[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Exchange server - some emails getting rejected with SPF message (wrong IP address listed as sender)

Posted on 2006-03-22
13
Medium Priority
?
1,370 Views
Last Modified: 2008-02-01
Our Email server address is barracuda.tjca.org with IP Address 70.147.157.180. Some emails are getting rejected with a message saying that the mail is coming from some other server IP address. How's this possible - any suggestions/comments would be helpful - thanks!


Error Message:

There was a SMTP communication problem with the recipient's email
server. Please contact your system administrator.
        <mail.tjca.org #5.5.0 smtp;550 Client host rejected: Please see
http://spf.pobox.com/why.html?sender=dmcgoldrick%40tjca.org&ip=205.152.121.187&receiver=>
0
Comment
Question by:davemcgoldrick
  • 3
  • 3
  • 2
  • +3
11 Comments
 
LVL 14

Assisted Solution

by:ECNSSMT
ECNSSMT earned 210 total points
ID: 16265328
are some of your users sending thru a list server; some sort of email relay?  There are some special interest groups out there that uses them to permit users to broadcast out to other users with the same interest i.e. researcher subscribing to a research forum that discusses snake venom as a possible research area for cancer killers.  This is very typical in some industries.  

On the technical side,
1. the path to you mail server does not include 205.152.121.187 which IS rc-187.blueridge.net, which excludes the idea of the ISP being a relay point for your email.
2. If its valid email, why was it forwarded there in the 1st place.
3. users are not complaining that these were unknown NDRs and ARE complaining that THEIR messages were being rejected. (I'm highlighting in CAPs, not yelling)

You may want to talk to the users with this issue; to see if they are subscribed to a list server.

Regards,
0
 
LVL 2

Assisted Solution

by:gdekhayser
gdekhayser earned 180 total points
ID: 16265410
Well, first you should know that you're listed on Sorbs-Web, go to http://www.au.sorbs.net/cgi-bin/support to get yourself off:
Address and Port: 70.147.157.180
Record Created: Fri Nov 18 01:35:19 2005 GMT  
Additional Information: Likely Trojaned Machine, host running Korgo trojan
Currently active and flagged to be published in DNS

Second I need to know- is this NDR a specific response to a message you sent, or did you just get it out of the blue?

Glenn


0
 
LVL 1

Assisted Solution

by:SpheroidUK
SpheroidUK earned 180 total points
ID: 16267754
If this is an SBS server (small business server) make sure that the DNS server setting in the main TCP/IP properties of the network card is set to the local IP address of the server. After that, go into the servers DNS configuration page, right click on the server, and go to properties. Go to the "forwarders" tab, and in the "selected domain's forwarder IP address list" add your ISP's DNS ip addresses in there

From there, you will need to go into exchange system manager> servers> name of server>protocols>smtp>default smtp virtual server, right click on it and go to properties. go to the delivery tab then click on advanced. you will see a button for configuring external DNS servers, so click on configure.
In here, add your ISP's DNS addresses. Also, when you are done that, in the advanced delivery section (back one page) you will see a listing for the fully-qualified domain name (FQDN) along with a "check DNS" button. In here, it should be (minus commas) "servername.domainname" example, mine is set to jupiter.galaxy.local. When you click on the check dns button, it is normal for it to fail.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 104

Accepted Solution

by:
Sembee earned 180 total points
ID: 16273134
SpheroidUK - I am going to have disagree with some of the parts of your post quite strongly.

First - what you have put as an example of the fully qualified domain name will result in a large number of email messages being dropped.
That configuration should NEVER have a .local domain name put in to it. That entry is what is used by Exchange to announce itself as to the Internet when it connects to another machine. As .local doesn't resolve to the Internet, many sites will reject the messages. If yours is set to jupiter.galaxy.local then you will be getting failures.
That entry should be set to what the machine is known as to the Internet - usually the address on the MX records - mail.domain.com

However you are quote right that checkdns will fail.

Second - you should not need to use ISPs DNS servers on the SMTP Virtual server if you have configured forwarders. Configuring DNS servers there can actually cause problems with the delivery of the email messages and interaction with other Exchange servers that might be introduced.

davemcgoldrick - do you send email out through the Barracuda device, or does email get delivered directly? If email goes through the Barracuda, then all of the settings above don't apply to you, as you are using a smart host for delivery as far as Exchange is concerned.
If you are sending email out directly, then you need to look very carefully at the DNS and IP address configuration of your site. The best option would be for the Exchange server traffic to appear to come from the same IP address as the Barracuda, so that everything appears to be coming from the same server.

As for the cause of the email messages, ECNSSMT probably has it licked. If the users confirm where the messages are coming from - and the likely source, then that is your culprit. If it is a list operator then they would need to be contacted to adjust the configuration of their service otherwise there will be more problems like this as SPF is more widely adopted.

Simon.
0
 
LVL 14

Expert Comment

by:ECNSSMT
ID: 16275443
woo-hoo!! praise from the Master!! (technically Genius according to EE)
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16275531
Interesting "snake venom" example though...

Simon.
0
 
LVL 14

Expert Comment

by:ECNSSMT
ID: 16276197
oddly, the medical research community in Hawaii and somewhere in California had a bunch of grad students working on research into this.  It was the hot topic about a year ago.  Just in case davemcgoldrick comes from the medical community, that example might ring some bells and provide some quick associations.

The below url was something I just found that at least hints at that research.

http://news.nationalgeographic.com/news/2004/06/0601_040601_tvsnakes1.html
0
 
LVL 1

Expert Comment

by:SpheroidUK
ID: 16278433
God... smite me why don't you?
For a start, he didn't specify if he was using an SBS server, or whether his exchange was a live server or not. If the reverse DNS fails on the server, the recipients email system (if configured to do so) will bounce back the mail saying that it is either spam, or the mail sender is not who he/she says they are. You are right that there shouldn't be dns servers in the smtp virtual server, i realised that after i posted, but you do need to make sure that you have forwarders set up in DNS. I went through this problem with microsoft (we're certified partners) and we came to this resolution, and it worked.
0
 
LVL 1

Expert Comment

by:SpheroidUK
ID: 16495953
well i still think that some of us should be given points for the suggestions we contributed towards it! :P
0
 
LVL 20

Expert Comment

by:Venabili
ID: 16496648
Do you bother to read the recommendation before posting?!?!?! Or you simply post withput reading anything....
0
 

Author Comment

by:davemcgoldrick
ID: 16498018
I think your suggestion is a good one Venabili -  divide the points.
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Jet database engine errors can crop up out of nowhere to disrupt the working of the Exchange server. Decoding why a particular error occurs goes a long way in determining the right solution for it.
After a recent Outlook migration from a 2007 to 2010 environment, some issues with Distribution List owners were realized. In this article, I explain how that was rectified.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.
Suggested Courses
Course of the Month8 days, 18 hours left to enroll

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question