Email domain name resolution IP consistency

A company's self-built enterprise mailbox often encounters such a problem-the external mail is determined by the recipient's system as the mail domain name resolution IP address is inconsistent with the sending IP address, resulting in rejection.

The cause of this problem is as follows:

Generally, one or one group of egress IP addresses (for billing or other considerations) is set ), however, for each business in an enterprise, you must set other Internet IP addresses (service differentiation and the same port correspond to different business issues), such as the mail system.

In this case, if the mail system's Nat rules are like this --

Internet IP1 port 25 Intranet IP address of the email system

Internet IP1 port 110 Intranet IP address of the email system

Public IP 1 port 80 internal and external IP address of the email system

In addition, if the company's uniform outbound IP address is: Public IP 0, the above rejection will occur-the sender IP address is inconsistent with the email domain name resolution IP address, suspected of spam.

It is easy to solve, that is, to set ACL rules on the firewall and set the egress IP address of public ip 1 to public ip 1.

Take H3C as an example:

In Firewall-> nat-> dynamic address translation, add rules to set that the starting IP address and ending IP address are both public ip 1, and add access control rules to the firewall-> ACL.

This article is from the "Bodhi" blog, please be sure to keep this source http://zhangxingnan.blog.51cto.com/3241217/1545020

Email domain name resolution IP consistency