Overview
Some of the users can't send emails via secure SMTP port 465. Kerio Connect blocks the authentication and the Security log shows the following error:
Client with IP address X.X.X.X has no reverse DNS entry, connection rejected
before SMTP greeting
Prerequisites
Access to the Kerio Connect Administration
Diagnosis
Kerio Connect provides advanced security techniques to protect the mail server from Spammers. One of the security options is designed to block the client's IP address if it has no reverse DNS entry or so-called PTR. It can be configured in Configuration -> SMTP server -> Security Options tab.
Once this feature is enabled and there is an IP address with no PTR record configured, Security log will show a similar output:
Client with IP address 2XX.XX.XXX.X6 has no reverse DNS entry, connection rejected before SMTP greeting
While performing Reverse DNS lookup, indeed, the reported IP address doesn't have a PTR record configured.
Solution
- If the reported IP address is trusted, disable the Block if client's IP address has no reverse DNS entry (PTR).
Note: this is not recommended as the Reverse DNS protection will be disabled for all other IP addresses as well.
- Change the SMTP port to 587 instead of 465.
Confirmation
Emails are sent to Kerio Connect without any problems.