Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio not sending with bound IP address
  •  
Autosoft

Messages: 8
Karma: 0
Send a private message to this user
Here is the problem I seem to be having with Kerio 7.2.2. We are getting a LOT of emails failing to deliver because the IP address does not resolve back to the sending domain.

I have multiple domains on the same server, all bound to different IP addresses. In Kerio I have bound each domain to its IP address on the advanced tab of the Domain settings.

When I set this I see this message in the Administrator:

"This IP address will be used to send outgoing emails from this domain"

But when I send an email out through a domain the headers of the email contain the server's primary IP address, not the one that the domain is bound to.

Received: from 127.0.0.1 (EHLO domain.com) (72.3.XXX.XXX)

This is not the IP address I have bound the domain to, but the main one for the machine.

Help?

[Updated on: Thu, 08 September 2011 21:51]

  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Autosoft wrote on Thu, 08 September 2011 21:38

"This IP address will be used to send outgoing emails from this domain"

Blame it on bad english or whatever you want, but this explanation is nonsensical. It does not do what you think it says.

The IP address entered in the text box "Bind this domain to specific IP addresses:" (note the plural despite only accepting one IP address) only works for clients. I.e. it allows users to authenticate without the domain part (joe instead of joe<_at_>example.com) when connecting to KC on this IP.

That's all it does. The explanation you quoted above wasn't there in earlier versions of KC/KMS, so I'm unsure why Kerio felt the need to confuse such a simple concept with a sentence like that.

The 7.2.2 manual also seems to agree with my statement.

On the other hand, what you're trying to accomplish is probably not necessary. A domain having an MX in a different domain is perfectly acceptable and quite normal. Our KC has 25 different domains sending via the same IP, and forward and reverse name resolution poses no problem whatsoever.
  •  
Autosoft

Messages: 8
Karma: 0
Send a private message to this user
This has become a big issue recently for us. All emails going to AOL.COM, AIM.COM and ATT.NET are being bounced back with the following error messages:

AOL.COM returns:
http://postmaster.aol.com/Postmaster.Errors.php#421dnsnr
"Error 421: The Reverse DNS lookup for your IP address is failing. This could be a transient issue. Confirm the IP that sends your mail. Then check the rDNS of that IP using our troubleshooting tools. If it passes, please wait 24 hours and re-try before opening a support request."

ATT.NET returns:
Error 450: service permits 100000 unverifiable IPs - <domain>.com is not 72.3.XXX.XXX

westparksassoc.ca returns:
Error 450: Client host rejected: cannot find your reverse hostname [72.3.XXX.XXX]

advanced-inc.com returns:
421 Refused. You have no reverse DNS entry.


As such we have been unable to send email to any clients at either of these domains. Since these are purchase confirmations and receipts this is a big problem for us.

While it may be a language mix-up it seems to be to be pretty logical that you should be able to get the SMTP service to send out on the IP address the domain is bound to.

[Updated on: Fri, 09 September 2011 01:55]

  •  
elias

Messages: 114
Karma: 0
Send a private message to this user
Autosoft wrote on Thu, 08 September 2011 16:25
AOL.COM returns:
http://postmaster.aol.com/Postmaster.Errors.php#421dnsnr
"Error 421: The Reverse DNS lookup for your IP address is failing. This could be a transient issue. Confirm the IP that sends your mail. Then check the rDNS of that IP using our troubleshooting tools. If it passes, please wait 24 hours and re-try before opening a support request."

ATT.NET returns:
Error 450: service permits 100000 unverifiable IPs - <domain>.com is not 72.3.XXX.XXX

westparksassoc.ca returns:
Error 450: Client host rejected: cannot find your reverse hostname [72.3.XXX.XXX]

advanced-inc.com returns:
421 Refused. You have no reverse DNS entry.

These errors are clear; you don't have a reverse DNS entry for your mail server's IP. Even if you could bind a domain to an IP for outbound mail, that wouldn't solve your problem.

Make sure your ISP has a correct PTR record for your IP and that both the forward and reverse DNS entries match. If you get that fixed, you'll be all set.

-Elias
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
TorW wrote on Fri, 09 September 2011 00:50


The IP address entered in the text box "Bind this domain to specific IP addresses:" (note the plural despite only accepting one IP address) only works for clients. I.e. it allows users to authenticate without the domain part (joe instead of joe<_at_>example.com) when connecting to KC on this IP.


Yeah, the text is incorrect. Only one IP address can be entered.

Anyway, this setting is used also for outgoing emails (since Kerio Connect 7.2.1 - see http://download.kerio.com/dwn/connect/kerio-connect-notes-en -7.2.1-4368.pdf)
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Autosoft wrote on Thu, 08 September 2011 21:38
Here is the problem I seem to be having with Kerio 7.2.2. We are getting a LOT of emails failing to deliver because the IP address does not resolve back to the sending domain.

I have multiple domains on the same server, all bound to different IP addresses. In Kerio I have bound each domain to its IP address on the advanced tab of the Domain settings.

When I set this I see this message in the Administrator:

"This IP address will be used to send outgoing emails from this domain"

But when I send an email out through a domain the headers of the email contain the server's primary IP address, not the one that the domain is bound to.

Received: from 127.0.0.1 (EHLO domain.com) (72.3.XXX.XXX)

This is not the IP address I have bound the domain to, but the main one for the machine.

Help?


Enable SMTP client messages in the debug log. And verify that the IP address defined in domain settings does really exist on your server.
I also recommend contacting our technical support at http://support.kerio.com.
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Kerio_pdobry wrote on Fri, 09 September 2011 10:27

Anyway, this setting is used also for outgoing emails (since Kerio Connect 7.2.1 - see http://download.kerio.com/dwn/connect/kerio-connect-notes-en -7.2.1-4368.pdf)

Ok, thanks. My bad.
I guess the OP didn't have all the important bits set up then ...
  •  
Autosoft

Messages: 8
Karma: 0
Send a private message to this user
This is my mea culpa Smile All is working well now after getting a chance to call to Kerio support. We moved the server to a NATed firewall configuration and thus the domains now need to be bound to the internal NAT IPs, not the external IPs on the outside of the firewall. Change made and now Kerio is sending out on the proper IPs.

One suggestion for the Administrator UI. It would be handy if when you enter an IP address (or even save and re-open the Domain settings) if a little red alert popped up saying "Warning: can't find the IP address you have bound this domain to on the server"

Thanks for all the replies!
Previous Topic: Outllook 2011 error
Next Topic: Mailinglist administration by single User
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Oct 22 13:52:22 CEST 2017

Total time taken to generate the page: 0.00484 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.