We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Exchange server - some emails getting rejected with SPF message (wrong IP address listed as sender)

davemcgoldrick
on
Medium Priority
1,486 Views
Last Modified: 2008-02-01
Our Email server address is barracuda.tjca.org with IP Address 70.147.157.180. Some emails are getting rejected with a message saying that the mail is coming from some other server IP address. How's this possible - any suggestions/comments would be helpful - thanks!


Error Message:

There was a SMTP communication problem with the recipient's email
server. Please contact your system administrator.
        <mail.tjca.org #5.5.0 smtp;550 Client host rejected: Please see
http://spf.pobox.com/why.html?sender=dmcgoldrick%40tjca.org&ip=205.152.121.187&receiver=>
Comment
Watch Question

Top Expert 2006
Commented:
are some of your users sending thru a list server; some sort of email relay?  There are some special interest groups out there that uses them to permit users to broadcast out to other users with the same interest i.e. researcher subscribing to a research forum that discusses snake venom as a possible research area for cancer killers.  This is very typical in some industries.  

On the technical side,
1. the path to you mail server does not include 205.152.121.187 which IS rc-187.blueridge.net, which excludes the idea of the ISP being a relay point for your email.
2. If its valid email, why was it forwarded there in the 1st place.
3. users are not complaining that these were unknown NDRs and ARE complaining that THEIR messages were being rejected. (I'm highlighting in CAPs, not yelling)

You may want to talk to the users with this issue; to see if they are subscribed to a list server.

Regards,

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Well, first you should know that you're listed on Sorbs-Web, go to http://www.au.sorbs.net/cgi-bin/support to get yourself off:
Address and Port: 70.147.157.180
Record Created: Fri Nov 18 01:35:19 2005 GMT  
Additional Information: Likely Trojaned Machine, host running Korgo trojan
Currently active and flagged to be published in DNS

Second I need to know- is this NDR a specific response to a message you sent, or did you just get it out of the blue?

Glenn


If this is an SBS server (small business server) make sure that the DNS server setting in the main TCP/IP properties of the network card is set to the local IP address of the server. After that, go into the servers DNS configuration page, right click on the server, and go to properties. Go to the "forwarders" tab, and in the "selected domain's forwarder IP address list" add your ISP's DNS ip addresses in there

From there, you will need to go into exchange system manager> servers> name of server>protocols>smtp>default smtp virtual server, right click on it and go to properties. go to the delivery tab then click on advanced. you will see a button for configuring external DNS servers, so click on configure.
In here, add your ISP's DNS addresses. Also, when you are done that, in the advanced delivery section (back one page) you will see a listing for the fully-qualified domain name (FQDN) along with a "check DNS" button. In here, it should be (minus commas) "servername.domainname" example, mine is set to jupiter.galaxy.local. When you click on the check dns button, it is normal for it to fail.
Expert of the Year 2007
Expert of the Year 2006
Commented:
SpheroidUK - I am going to have disagree with some of the parts of your post quite strongly.

First - what you have put as an example of the fully qualified domain name will result in a large number of email messages being dropped.
That configuration should NEVER have a .local domain name put in to it. That entry is what is used by Exchange to announce itself as to the Internet when it connects to another machine. As .local doesn't resolve to the Internet, many sites will reject the messages. If yours is set to jupiter.galaxy.local then you will be getting failures.
That entry should be set to what the machine is known as to the Internet - usually the address on the MX records - mail.domain.com

However you are quote right that checkdns will fail.

Second - you should not need to use ISPs DNS servers on the SMTP Virtual server if you have configured forwarders. Configuring DNS servers there can actually cause problems with the delivery of the email messages and interaction with other Exchange servers that might be introduced.

davemcgoldrick - do you send email out through the Barracuda device, or does email get delivered directly? If email goes through the Barracuda, then all of the settings above don't apply to you, as you are using a smart host for delivery as far as Exchange is concerned.
If you are sending email out directly, then you need to look very carefully at the DNS and IP address configuration of your site. The best option would be for the Exchange server traffic to appear to come from the same IP address as the Barracuda, so that everything appears to be coming from the same server.

As for the cause of the email messages, ECNSSMT probably has it licked. If the users confirm where the messages are coming from - and the likely source, then that is your culprit. If it is a list operator then they would need to be contacted to adjust the configuration of their service otherwise there will be more problems like this as SPF is more widely adopted.

Simon.
Top Expert 2006

Commented:
woo-hoo!! praise from the Master!! (technically Genius according to EE)
Expert of the Year 2007
Expert of the Year 2006

Commented:
Interesting "snake venom" example though...

Simon.
Top Expert 2006

Commented:
oddly, the medical research community in Hawaii and somewhere in California had a bunch of grad students working on research into this.  It was the hot topic about a year ago.  Just in case davemcgoldrick comes from the medical community, that example might ring some bells and provide some quick associations.

The below url was something I just found that at least hints at that research.

http://news.nationalgeographic.com/news/2004/06/0601_040601_tvsnakes1.html
God... smite me why don't you?
For a start, he didn't specify if he was using an SBS server, or whether his exchange was a live server or not. If the reverse DNS fails on the server, the recipients email system (if configured to do so) will bounce back the mail saying that it is either spam, or the mail sender is not who he/she says they are. You are right that there shouldn't be dns servers in the smtp virtual server, i realised that after i posted, but you do need to make sure that you have forwarders set up in DNS. I went through this problem with microsoft (we're certified partners) and we came to this resolution, and it worked.
well i still think that some of us should be given points for the suggestions we contributed towards it! :P

Commented:
Do you bother to read the recommendation before posting?!?!?! Or you simply post withput reading anything....

Author

Commented:
I think your suggestion is a good one Venabili -  divide the points.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.