The Internet-facing SMTP messaging servers of many organizations are configured to validate the source IP address, the corresponding domain name system (DNS) domain name, and the reverse lookup IP address of any Internet host that tries to send a message to the server. If you connect a test computer to the Internet and try to send a test message to a remote messaging server by using Telnet on port 25, your message may be rejected. To satisfy security requirements that may be imposed by the remote messaging server, you can connect to the remote messaging server from your Edge Transport server. The accepted domains that are configured on the Edge Transport server have the appropriate DNS mail exchange (MX) records, address (A) records, and reverse lookup records that identify the Edge Transport server as a legitimate and traceable e-mail message source for those accepted domains on the Internet.
Find out the SMTP server IP address:
nslookup
set q=mx
Joymaininc.com
Non-authoritative answer:
joymaininc.com MX preference = 10, mail exchanger = postbox.postbox.joymaininc.com
postbox.postbox.joymaininc.com internet address = 76.77.74.135
Telnet 76.77.74.135 25 ----Fail
========
http://technet.microsoft.com/en-us/library/bb794845.aspx#Qdns
- Pointer (PTR) Record Validation
A DNS PTR record is used to map an IP address to a host name or host names depending on the version of DNS that is being used. The receiving SMTP server will perform a reverse DNS lookup on the IP address of the sending SMTP server. If a PTR record has been configured, the host name will be sent back as the information requested. Then, the SMTP server performs a forward lookup on the host name. If the IP address of the sending SMTP server and IP address of the forward lookup match, the e-mail message is assumed to have come from a valid SMTP server, and the e-mail message is allowed. If the two IP addresses do not match or there is no PTR record, the e-mail message is rejected.
To fix this scenario, confirm that you have a properly configured PTR record for the primary IP address for the External network adapter.When applying network address translation (NAT), the primary IP address of the network adapter might be different from the IP address used. Make sure that external NIC's IP address is used in PTR.
How to configure Exchange 2003 SMTP server to perform reverse DNS lookup?
You can configure the Exchange server to reject incoming connections by specifying a domain name on the SMTP virtual server. When this is done, reverse lookups are performed on all connection attempts. This setting is available under Connection Control on the Access tab when you right-click the SMTP virtual server and then click Properties.
- HELO/EHLO Host Name Validation
HELO/EHLO is a required SMTP command that is used to initiate the transfer of e-mail messages from one SMTP server to another SMTP server. The HELO command is used to identify the sending SMTP server, in the form of a host name, to the receiving SMTP server. The host name should be a fully qualified domain name (FQDN) that can be resolved on the Internet.
Some SMTP servers validate the host name in the HELO command. The receiving SMTP server performs a forward lookup on the host name it received in the HELO command. If the IP address that is received back matches the sending SMTP server's IP address, the e-mail message is allowed. However, if the IP address does not match or no address is returned for the host name, the e-mail message is rejected.
configuring the HELO/EHLO command on your SMTP server--The host name should be an FQDN that is resolvable on the Internet. --exchange server documentation.
The host name resolves to the primary IP address of the external network adapter--NAT
To check that you have a properly configured PTR record, visit the following Web sites: http://www.dnsstuff.com/ and http://www.dnsreport.com/.
Exchange 2007
New-ReceiveConnector -RequireEHLODomain
RequireEHLODomain
Valid values for this parameter are $True or $False. The default value is $False. When the RequireEHLODomain parameter is set to $True, the remote computer must provide a domain name in the EHLO handshake after the SMTP connection is established. If the remote computer does not provide the domain name, the SMTP connection is closed.
DefaultDomain
This parameter specifies the domain name to append to values that are submitted to MAIL FROM: or RCPT TO: in the message envelope by a sending server if no domain name is provided.
DomainSecureEnabled
Domain MX Record Validation
Some receiving SMTP servers attempt to match the IP address that the e-mail message came from to the MX record of the sender's domain. In this case, the receiving SMTP server queries DNS for the MX record for the sender's domain. A forward lookup is performed on the host names and the receiving SMTP server attempts to match the IP address of the sending SMTP server to an IP address from a MX record. If there is a match, the e-mail message is allowed. However, if a match is not found, the e-mail message is rejected.
http://support.microsoft.com/kb/300171
The mail servers of some Internet domains require that you create a valid PTR record that points the sending server's IP address to the local SMTP domain namespace. Sometimes these mail servers require that the PTR record match the actual FQDN of their SMTP Virtual Server on Exchange. Typically, this is the MX record. These Internet domains include AOL.com, Qwest.net, Mindspring, Earthlink, and Hotmail. To send mail to these domains, create a valid PTR or a reverse lookup record on your company’s external or Internet DNS server.
