Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » rDNS fix (My IP has poor score (reputation))
  •  
eXtremer

Messages: 59
Karma: 0
Send a private message to this user
Hi all,

I run Kerio Connect for a small company with about 30 users, because of a virus my IP got blacklisted, but I managed to clean the system and at the moment my IP practically isn't listed in any blacklist but I still have some issues with the reputation of my IP that I need to fix, when I use mxtoolbox service to diagnose my mail server, everything is OK but still I got an reply from one "antispam" service that I need to fix the following...
Quote:

Your mail server is demonstrating suspicious behavior and we suggest that you investigate/fix the following:

* rDNS points to a fully qualified domain name (FQDN)
* rDNS points to a domain which matches the HELO FQDN
* rDNS points to a domain which matches the sender domain or a domain which matches the parent domain

To this end, one of the HELO string we are seeing "usairways.com" which is not exact matches to the PTR of the IP 77.XX.XXX.XX (mail.domain.com). This contravenes RFC2821, section 4.1.1.1 which states, "These [HELO] commands are used to identify the SMTP client to the SMTP server. The argument field contains the fully-qualified domain name of the SMTP client if one is available.


If someone could help with one, don't understand what needs to be fixed.

Thank you.

[Updated on: Fri, 20 December 2013 13:52]

  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
The settings (Internet hostname and rDNS) seems correct.
Is the IP <IP removed> solely for mailserver or is it IP of firewall with NAT ?

[Updated on: Mon, 23 December 2013 19:48]


Petr Dobry
Product Development Manager | Kerio
  •  
eXtremer

Messages: 59
Karma: 0
Send a private message to this user
Petr Dobry (Kerio) wrote on Fri, 20 December 2013 10:22
The settings (Internet hostname and rDNS) seems correct.
Is the IP 77.XX.XXX.XXX solely for mailserver or is it IP of firewall with NAT ?


- "...or is it IP of firewall with NAT"!
The IP is assigned to my router and kerio is behind it.

[Updated on: Fri, 20 December 2013 13:51]

  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
Then there might be another computer in your LAN (infected by virus) sending emails through your firewall.

Petr Dobry
Product Development Manager | Kerio
  •  
eXtremer

Messages: 59
Karma: 0
Send a private message to this user
Petr Dobry (Kerio) wrote on Fri, 20 December 2013 11:38
Then there might be another computer in your LAN (infected by virus) sending emails through your firewall.


No, no, everything is fine now.
I just wanted to know if everything is configured properly regarding my mail server and if the points below are applied correctly.

* rDNS points to a fully qualified domain name (FQDN)
* rDNS points to a domain which matches the HELO FQDN
* rDNS points to a domain which matches the sender domain or a domain which matches the parent domain


Petr, as I understand you say that you don't see any problems with my config, yes ?

Thank you.

I don't understand what they mean by this "...one of the HELO string we are seeing "usairways.com" which is not exact matches to the PTR of the IP 77.XX.XXX.XXX (mail.domain.com)" what usairways.com has in common with my IP?

[Updated on: Fri, 20 December 2013 13:50]

  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
yes, I don't see any problem with your config.

It's possible that another computer behind you NAT is sending emails and identify itself as usairways.com (which a lot of botnets do). Or the "blacklist" is evaluating fake email headers from other spams.
I'd recommend to watch port 25 on your firewall and make sure your mailserver is the only one sending emails.

Petr Dobry
Product Development Manager | Kerio
  •  
eXtremer

Messages: 59
Karma: 0
Send a private message to this user
Petr Dobry (Kerio) wrote on Fri, 20 December 2013 13:05
yes, I don't see any problem with your config.

It's possible that another computer behind you NAT is sending emails and identify itself as usairways.com (which a lot of botnets do). Or the "blacklist" is evaluating fake email headers from other spams.
I'd recommend to watch port 25 on your firewall and make sure your mailserver is the only one sending emails.


I'll do that, thank you.
If you could remove my IP from http://forums.kerio.com/mv/msg/26347/109312/#msg_109312 I would really appreciate.

[Updated on: Fri, 20 December 2013 13:53]

Previous Topic: Kerio email connection issue
Next Topic: Properties.fld contains 320 GB of data
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Oct 20 01:38:13 CEST 2017

Total time taken to generate the page: 0.00478 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.