What
For mail to be delivered reliably with any mail system, it should come from a mail source that is deemed trustworthy. There are many factors including SenderID/SPF, open SMTP ports, Reverse DNS (PTR) records, etc. But as well, the banner of the mail server should really match the host they are expecting to connect to. The following applies to Exchange Server 2013.
For example, our MX record says that email bound for @itgroove.ca should be answered by a system at mail.itgroove.ca. However, currently, our new Exchange 2013 Server, out of the box says “hey, I’m itgca1vm07.itgroove.ca”.
So What
Some mail systems will outright reject emails from us, some will delay messages (grey listed) and other things that WASTE TIME. Ick.
Currently, if we telnet to mail.itgroove.ca on port 25, we get this…
Now What
Setting the greeting or “banner” is pretty straightforward… Reference: http://technet.microsoft.com/en-us/library/bb125140.aspx
- Decide what it should be
- Figure out what Receive Connector it will be applied to
- Set it in PowerShell
Here we go…
#1 Decide on a greeting
Ours should be 220 mail.itgroove.ca (220 means “hey, I’m listening” and some mail systems want to see this)
#2 Figure out which receive connector it should be
This is the desired receive connector
#3 Set the new Greeting in PowerShell and test (telnet again)
Set-ReceiveConnector -Identity “itgroove – Internet Inbound Email Connector” -Banner “220 mail.itgroove.ca” -ConnectionTimeout 00:15:00
Done. This is also nice because I’m also not telling the visitor what mail system I have any more either. One less thing useful to a hacker for the ‘old attack surface. Then again, this blog post is helping them a little I suppose 😉
Hi,
Great article,
I have mail and mail2, mail is configured correctly, how can I set mail2 greetings, as mail & mail2 are pointing to different IP and ISP.
thanks
Pretty much exactly what I was looking for. Thanks
thanks a lot. That did it!