Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mohamed_kamal
New Contributor

DNS issue

i have fortimail 200d and fortigate 200D

when i send any mail replay me postmaster is (reason: 550 *** The HELO for IP address 41.38.52.75 was '[41.38.52.75]' (valid but not recommended syntax )

i contact with senderbase team to know why added my IP to blacklist and replay me that 

To this end, we are seeing reports of HELO strings which do not match the PTR / rDNS of the IP. One of the HELO string we are seeing  “[41.38.52.75]”  which is not exact matches to the PTR of the IP 41.38.52.75  (mail.elashrygroup.com).

how to resolve ip to HELO  ? 

please  help me 

41 REPLIES 41
Mohamed_kamal

i checked your attached and i choosing host name 

Bromont_FTNT

What firewall device are you using? Is it doing SMTP inspection?

Mohamed_kamal

firewall Fortigate 200D

emnoc
Esteemed Contributor III

 

 your attached and i choosing host name 

 

 

Does the  hostname match the  A & PTR records? When you say "hostname" do you mean system name ? Have you  tried telnet from the FML to something like  gmail MX server and see what's being shown in the extended HELO ?

 

e.g 

exe telnet  alt1.gmail-smtp-in.l.google.com 25

 

 

 

btw: "get system status" will show you the system <hostname> that's what would be  display in  any SMTP hellos

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Mohamed_kamal

when i telnet ti google it answered me that 

Connection status to alt1.gmail-smtp-in.l.google.com port 23:
	Connecting to remote host failed.

 

Mohamed_kamal

A record & PTR record are matching u can take my ip and check that

41.38.52.75

 

Mohamed_kamal

server mode

emnoc
Esteemed Contributor III

HELLO ( pun intended  )

yes bu it MATCH your system-hostname of the  device doing the HELO?

 

SOCKET1:~ kfelix$ host 41.38.52.75 75.52.38.41.in-addr.arpa domain name pointer mail.elashrygroup.com. SOCKET1:~ kfelix$ host -t a mail.elashrygroup.com. mail.elashrygroup.com has address 41.38.52.75 SOCKET1:~ kfelix$  

DNS is one thing, but if the string in EHLO/HELO does not matched,  it looks like a forged SMTP connection  and  any ESA or MX-gw could drop the  connections.

 

 

Ken

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Mohamed_kamal

First whats wrong on dns ? how to match HELO on my system host ae ?
emnoc
Esteemed Contributor III

 

1st does the cli   get system status | grep ostname

 

does it match your above DNS name  { mail.elashrygroup.com } ? ( yes or no )

 

2nd if no, than you need to set the "system" name in your protect domain as listed earlier when you start the thread

 

3rd re-test

 

4th monitor the FML logs for errors

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors