the x.x.x.250, but I do have a statement in my PIXX that does exactly that.

On further discussion with my ISP, the guy told me that in Exchange there is a field in the header that identifies the server on outgoing mail, and that if it wasn't correct my mail's might get bounced back as the wrong address. Is there such a field in Scalix, and if so how do I modify it through the CLI? Is this even my problem? Has anyone else experienced a similar problem since a migration from Exchange?

Any help is appreciated a bunch!!! Thanks alot in advance!

Cliff Titus

[titusc]

The name of the Scalix server is Exchange-2000 by the way

[florian]

Hi clifford,

it's probably your Microsoft-friendly hostname that you used without paying microsoft any more license fees that creates the problem....

no, kidding.

The error message indicates that your public IP address does not correctly reverse-resolve to the fully-qualified hostname of your server.

You can test this by typing

nslookup <my.ip.addres>

and this will give you the name that this reverse-resolves to.

The reverse-check is done by many MTAs on the outside, because unresolvable IP addresses for mailservers are very often used by Spammers.

You will most probably need the help of your ISP to fix this. They will "own" the DNS for the reverse zone for this IP subnet. therefore, you'll need them to set up the correct mapping.

If they don't provide such a service, the only other way is that you would send through an ISP-owned Mail Relay that accepts mail from all the customers, then forwards using a registered hostname and IP address.

Hope this helps,
Florian.

[NetoMeter]

Hi!
Here is what I found based on the information provided above.
The name by which your mail server identifies itself when establishing an SMTP session is “exchange-2000.willcox.k12.az.usâ€

[NetoMeter]

I forgot to mention that it is not a very good idea to translate the outgoing traffic from your mail server to same public IP which is used for the other users and machines. Here is an example – if a machine gets infected by a virus and starts generating traffic that IP is automatically added in blacklists which are used by many spam filters. Hence your outgoing mail is being rejected. So if you have a choice translate the SMTP traffic to a dedicated public IP.

Dean

[titusc]

Alright. Both of you thank you for your help. It is greatly appreciated!!

I checked the reverse resolve inside and it's not resolving from IP address to "exchange-2000" but it will resolve to my primary DNS server inside which is a Windows 2K server running DNS and AD. I also believe I've got a statement on my PIX that performs a static NAT from the IP address of the server, which I've got statically assigned. I had a colleague of mine from the ISP take a look at my PIX statements and I am a bit unfamiliar with PIX configuration myself, but he told me that I've got that static route in there.

So I've got two areas of questioning. I'm a bit of a newb with Linux and much more comfortable with Windows Server configuration. The first area is what conf file am I looking to modify in order to get an internal reverse resolve to work, or is that a statement that needs to be recorded in the DNS of my Windows DNS server? Do I have to configure some sort of daemon to make my Linux server talk to my Windows DNS server? Secondly, what are the procedures for configuring PAT inside a Cisco PIX? I'm away on a training trip right now, but I do still have remote access into my network. I hope you are both still looking at this thread!!

Like I said, much thanks for helping me with this problem.