554 Bad PTR Record but Record exists and is correct

email-serverptr-record

I'm getting Error messages from my freshly setup Postfix Server about impossible connections like this.

554-kundenserver.de (mxeue005) Nemesis ESMTP Service not available
554-No SMTP service
554-Bad DNS PTR resource record.

dig -x IP says PTR is set to lvpsxx-xxx-xxx-xxx.dedicated.hosteurope.de.
Telnet to IP with Port 25 ends with
"220 lvpsxx-xxx-xxx-xxx.dedicated.hosteurope.de ESMTP Postfix"
so obviously the Server Name is set correctly.

The only thing I can think of right now is that somehow Cloudflare DNS is responsible, although I can't explain how because Cloudflare only manages the several other domains running on the machine, the "lvpsxx-xxx-xxx-xxx.dedicated.hosteurope.de" and it's DNS is provided by the hosting provider.

Anyone have any idea what the Problem could be?

Best Answer

The remote mailserver thinks you are coming from a dialup connection with a dynamic IP because of the format of the reverse DNS pointer with the encoded IP and rejects the connection.

We had the same problem with a VPS at HostEurope. That seems to be a heuristic to fight spam that United Internet started using rather recently.

To work around this, change the reverse DNS PTR for the VPS to point to your own domain in the HostEurope control panel: https://kis.hosteurope.de/administration/ip-netze/index.php

See also https://faq.hosteurope.de/?cpid=11518 (German)

Of course, you can also try to convince United Internet to adjust their heuristic or wait until somebody else does. But this will probably take some time.

STARTTLS error

This log line

warning: TLS library problem: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1293:SSL alert number

indicated that PHP fails to verify peer certificate because unknown CA. This is exact duplicate problem with this question: Roundcube & Postfix SMTP: SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c. And from the question you already solves it by add these lines in roundcube

$config['smtp_conn_options'] = array(
  'ssl'         => array(
     'verify_peer'      => false,
     'verify_peer_name' => false,
  ),
);

Authentication failed error

To do this, we must look in postfix and roundcube logs to identify the problem. The real message was captured in postfix log file

Jan 18 20:18:21 steelhorse postfix/smtpd[1942]: warning: localhost.localdomain[127.0.0.1]: SASL LOGIN authentication failed: Invalid authentication mechanism

Now because the postfix SASL mechanism was provided by dovecot then you should check the mechanism that dovecot offer by run dovecot -a | grep auth_mechanism.

By looking to roundcube $config['smtp_auth_type'] and dovecot auth_mechanisms config, you can see a mismatch between these two. Dovecot only offer PLAIN mechanism. But the roundcube was configure to use LOGIN mechanism.

Solution can be one or both of these

Offering LOGIN mechanism from dovecot side by adding
```
auth_mechanisms = plain login
```
in dovecot config.
Set PLAIN login to roundcube side by change the parameter to
```
$config['smtp_auth_type'] = 'PLAIN';
```

Best Answer

Related Solutions

Mailserver and MX records in Cloudflare

Postfix TLS Error

STARTTLS error

Authentication failed error

Related Topic