Re: [qmailtoaster] dmarc smtp banner

2015-11-12 Thread Bharath Chari 

On 11/11/2015 01:23 AM, Eric Broch wrote:

Hi Jim,

A client of mine had an issue where it was the ISP that was causing 
the "220***" banner...something you might 
consider.


EricB

This is known to happen with Cisco Pix firewalls. The fixup smtp code 
they implement is buggy at times. MTA's such as postfix have a specific 
workaround for Pix firewalls that works on the fly.


Bharath

On 11/10/2015 11:54 AM, Jim Shupert wrote:

I am adding this incase it might help someone else

the iss:  my smtp banner was showing being masked by mxtoolkit
like so 220 

even though I had a good one
and a good me
all under /var/qmail/control/   me & smtpbanner

here was the solution

I have a cisco pix 515e firewall

and that conf in the pix
fixup protocol smtp 25

so i do a

fixup protocol smtp 25
and a write mem

and -- now good

it was the firewall ... that is what i currently think.


On 11/9/2015 6:32 PM, Tony White wrote:

Hi,
  I have just run a test against one of my servers.

1. dmarc, well I do not have one either. Not sure if I need to either.
Does anyone else have one?

2. check what the "host" command for your ip returns against the 
"me" file

in /var/qmail/control/me
Might pay to edit the "me" file and put in mailhost.theppsgroup.com 
instead of what might be there.


3. If you have not enabled TLS for mail then that is up to you.

4. SPF is not difficult really

example at the cli type

#dig TXT theppsgroup.com

This will return your current TXT records from the DNS.

If you have no TXT data then edit your DNS record and add an entry 
like this.


"v=spf1 a mx ip4:168.215.62.222 -all"

If you have more than one mail server that send email on your behalf 
of your domain

then add a second entry in this line

http://www.openspf.org/SPF_Record_Syntax

best wishes
   Tony White

On 10/11/2015 09:35, Jim Shupert wrote:

Friends,

If I check my server  with
http://mxtoolbox.com

I get the following complaints

Category Host Result

dmarc theppsgroup.com  Missing or Invalid Record
smtp mailhost.theppsgroup.com Reverse DNS does not match 
SMTP Banner

smtp mailhost.theppsgroup.com Warning - Does not support TLS.

it is true I have no dmarc ( i was thinking it is not required ...)
and I have tried to do the spf and the banner thing

i have tried googling and sorting it out -- thus far I am unsuccessful

I wonder if someone could give me some wisdom on how to resolve these

thanks

jims

Re: [qmailtoaster] dmarc smtp banner

2015-11-12 Thread Jim Shupert 

I need to correct a typo i had to ReMove the smtp fixup for 25


so i do a

*no* fixup protocol smtp 25
and a write mem

and -- now good

This could also be seen if I telenet to my server Inside my firewall i 
get the banner as expected but outside i got


"220***"

also If I from outside telnet and specified port 587  it was OK
only the default of 25 outside was

"220***"

fun w firewall

jS


On 11/12/2015 3:54 AM, Bharath Chari wrote:

On 11/11/2015 01:23 AM, Eric Broch wrote:

Hi Jim,

A client of mine had an issue where it was the ISP that was causing 
the "220***" banner...something you might 
consider.


EricB

This is known to happen with Cisco Pix firewalls. The fixup smtp code 
they implement is buggy at times. MTA's such as postfix have a 
specific workaround for Pix firewalls that works on the fly.


Bharath

On 11/10/2015 11:54 AM, Jim Shupert wrote:

I am adding this incase it might help someone else

the iss:  my smtp banner was showing being masked by mxtoolkit
like so 220 

even though I had a good one
and a good me
all under /var/qmail/control/   me & smtpbanner

here was the solution

I have a cisco pix 515e firewall

and that conf in the pix
fixup protocol smtp 25

so i do a

fixup protocol smtp 25
and a write mem

and -- now good

it was the firewall ... that is what i currently think.


On 11/9/2015 6:32 PM, Tony White wrote:

Hi,
  I have just run a test against one of my servers.

1. dmarc, well I do not have one either. Not sure if I need to either.
Does anyone else have one?

2. check what the "host" command for your ip returns against the 
"me" file

in /var/qmail/control/me
Might pay to edit the "me" file and put in mailhost.theppsgroup.com 
instead of what might be there.


3. If you have not enabled TLS for mail then that is up to you.

4. SPF is not difficult really

example at the cli type

#dig TXT theppsgroup.com

This will return your current TXT records from the DNS.

If you have no TXT data then edit your DNS record and add an entry 
like this.


"v=spf1 a mx ip4:168.215.62.222 -all"

If you have more than one mail server that send email on your 
behalf of your domain

then add a second entry in this line

http://www.openspf.org/SPF_Record_Syntax

best wishes
   Tony White

On 10/11/2015 09:35, Jim Shupert wrote:

Friends,

If I check my server  with
http://mxtoolbox.com

I get the following complaints

Category Host Result

dmarc theppsgroup.com  Missing or Invalid Record
smtp mailhost.theppsgroup.com Reverse DNS does not match 
SMTP Banner

smtp mailhost.theppsgroup.com Warning - Does not support TLS.

it is true I have no dmarc ( i was thinking it is not required ...)
and I have tried to do the spf and the banner thing

i have tried googling and sorting it out -- thus far I am unsuccessful

I wonder if someone could give me some wisdom on how to resolve these

thanks

jims