Overview
When the SMTP server "Block messages, if client's IP address has no reverse DNS entry (PTR)" option is enabled, the Kerio Connect verifies the rDNS record during the SMTP session communication.
This article provides detailed information on the verification mechanism and modifying the variable manually through configuration file.
Note: it's not possible to allow some IP addresses to avoid or bypass this verification.
Diagnosis
The DNS entry (PTR) check is performed for all SMTP client connection. Kerio Connect treats any SMTP session, such as SMTP client (Outlook, Apple Mail, etc) or external SMTP server (Gmail, Yahoo, etc) as client connection. The extended validation output can be viewed in Debug logs with the SMTP server option enabled.
{smtps} SMTPS server session begin; client connected from 212.xxx.xxx.xxx:47374
{smtps} Sent reply to MAIL: 553 5.1.8 Client IP address 212.xxx.xxx.xxx has no reverse DNS entry
The Security log is also creating the following entry:
Client with IP address x.x.x.x has no reverse DNS entry, connection rejected before SMTP greeting
This Security feature can be modified via Kerio Connect Webadmin -> Configuration -> SMTP server -> Security Options tab or by modifying the mailserver.cfg file manually.
Solution
- Stop Kerio Connect.
- Navigate to the Kerio Connect installation folder and open mailserver.cfg.
- Locate VerifyClientRDnsEntry variable in the SMTP table.
- Set the value to 0 (zero) to disable the feature, 1 - to enable. Save the changes.
- Start Kerio Connect.