krtg2
-
Gesamte Inhalte
9 -
Registriert seit
-
Letzter Besuch
Beiträge erstellt von krtg2
-
-
4 hours ago, NorbertFe said:
Hi,
change it to f.i.
{::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 192.168.17.0/24, 192.168.18.0/24}
(add all IP subnets you're using)
Thank you very much.
We applied these changes and have repeated the test. There is still the banner mismatch issue:
Reverse DNS does not match SMTP Banner
220 mail.domain.de Microsoft ESMTP MAIL Service ready at Tue, 15 Feb 2022 16:19:34 +0100 [213 ms]
EHLO keeper-us-east-11b.mxtoolbox.com
250-mail.domain.de Hello [internal firewall ip] -
36 minutes ago, NorbertFe said:
Hi,
you have to diffentiate between sendconnector (EHLO string) and receive connector (EHLO string). The first one you can change as you like to match your desired name within your certificates SANs. The receiveconnector receiving mails from internet is usually the default frontend connector and there you can't (and shouldn't) change the EHLO string. Change the connector scope to only match your internal IP networks and create a new frontend connector (type internet) afterwards. There you can change the EHLO response to match one of your certificate's SANs. The receivce connector shouldn't cause blacklisting usually.
Hope that helps
Norbert
Hi,
Thanks a lot for your quick help.
I am wondering how to change the connector's scope to only match the internal ip. Now it is defined as:
{::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
what should be there instead?
Should any port be specified?
-
With our Exchange 2016 we can send and receive emails (internal and external). But for some providers we got blacklisted. We have tried several tools for SMTP checks and there seems to be a Certificate mismatch.https://ssl-tools.net/ claims that there is no certificate for mail.domain.de, although we have installed and enabled the respective certificate in Exchange.We can see 3 certificates in ECP: 1st: our own (domain.de) that is assigned to iis, smtp, pop, and IMAP, 2nd: Microsoft Exchange Server Auth Certificate, also assigned to SMTP and WMSVC-SHA2 assigned to none.We have also Configured the TLS Certificate Name for Exchange Server Client/Default Frontend but this did not help.https://mxtoolbox.com reports that the "Reverse DNS does not match SMTP Banner". The report is the following:220 mail.domain.de [212 ms]EHLO keeper-us-east-1b.mxtoolbox.com250-[FQDN of Exchange server] Hello [Internal Firewall IP]We had corrected the 220 response but where can we change the 250 that is sharing internal information?Any help would be appreciated!
-
Hi all,
I am trying to built up the external acces to our Exchange 2016 server but I am receiving the error below.
I have checked port 443 to be open and set an external virtual directory to https://department.company.de/owa. I also tried setting the virtual directory to https://domain.de/owa but this did also not work (domain.de != company.de). The internal access is working fine. I have not requested a certificate yet because I am not sure which virtual directory to put in there. I also checked Autodiscover at the hosting provider and in the DNS.
I have the feeling that I have overlooked something but currently I have no starting point.
Any help is appreciated.
-
Thank you very much for the link! This has solved the issue!
-
Thank you very much for the advice! I have now removed the Remote Desktop Services Roles. The error message remained unchanged after a restart.
-
The idea was to have easier/faster access during the migration process.
-
Hi!
We have issues to access the exchange management shell and ECP (receiving the following error).
We have already tried "winrm quickconfig", but the result is already configured!
Since installing the remote desktop roles, it has stopped working [not sure whether it is related to the issue or not].
Any help is appreciated :D
SMTP Certificate and Banner Mismatch
in MS Exchange Forum
Geschrieben