What does "Warning - Masked External Banner (Reverse DNS Failing)" mean?
When using the SMTP Diag tool, you see the banner you are displaying publicly is masked by asterisks:
Trying 1.2.3.4...
Connected to smtp.example.com.
220 *********************************************
The reverse check takes the banner and the PTR record for the IP address and sees if the domain is listed. Since all we get publicly is the asterisks, the comparison fails and you get the warning.
Many administrators choose to mask their banner in hopes that by not giving an attacker a domain name, they might avoid something like a directory harvest attack. If you are using a single IP address for inbound and outbound, then you need your domain in your PTR records for your outbound, so it should also be in your banner. However, this is personal preference, and nobody should deny sending or receiving mail from your server just because your banner does not contain your domain.
Trying 1.2.3.4...
Connected to smtp.example.com.
220 *********************************************
The reverse check takes the banner and the PTR record for the IP address and sees if the domain is listed. Since all we get publicly is the asterisks, the comparison fails and you get the warning.
Many administrators choose to mask their banner in hopes that by not giving an attacker a domain name, they might avoid something like a directory harvest attack. If you are using a single IP address for inbound and outbound, then you need your domain in your PTR records for your outbound, so it should also be in your banner. However, this is personal preference, and nobody should deny sending or receiving mail from your server just because your banner does not contain your domain.