Exchange server - some emails getting rejected with SPF message (wrong IP address listed as sender)

Our Email server address is barracuda.tjca.org with IP Address 70.147.157.180. Some emails are getting rejected with a message saying that the mail is coming from some other server IP address. How's this possible - any suggestions/comments would be helpful - thanks!


Error Message:

There was a SMTP communication problem with the recipient's email
server. Please contact your system administrator.
        <mail.tjca.org #5.5.0 smtp;550 Client host rejected: Please see
http://spf.pobox.com/why.html?sender=dmcgoldrick%40tjca.org&ip=205.152.121.187&receiver=>
davemcgoldrickAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ECNSSMTCommented:
are some of your users sending thru a list server; some sort of email relay?  There are some special interest groups out there that uses them to permit users to broadcast out to other users with the same interest i.e. researcher subscribing to a research forum that discusses snake venom as a possible research area for cancer killers.  This is very typical in some industries.  

On the technical side,
1. the path to you mail server does not include 205.152.121.187 which IS rc-187.blueridge.net, which excludes the idea of the ISP being a relay point for your email.
2. If its valid email, why was it forwarded there in the 1st place.
3. users are not complaining that these were unknown NDRs and ARE complaining that THEIR messages were being rejected. (I'm highlighting in CAPs, not yelling)

You may want to talk to the users with this issue; to see if they are subscribed to a list server.

Regards,
0
gdekhayserCommented:
Well, first you should know that you're listed on Sorbs-Web, go to http://www.au.sorbs.net/cgi-bin/support to get yourself off:
Address and Port: 70.147.157.180
Record Created: Fri Nov 18 01:35:19 2005 GMT  
Additional Information: Likely Trojaned Machine, host running Korgo trojan
Currently active and flagged to be published in DNS

Second I need to know- is this NDR a specific response to a message you sent, or did you just get it out of the blue?

Glenn


0
SpheroidUKCommented:
If this is an SBS server (small business server) make sure that the DNS server setting in the main TCP/IP properties of the network card is set to the local IP address of the server. After that, go into the servers DNS configuration page, right click on the server, and go to properties. Go to the "forwarders" tab, and in the "selected domain's forwarder IP address list" add your ISP's DNS ip addresses in there

From there, you will need to go into exchange system manager> servers> name of server>protocols>smtp>default smtp virtual server, right click on it and go to properties. go to the delivery tab then click on advanced. you will see a button for configuring external DNS servers, so click on configure.
In here, add your ISP's DNS addresses. Also, when you are done that, in the advanced delivery section (back one page) you will see a listing for the fully-qualified domain name (FQDN) along with a "check DNS" button. In here, it should be (minus commas) "servername.domainname" example, mine is set to jupiter.galaxy.local. When you click on the check dns button, it is normal for it to fail.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

SembeeCommented:
SpheroidUK - I am going to have disagree with some of the parts of your post quite strongly.

First - what you have put as an example of the fully qualified domain name will result in a large number of email messages being dropped.
That configuration should NEVER have a .local domain name put in to it. That entry is what is used by Exchange to announce itself as to the Internet when it connects to another machine. As .local doesn't resolve to the Internet, many sites will reject the messages. If yours is set to jupiter.galaxy.local then you will be getting failures.
That entry should be set to what the machine is known as to the Internet - usually the address on the MX records - mail.domain.com

However you are quote right that checkdns will fail.

Second - you should not need to use ISPs DNS servers on the SMTP Virtual server if you have configured forwarders. Configuring DNS servers there can actually cause problems with the delivery of the email messages and interaction with other Exchange servers that might be introduced.

davemcgoldrick - do you send email out through the Barracuda device, or does email get delivered directly? If email goes through the Barracuda, then all of the settings above don't apply to you, as you are using a smart host for delivery as far as Exchange is concerned.
If you are sending email out directly, then you need to look very carefully at the DNS and IP address configuration of your site. The best option would be for the Exchange server traffic to appear to come from the same IP address as the Barracuda, so that everything appears to be coming from the same server.

As for the cause of the email messages, ECNSSMT probably has it licked. If the users confirm where the messages are coming from - and the likely source, then that is your culprit. If it is a list operator then they would need to be contacted to adjust the configuration of their service otherwise there will be more problems like this as SPF is more widely adopted.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ECNSSMTCommented:
woo-hoo!! praise from the Master!! (technically Genius according to EE)
0
SembeeCommented:
Interesting "snake venom" example though...

Simon.
0
ECNSSMTCommented:
oddly, the medical research community in Hawaii and somewhere in California had a bunch of grad students working on research into this.  It was the hot topic about a year ago.  Just in case davemcgoldrick comes from the medical community, that example might ring some bells and provide some quick associations.

The below url was something I just found that at least hints at that research.

http://news.nationalgeographic.com/news/2004/06/0601_040601_tvsnakes1.html
0
SpheroidUKCommented:
God... smite me why don't you?
For a start, he didn't specify if he was using an SBS server, or whether his exchange was a live server or not. If the reverse DNS fails on the server, the recipients email system (if configured to do so) will bounce back the mail saying that it is either spam, or the mail sender is not who he/she says they are. You are right that there shouldn't be dns servers in the smtp virtual server, i realised that after i posted, but you do need to make sure that you have forwarders set up in DNS. I went through this problem with microsoft (we're certified partners) and we came to this resolution, and it worked.
0
SpheroidUKCommented:
well i still think that some of us should be given points for the suggestions we contributed towards it! :P
0
VenabiliCommented:
Do you bother to read the recommendation before posting?!?!?! Or you simply post withput reading anything....
0
davemcgoldrickAuthor Commented:
I think your suggestion is a good one Venabili -  divide the points.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.