Cato Networks Knowledge Base

Search

Troubleshooting Issues Related to Local SMTP Servers

  • Updated

Email servers which are hosted locally, send emails to a hosted email service or directly to the Internet. If there is an issue where emails aren't delivered, or occasionally bounce back with an error. This article explains Cato best practices for SMTP traffic and troubleshooting steps.

Best Practices for Local SMTP Servers

Internet Firewall Allows SMTP

We recommend that you configure the Internet firewall to allow access to SMTP traffic. For more information, see How to allow SMB/SMTP outbound traffic (or any other service).

Egress Rule for SMTP

Allocate an IP address from Cato’s IP pool and configure an egress rule for the SMTP traffic. We recommend this configuration because it limits personnel who can send email traffic from your assigned IP addresses, this will ensure no black list shall happen.

Troubleshooting Local SMTP Servers

These are some suggestions to help troubleshoot issues related to email delivery with internal email servers.

Reviewing Email Logs for Blacklisting the Cato IPs

If your email is not being delivered, you need to determine why the email is getting blocked. The log messages for emails can indicate the reason for the email failure. In some instances, the failure can be caused by an online service blacklisting the Cato IP range (for example, Spamhaus).

  • To confirm the backlisting by an online service, visit the specific website and check if the Cato IP address is listed there.
  • If the Cato egress IP address is listed on any of the blacklists, you can request from the service to remove the IP address. Most websites like Spamhaus will have a simple online form that can be submitted to have the IP removed.

Verifying DNS PTR Record

Verify the egress IP for the SMTP traffic has a DNS PTR record (reverse DNS) associated with it. If the egress IP address does not have a DNS PTR record, contact Cato Support

Verifying SPF Records

Verify if any SPF records exist for the email domain. An SPF record is a way to advertise which IP addresses are allowed to send an email for a given domain. Other SMTP servers can reference the record and if they receive traffic from an IP not on that list, they might reject the email.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.