Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SMTP Greeting from remote host (SMTP Greeting works in putty but not from server)
  •  
Maurice Herbst

Messages: 9
Karma: 0
Send a private message to this user
A Customer of ours just changed ISP's and now we cant send them email the error we receive is:

Action: delayed
Status: 4.4.2
Remote-MTA: mail.PRECISIONMETALS.COM
Diagnostic-Code: SMTP; No greeting from remote host

The email eventually fails.

When I test this from a command line on our server I get the following:

telnet mail.precisionmetals.com 25
Trying 162.210.109.180...
Connected to mail.precisionmetals.com.
Escape character is '^]'.

No banner is ever sent however if I manually type the ehlo command I get the banner.

When I test this from Putty I get a banner response as seen below without typing the ehlo command:

220 Tin.PRECISIONMETALS.LOCAL Microsoft ESMTP MAIL Service ready at Wed, 20 May 2015 14:10:14 -0700

I can send to their server through GMAIL or Hotmail, and they can send to us with no issues.

They are running Exchange 2010 and we are running Kerio Connect 8.2.4

We have been seeing a few small issues with sending however most emails are received by our recipients with no issue. This server has been fully functional for over 3 years without any functional problems.
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
http://mxtoolbox.com/domain/mail.precisionmetals.com/

7 Problems
Category Host Result
https precisionmetals.com Unable to connect to the remote server (https://precisionmetals.com)
spf precisionmetals.com No records found
dns precisionmetals.com SOA Expire Value out of recommended range
smtp mail.precisionmetals.com Reverse DNS Resolution - No PTR Record found
smtp mail.precisionmetals.com Warning - Does not support TLS.
smtp mail.precisionmetals.com 11.138 seconds - Not good! on Connection time
smtp mail.precisionmetals.com 18.486 seconds - Not good! on Transaction Time

Ken Snyder
  •  
Maurice Herbst

Messages: 9
Karma: 0
Send a private message to this user
First its not precisionmetals.com its mail.precisionmetals.com I have ran this tool for them before on the mail.precisionmetals.com and only saw the PTR issue. Would you be so kind as to run it again and see what you get.

Thank you
  •  
Brian (GFI/Kerio)

Messages: 778
Karma: 79
Send a private message to this user
Hi Maurice,

It's possible that your Kerio Connect server cannot route to that remote host. Normally Kerio Connect will wait two minutes before giving up. That server seems to reply within about 10 seconds. It would help to turn on SMTP client message from the debug log, then send them an email and we can review the log activity.

Brian Carmichael
Instructional Content Architect
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
Maurice,

Please click the link I provided in the top of the post. As you can see throughout my response, the tool (mxtoolbox) ran against mail.precisionmetals.com. We're not very motivated to help people solve their MS Exchange problems as you can probably imagine. Perhaps I'm missing something from the wording of your post and you're concerned that this is a problem with your mail server? Can you confirm?

Regards,
Ken Snyder

Ken Snyder
  •  
Maurice Herbst

Messages: 9
Karma: 0
Send a private message to this user
ksnyder - I clicked the link the only issue I see is the PTR issue:Reverse DNS Resolution - No PTR Record

I wouldn't think that would keep me from getting the SMTP banner from a command line on a Linux server.

Believe me when I say I don't want to help anyone with MS Exchange either hence the reason I run Kerio Smile

Yes I am concerned that it is our server, plus they are a valued customer and I am trying to be understanding for that reason.

What concerns me is that from Putty I get the banner just fine but when running telnet from a command line on the server I do not.

IF you at Kerio can tell me 100% that my server is not the issue I will be happy to close it and move on.
  •  
Maurice Herbst

Messages: 9
Karma: 0
Send a private message to this user
Brian,

How do I turn on the SMTP client message I don't see any options on the debug log screen.
  •  
Maurice Herbst

Messages: 9
Karma: 0
Send a private message to this user
Ah found it I will turn it on and see what I get.

Here is the debug logs I get:

[20/May/2015 15:48:34][19136] {smtpc} Sending email to SMTP server mail.PRECISIONMETALS.COM, delivering mail from <mherbst<_at_>eetechinc.com>
[20/May/2015 15:48:34][19136] {smtpc} Connecting to 162.210.109.180 (mail.PRECISIONMETALS.COM) using local interface 0.0.0.0...
[20/May/2015 15:48:34][19136] {smtpc} Connected to mail.PRECISIONMETALS.COM

[20/May/2015 15:53:34][19136] {smtpc} SMTP connection closed while reading SMTP reply
[20/May/2015 15:53:34][19136] {smtpc} No greeting from server mail.PRECISIONMETALS.COM

[Updated on: Thu, 21 May 2015 00:55]

  •  
Brian (GFI/Kerio)

Messages: 778
Karma: 79
Send a private message to this user
It seems that the connection is getting forcibly closed at the point that the greeting would be sent. This type of behavior is usually caused by some type of content filtering gateway (e.g. firewall). Looking back at your original reply it is odd that when connecting on port 25 from the mail server system you find that there is no greeting until you issue the EHLO command. From normal SMTP communication, the client has to wait for a greeting before send EHLO. Please investigate if there is any type of content filter on your end that would be preventing your Kerio Connect system from receiving a greeting from mail.PRECISIONMETALS.COM.

Brian Carmichael
Instructional Content Architect
  •  
vincent.iveze

Messages: 5
Karma: 0
Send a private message to this user
My server has exactly the same problem with Microsoft mail servers only (outlook.com, hotmail.com, etc...). If i connect with telnet to them, they hang before the greeting. To get a greeting i do not need to send a full HELO. If i put in an enter right after the line "Escape char...." appears, it works too. Other mail servers give me back the greeting without doing anything.

My conclusion is that Microsoft mail servers need the client to send something first, even if it is just an enter. Is there in Kerio-Connect some option to say: Send an enter right after the tcp handshake?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
vincent.iveze wrote on Tue, 11 August 2015 22:23
My server has exactly the same problem with Microsoft mail servers only (outlook.com, hotmail.com, etc...). If i connect with telnet to them, they hang before the greeting. To get a greeting i do not need to send a full HELO. If i put in an enter right after the line "Escape char...." appears, it works too. Other mail servers give me back the greeting without doing anything.

My conclusion is that Microsoft mail servers need the client to send something first, even if it is just an enter. Is there in Kerio-Connect some option to say: Send an enter right after the tcp handshake?


When using telnet, make sure that the telnet client always sends CRLF as line ending (as required by RFC).
In fact, sending any data prior receiving greeting from receiving server is a violation of RFC. The client MUST NOT send any data until receiving greeting from remote server in SMTP.
  •  
clan

Messages: 236
Karma: 22
Send a private message to this user
vincent.iveze wrote on Tue, 11 August 2015 22:23
My conclusion is that Microsoft mail servers need the client to send something first, even if it is just an enter. Is there in Kerio-Connect some option to say: Send an enter right after the tcp handshake?

I think you are wrong, I just tried connecting with telnet to some of the hotmail mail servers and got the greeting immediately.
  •  
vincent.iveze

Messages: 5
Karma: 0
Send a private message to this user
I have checked tcpdump and the tcp 3-way handshake happens (syn syn-ack ack). Then nothing (waiting for greeting) when connecting a Microsoft mail server. So what telnet sends (CRLF) is irrelevant. It should and does not send anything.

We did recently migrate from os-x to Centos 7. Tested telnet on different os-es and found that os-x and windows tcp give microsoft mail servers what they want from within our internal network. None of the Centos do (6 or 7).

There are some possibilities on our network:
1) Centos tcp does not work with Microsoft tcp
2) Bad gateway which mysteriously only affects Centos

In both cases it is still weird that the issue is only with Microsoft mail servers.
  •  
clan

Messages: 236
Karma: 22
Send a private message to this user
I think it is save to say, that you can rule out 1), I would expect many more complaints if that was the case.

2) could actually be (almost) the case, just not for Centos, but the IP address you assigned to the server. This is still a long shot, but is the IP of the Centos servers blocked somewhere? Or routed differently?
  •  
vincent.iveze

Messages: 5
Karma: 0
Send a private message to this user
Just back from testing with a Linux firewall/nat gateway, and it works. This is important information for anyone who has specifically Kerio on a Linux server and this problem with Microsoft mail servers (hotmail.com, outlook.com, etc....). They should check their firewall/nat gateway for any mail protection settings, and if that does not work test with another gateway or better a Linux gateway.

My best guess is that an older firewall/nat gateway malforms modern Linux tcp packets slightly. Not enough to make any mail server angry, except those of Microsoft. Probably a misplaced action of them in an attempt to avoid spam.
Previous Topic: Sending duplicate emails since update to 8.2.4
Next Topic: Outlook cache - delete by script or gpo
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 03:24:10 CET 2017

Total time taken to generate the page: 0.00550 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.