All Exchange admins are familiar with the SMTP banner. It is the response received by a remote server after it connects to the receive connector of an Exchange 2010 Hub or Edge server. If the SMTP banner is not set on a receive connector, the default response will have the fqdn of the server, along with the information that the server in use is a Microsoft one.
Below is the default response from my telnet client. As the internal information becomes visible to outside servers, exchange admins tend to change it.
I have seen companies using the “Specify the fqdn this connector will provide in response to EHLO” option in the receive connector as a means to set the banner. It is NOT the right way to do it.
The “banner” parameter of the Set-ReceiveConnector cmdlet needs to be used to configure the banner. Run the command below to set the banner. The banner text should start with 220, as stated in RFC 2821.
Set-ReceiveConnector –identity “ServerConnectorname” –Banner “220 banner text”
Once it is set, a telnet session will respond with the new banner.
Hello Rajith
Help me in the case, we are facing on it.
My mail system have 2 hub-cas Ex 2010, mail to internet via smtp gateway call name Fortimail.
One external mail system call name vnu.edu.vn have just rejected all email of us. And this is alert
qmail-smtpd[25603]: before greeting: [xxx.xxx.xxx..xxx] client disconnected
a client is forcibly disconnected because they sent data before the server sent the banner (which is a violation of RFC 2821.)
So, how can i fix it?
Additonal infomation: we can send email to every outside domain, but only one vnu.edu.vn can not.
Pls show me where is root cause. Thanks alot
I am getting error message ” Smtp banner mismatch”. I am new to exchange. What possibly i find out that our sending and recieving connectors are having different fqdn’s. Our reverse Dns Ptr is pointing towards the fqdn which is in the sending connector. We are using microsoft forefront for exchange. Our local exchange server ip is mapped to public ip in our firewall.We are using split domain .local and .com.
Gmail is tagging our email as spams.
Mxtool box results shows no spf configure.
Please help me out.
Good Day
Can you help me out, our mail server suddenly cannot receive incoming mails… my ISP change my public IP after i publish the static IP that ISP given to me cannot receive any incoming mails but rather it bounce back to the recipients. Outgoing is fine and run smoothly. Can anyone help me thanks in advance our email runs in Server 2003 and under Exchange System Manager.
Hi Zaclipat,
Once you change your IP address, you need to update your MX record in the public DNS to point to the new IP. Otherwise, external servers sending emails to you will try to route the emails to the old IP and will fail.
Thanks
Will this be the same setup if I have 4 different domain names?
I followed your instructions and the SMTP banner changed.after two months again i changed the SMTP banner but it wont reflect…please advice
Did you try restarting the transport service Balaji?
thank you for being clear.
Thanks Derrick
wuite helpfull
Thanks Amar
Rajith,
I followed your instructions and the banner changed perfectly. I see the banner if I telnet to if, but if I run a test from mxtoolbox.com or send a bogus email to the server, the domain.local hostname is being exposed? Not sure I want the local exchange server hostname and domain being on display like that. Is there a way to change this or should this not have been changed when I set the banner?
thanks
Hi Scott,
That should have been changed. Do you have more than one server? If so, it needs to be done on all servers.
Also please let me know if I create new receive connector with changed FQDN, will I have to crate new exchange certificate then?
No need to create a new certificate, unless you are using domain security with partner companies.
Hi Rajith Enchiparambil,
Thanks a lot for clear instructions, I really needed a superior professional guidance on this and looks like I am on right blog:
Our ISP handles rDNS of this IP to mail.mydomain.com and it is working fine.
Can you please clarify this line more: Then create a new receive connector (say from Internet) and use the exchange ip rather than all ips which is the default for receiving ip.—-We use NAT in firewall (it forwards mail request coming from Static IP to dynamic IP) and exchange server LAN card has dynamic IP address only- Did you mean ‘use the exchange IP (dynamic IP’)?
Can you also please provide any link that shows step by step configuration to create new receive connector along with the settings that shows the using exchange IP?
thanks,
Roshi
Hi Roshi,
Any reason why you use dynamic IP for Exchange server?
Why don’t you have static IPs from the private range for servers?
Yes, I meant that IP of Exchange server. Do you have a DHCP reservation for the Exchange IP?
Thanks.
I thought it is always safe to keep exchange server on Dynamic IPs as the server will be behind the firewall and only necessary traffic will be forwarded to the exchange\windows server 2008 R2 server. Its working fine in this way and we have exchange server 2003 in same way set up.
Our firewall forwards SMTP,IMAP and POP traffic to the server that is coming to static IP (set up on firewall).
Static IP 123.123.123.123 it forwards it to 192.168.1.1 (just a example).
Hi Roshi,
All internal servers including DCs, Exchange etc should have a static IP from the private IP range. This is best practice and recommended.
Thanks.
The situation was: I migrated SBS 2003 to Windows server 2008 R2 enterprise with exchange 2010-Now what I did:
SBS server dynamic IP was – 192.168.1.111 and we have DHCP scope from 192.168.1.192 to 254.
I provided 192.168.1.191 IP address to the new WIN2k8 Server and now after migration I want to give SBS 2003′ IP (192.168.1.111) to new server and change the IP of SBS server.
Is it possible to change the Exchange server IP address after exchange installed?
please let me know.
Hi Roshi,
It is not nice to make changes to server after the installation. How big is the network?
Hi All,
can changign SMTP banner will require new exchange certificate as with new SMTP banner OLD self signed certificate will not work,
isn’t it?
I have a situation:
I have migrated exchange 2003 to exchange 2010, moved all the mailboxes over to exchange 2010 but HAVE NOT moved public folder yet and using exchange default self signed certificate:
Now few domains are not accepting our mails as Under:
Organization configuration –> Hub Transport–> send connector does not have FQDNS name that matches with my A reocrd, there is no option to change the FQDNS name.
I tried maxtoolbox utility and found that it says Warning – Reverse DNS does not match SMTP Banner.
Ran command: Get-senconncector |fl and it shows NO FQDN name for it….
Under server configuration–HUB transport—Default receive connector properties it shows the local comouter name of my server (Server.mydomain.local) not mail.mydomain.com.
Please suggest how to reslove this issue.
Thanks
Roshi
Hi Roshi,
SMTP Banner has nothing to do with cert.
You can change the banner to what you have externally, eg; mail.domain.com points to your public ip for smtp.
If mail.domain.com points to your public ip, say 1.2.3.4, then you need to create a reverse dns record / ptr record in your public dns to resolve it back, ie; 1.2.3.4 points back to mail.domain.com.
Then create a new receive connector (say from Internet) and use the exchange ip rather than all ips which is the default for receiving ip.
Set mail.domain.com as the fqdn in the new connector.
Default connectors doesnt allow you to change fqdn and hence the need for a new one.
Thanks
Hi Rajith,
If we create a new receive connector with the new FQDN to receive mail from the internet, should we
1. Enable anonymous users access on the new internet receive connector and leave the default frontend connector enabled but without anonymous checked?
2. Replicate all security settings from the default frontend connector to the new internet connector?
Thanks in advance.
That is correct Chas.
You can even tie down your security settings to accept emails from a specific IP if you have a spam filter in front of your Exchange server.
Hi Michael,
Nothing wrong with creating a new connector. By default, you don't have to and use the cmdlet to set the banner.
Hi Rajith,
but it is also recommended to create a separate Receive Connector, so there is no problem i think, to customize this Line in the GUI on the newly created Receive Connector.
Michael Seidl aka Techguy
Hi Anonymous,
You can't set a banner (except internal server name, null value etc) on the default receive connector. You will need to create a new receive connector and play with the IPs to make the connector unique, then apply your banner text.
Shell makes it easier, just a one-liner, no need of new connectors.
Thanks Dinar
I came onto your blog and focus just slightly submits. Nice strategy for text. I'll be bookmarking straight away seize all of your rss.
I am interested to know why it is not s good idea to set it in the GUI. It seems MS made that for us….