Misconfigured SMTP servers

Good Evening, our server keep getting blacklisted by SPAMHAUS ZEN,
when we checked it is because Misconfigured SMTP servers specifically “SMTP servers should be configured with correct forward and reverse DNS and HELO/EHLO values.”

How can i check this values and possibly update it?

Thanks :smiley:

OS : CentOS Linux 7.6.1810
Webmin Version : 1.942
Usermin Version : 1.791
Virtualmin Version : 6.09

Webmin -> Servers -> Postfix Mail Server should give you lots of options. If you know your way around config files, use Edit Config Files

For Reverse DNS, you will have to use your VPS control panel or ask your hosting service provider to set it up for you.

If you’re using a default Virtualmin installation, then most likely only the rDNS is lacking. rDNS has to be set up by your hosting company or datacenter.

Forward DNS resolves a domain name to an IP address, and is set up in DNS in the authoritative name servers for the domain. If the correct IP address is found when you ping the mail server’s name (for example, ping mail.domain.tld ) from a computer that you know doesn’t have the IP cached, then forward DNS is working. Or you can check it at https://mxtoolbox.com/dnscheck.aspx .

Reverse DNS (rDNS) resolves an IP address to a server or domain name, and has to be done by the registered owner of the IP address, which is usually the hosting company or datacenter. Most often it’s set up to resolve to the server’s hostname on a shared server, but it actually can resolve to any domain on the server. You can check your rDNS by entering the IP you’re using to send mail at https://mxtoolbox.com/ReverseLookup.aspx .

rDNS has to be set up by your hosting company or datacenter, depending on what kind of server you have. Dedicated or VPS typically would be set up by the hosting company, while co-lo would typically be set up by the datacenter. As a general rule of thumb, the company you pay probably is the company that will have to set up rDNS for you.

If you’re using a default Virtualmin install, it’s unlikely that you have any HELO/EHLO problems. You can check by sending an email from any domain using the server’s mail server (basically any domain hosted by the server in a default installation) to helocheck@abuseat.org . You’ll receive a failure message even if the configuration is correct. The message will tell you either that your configuration is okay, or what is wrong with it.

Richard

1 Like