Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Sender-Host-Name (in mail log) (Strange Log after 7.3 - 7.4 Upgrade)
  •  
john_rothenberg

Messages: 29
Karma: 0
Send a private message to this user
Hi All,

Whilst checking the logs after upgrading our mailhost to the latest 7.4 a very strange issue has occurred.
For all our local email sent to each other or externally out to other address it is stating that our Send-Host-Name isnt what is set in on our server. we set the hostname internally to match external dns hostname.
It gets odder, if i send an email from my phone it shows another send-host-name address.
one is a co.th the other is a .com both static IP address's nothing to do with our
RDNS matches, external dns records are correct and internal records forward and reverse are correct, no receiving mailserver has bounced any of our mail.
Ive flushed cache on both internal dns server and mailhost and client .. It still remains the same .. Does anyone have any ideas where Kerio grabs this information from ?
Almost bald from trying to nut this out ...
  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
For each e-mail you send, you will see 2 lines in the Mail log:

Recv:
Sent:

The first line lists the details of the client sending the mail to your Kerio server. The second line shows the details of your Kerio server sending mail on to the external server.

The Sender Hostname in the first line indicates the hostname of your client, not the Kerio server.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
john_rothenberg

Messages: 29
Karma: 0
Send a private message to this user
If this is the case and i appreciate your swift response, how can the log be showing all external public IPs as the same incorrect fqdn?
It also does the same for internal private addressing.
  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
This looks for me an issue how your Kerio server resolves DNS requests. First check the DNS entries of your Kerio server, then also check the hosts file. If all looks ok, do a manual

nslookup

on the Kerio server and check the result.

Which OS is your Kerio server running on?

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
john_rothenberg

Messages: 29
Karma: 0
Send a private message to this user
Osx client 10.6.8
Manual set ip with public dns 8.8.8.8 dns for the host.
Our clients point to an internal dns server for resolution of dns for internal services.
Externally the same records are hosted with public info.
We only allow https auth internal and external to send.
Whats odd is that it correctly identifies the sender- host ip address but sender-host-name resolves wrong.
it thinks we are mx-II-49.48.46-48.dynamic_3bb.co.th
  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
On the Kerio box, have you done a

nslookup -type=PTR 82.192.87.17


It should give you back the following:

Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
17.87.192.82.in-addr.arpa       name = www.kerio.com


I have done this on a Windows box, but Mac should be similar. It is important that the Kerio box can do the reverse lookup correctly, so if you don't see "name = www.kerio.com", something is wrong in your DNS setup.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
john_rothenberg

Messages: 29
Karma: 0
Send a private message to this user
This is the same response we get also.
Flushing cache on all involved makes no odds..
Forward and revers is correct for all lookups our own and others.
Its the logs telling me that device iphone just sent an email externslly to itself with hostname as previous.
Kerio is writting this in the mail log.
We do use open dns as a forward for our internal clients, how ever to rule that out i removed entries and flushed all again, restart kerio and still the same host name comes through
  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
You say you are getting

mx-ll-49.48.46-48.dynamic.3bb.co.th

for reverse lookup. This is for IP address

49.48.46.48

Is that an IP address that is assigned to you by your ISP? As they have your reverse lookup under control, they might need to change it. It does not help if you set a PTR record in your DNS, the PTR records need to be done by your ISP (unless they have delegated a whole netblock to you).

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
john_rothenberg

Messages: 29
Karma: 0
Send a private message to this user
Our local ptr is just that, local for the clients all on exchange type accounts.
Our external ptr is held with isp and is correctly resolving.
The only reference i get of that fqdn is in kerio mail logs for any mail that is sent from a private address (locally) this is what im saying its only kerio connects logs that show any reference to that fqdn since upgarding to 7.4.

  •  
john_rothenberg

Messages: 29
Karma: 0
Send a private message to this user
Neither Ip nor fqdn have anything to do with our ISP or our company.
Is there a hosts db kerio keeps that i could wipe ?
Is it a corrupt bayes ? Im at a loss and its worrying me.
  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
Hmm, without seeing the logs and your detailed setup it is difficult to help further. It really seems to be something with your DNS setup. It does not have anything to do with Bayes, Bayes has no influence on the Mail log.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
Another thing that comes to my mind: You should probably enable the "DNS Resolver" option in the Debug Log. This will list all DNS lookups that KC does.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
john_rothenberg

Messages: 29
Karma: 0
Send a private message to this user
Thanks for getting back, i did debug dns today and its looking for ptrs on all the private address against 8.8.8.8 which come back host not found.
Its as if the mailhost thinks private address space has been assigned the .co.th fqdn, is it possible that during the upgrade it somehow munged the entry ?
Have you ever re run an upgrade before ? As in install the same installer again over the top of it ? Am thinking if i take it off line and run it again it might clear these incorrect entries...
  •  
stothers

Messages: 89
Karma: 0
Send a private message to this user
i'm seeing this exact same issue. any luck with resolving it?

john_rothenberg

Messages: 29
Karma: 0
Send a private message to this user
What namespace are you seeing ?
Previous Topic: Queue directory on mailserver
Next Topic: Fulltext search in attachments (.doc, .pdf etc)
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 18:15:11 CEST 2017

Total time taken to generate the page: 0.00550 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.