Banner/Greeting Does not contain your hostname
Question asked by Barbara Renowden - September 11, 2015 at 7:07 AM
Unanswered
Hello, we use Unlock the Inbox to test our hosted mail accounts set up and we have recently had an issue pop up on us for POP, IMAP, and SMTP.
 
So we have an SSL certificate that is issued as a wild card to *.centricweb.net.  The certificate is working and is valid.  Our mail server host name is mail.centricweb.net. 
 
In the reports being returned we are getting this.
 
POP3 SSL (Port 995):    Connection Established
- Extensions:    TOP, USER, UIDL, IMPLEMENTATION
- Server Greeting:    POP3 server ready
- SSL Hostname:    *.centricweb.net
- SSL Subject:    CN=*.centricweb.net, OU=Domain Control Validated
- SSL Issuer:    CN=AlphaSSL CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
- POP3 Banner Reverse DNS Check:    Failed - POP3 Banner/Greeting Does not contain your hostname
- SSL Valid:    Certificate is Valid
- SSL Key Size:    2048
- SSL Protocol Used:    TLS 1.2
- SSL Cipher Algorithm:    AES 128
- SSL Hash Algorithm:    SHA 256
- SSL Exchange Algorithm:    RsaKeyX
- SSLv3 Disabled:    Yes
 
so i guess my question is how do I fix this?  Thanks.

Barbara Renowden President / Co-Founder Centric Web, Inc. https://www.centricweb.com

1 Reply

Reply to Thread
0
We use this as our BANNER GREETING for SMTP IN
 
#HostName#  #TimeUTC# UTC  | SmarterMail Enterprise 14.2
 
The #HostName# will pick up the hostname which is actually using the SmarterMail SMTP services at the time of the transaction.
 
The #TimeUTC# will enter the time of the transaction in all message headers and logs.  The time stamp is important when troubleshooting and using UTC makes it much easier to vet times against a common standard, vs trying to translate between time zones.
 
You also need to make certain that you have your IP ADDRESS to HOSTNAME mapping for the FULLY QUALIFIED DOMAIN NAME of your PRIMARY SMARTERMAIL SERVER mapped in two places:
 
  • The HOSTNAME in SETTINGS, GENERAL SETTINGS:
 
 
 
  • The HOSTNAME to IP ADDRESS MAPPING in BINDINGS
 
 
Once this is done, make certain you have a valid rDNS mapping for your STATIC, PUBLIC IP ADDRESS to the FQDN of your SmarterMail server, and that will tie everything together.
 
You will also need to make certain that you have the SAME IP ADDRESS setup as the IPV4 IP address in the DOMAIN EDIT screen:
 
 
That IPV6 is DISABLED
 
and that you have your SMTP OUT setup to use the SAME IP ADDRESS as is mapped to your domains:
 
 
 
 
If you have MULTIPLE, PUBLIC, STATIC IP addresses mapped to domains, then you will have to set your SMTP OUT IPV4 IP ADDRESS to use the DOMAINS IP ADDRESS:
 
 
DO NOT enable the check box for ENABLE PRIMARY IP ON FAILURE, especially if you have a hosted service.  I've seen too many situations where they primary IP address is a private IP address which is not properly mapped to a public IP address and, in the case of a failure of the primary IP address, all e-mail stops flowing.
 
 
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread