Reverse DNS does not match SMTP Banner
The error message is pretty straight forward. The banner is not matching the Reverse DNS record. You either have to update your reverse record with your hosting provider, or update your banner to match the reverse record in place.
The banner is the first line sent by the mail server when a client connects:
[~]$ nc localhost 25
220 example.com ESMTP Postfix (Debian/GNU)
It's given by the configuration line
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
$myhostname is replaced by the hostname configured for the host, and $mail_name is replaced by the MTA in use. However you don't have to use the variables:
smtpd_banner = example.com ESMTP Postfix (Ubuntu)
will work.
To actually change the reverse DNS you have to check with your providers help desk. In the case of DO, this help article may be helpful.
Related videos on Youtube
02 : 32
01 : 40
02 : 02
07 : 05
06 : 15
erwin
Updated on September 18, 2022Comments
-
erwin almost 2 years
I installed Postfix on my Ubuntu 16.04 server ( DigitalOcean ) , for my site: example.com I added an A record mail.example.com and an MX record for example.com handled by mail.example.com
it' running, but when I check my mail.example.com wu-ith MXToolBox , I get 1 warning
Result SMTP Banner Check Reverse DNS does not match SMTP BannerHere is the /etc/postfix/main.cf
/etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = example.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = $myhostname, example.com, example, localhost.localdomain, localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all home_mailbox = Maildir/ virtual_alias_maps = hash:/etc/postfix/virtual smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client cbl.abuseat.org reject_unknown_client permit policyd-spf_time_limit = 3600 smtpd_recipient_restrictions = reject_unauth_destination, check_policy_service unix:private/policyd-spf # Milter configuration # OpenDKIM milter_default_action = accept # Postfix ≥ 2.6 milter_protocol = 6, Postfix ≤ 2.5 milter_protocol = 2 milter_protocol = 6 smtpd_milters = local:/opendkim/opendkim.sock non_smtpd_milters = local:/opendkim/opendkim.sock -
erwin over 6 yearsthanks vidario... solved it after checking with my provider 5DigitalOcean) when I create my server ( Droplet at DO) te given name is used as host name , so I need to give example.com , not example ... after modification the issue was solved...