Solved

Need help setting up SPF Record

Posted on 2007-04-03
7
345 Views
Last Modified: 2008-02-01
We are trying to setup an SPF using the Microsoft SPF Record Wizard website. I am a little confused on what IP addresses and or name I should use. Hopefully I can explain this without making things even more confusing.

We have a couple of different domain names that we can receive email with. The two below are good examples.

user@domain.us
user@domain.aero

Using the wizard to lookup the SPF

domain.us
No MX record found
A Record 208.255.91.52

domain.aero
A Record 208.255.91.52
MX Record 66.xx.xxx.xx
mail.domain.aero


My domain name uses the .us and not the .aero—domain.us is displayed in AD . When I use the SPF wizard it doesn’t find an MX record for the .us but only for the .aero. It does find an A record for both. If I type in the IP address of the A Record its takes us to the site that we registered our domain name with.  The MX record for the .aero points directly to our static exchange IP address.

We are using Server 2003, and Exchange 2003. The Exchange server is for both outbound and inbound mail.

I would have used the .aero address however, anytime we recieve a response back that an email wasnt delivered it has in the message <Server.domain.us #5.4.0>.

Any help with would be appreciated.
0
Comment
Question by:stevensims
  • 3
  • 3
7 Comments
 
LVL 9

Expert Comment

by:MCPJoe
ID: 18846138
Did you try putting in the info into the SPF Wizard by hand, rather than let it pick?  If you know all your mail server addresses, you should still be able to use the wizard but manually input your IP or server names.  Then just take the resulting txt and add the TXT record in DNS.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 18846157
It looks like the public name of your mail server is mail.domain.aero, not mail.domain.us.  By your description, what I'm guessing is that domain.us is your internal (AD) domain name and domain.aero is your publicly registered domain name.You can confirm this by going to DNSstuff.com and running DNSreports against your domain using the .aero domain.  That would be the name that you need to use in your SPF setup.  
0
 
LVL 1

Author Comment

by:stevensims
ID: 18846669
I went to DNSstuff and did the DNSreport. One section did fail when I ran that test.

NS section
All nameservers respond Failed
ERROR: Some of your nameservers listed at the parent nameservers did not respond. The ones that did not respond are:
65.211.123.36
Note: If you are running a Watchguard Firebox with DNS Proxy enabled, there may be a bug causing port numbers get mixed up -- if this is the case, you can contact Watchguard to see if they have a fix.

In the MX section everything passed and had the mail.domain.aero with our exchange static IP address listed.

In Mail section we had two warnings. One was no SPF and the other was a Mail server host name greeting—mail.domain.aero claims to be non-existent host server.domain.us. (This of course is actually the correct name for our email server.)

I went to the SPF setup website (not Microsoft) and it has our domain name .aero assigned to an external IP address --which is the site we have our website through.

The domain.aero has to be a public domain name, however domain.us is also assigned that same external IP address. Please correct me if I am wrong, I am assuming a user sends an email to myself it would first go to the domain.aero (Public) and then it would find that domain registered to domain.us. It would then send the email to our internal domain of domain.us (our exchange external IP)..Is that somewhat correct?

In setting up the SPF will I need both the external public IP address and our Exchange IP address?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 125 total points
ID: 18846759
Your internal AD domain name is irrelevant in this scenario. If your statement that "domain.us is also assigned to that public IP address" is in fact correct, then you might need to fix this.  Unless "domain.us" is a publicly registered domain name, there should NOT be a public DNS record resolving domain.us to that IP address.  

As far as email, the public MX record points to mail.domain.aero.  The MX record is the only DNS record that affects where your email goes.  The warning you saw in the dnsreport referring to the mail server host name greeting is appearing because your mail server is misconfigured.  You really should fix this. Although 99% of the time it doesn't cause any problems, with SPF I believe it will.  To fix it:

1. In the Exchange ESM, go to the properties of the SMTP virtual server.
2. Go to the Delivery tab and click the Advanced button.
3. In the Fully qualified domain name box, type: mail.domain.aero.

You said that in AD, all your users have a domain.aero email address, and this is where all of your external email is delivered. You need to make sure that this is also set as the default email address.  Again, unless domain.us is a publicly registered domain name that you want to use to receive email, you should eliminate the domain.us addresses entirely - remove them from your RUS - you really don't need them.  If you do want to use domain.us as a public email address, then you would have to set up a public MX record for that domain.
0
 
LVL 1

Author Comment

by:stevensims
ID: 18846900
Hi Hypercat,

I am not the original IT guy that set everything up, so I am not for sure why it is setup this way but we can receive emails with either .aero or .us. In active directory we have all of our users assigned with both (user1@domain.aero, user1@domain.us). If everything was setup with just the .aero i don’t think I would have had any problems. The .us was part of my confusion.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 18846978
Yeah, I can see why.  Unless I've misunderstood something or there's something out there in your configuration that you don't know about or haven't described, you really don't need those other addresses.  However, if you're at all unsure, you can leave them there.  As long as the @domain.aero addresses are set as the primary (default) addresses, then everything should work fine.  You can always check with your domain registry provider to see if the domain.us is actually registered if you don't know.

Looking again at your first post, I just noticed that it appears that there isn't any A record for the server name mail.domain.aero.  Unless you left it out by mistake.  You need to have this A record in place to resolve the host name mail.domain.aero to your public IP address.  If you need to double-check this, do a lookup through DNSstuff for A and MX records for domain.aero and see what you find.  You should see an A record for your public IP resolving to mail.domain.aero and an MX record pointing to mail.domain.aero.
0
 
LVL 1

Author Comment

by:stevensims
ID: 18847127
Yes it did have that:

domain.aero MX record
mail.domain.aero            66.xxx.xx.x (Public Exchange IP address)

domain.aero A record
domain.aero                  208.255.91.52 (Public IP address)

It seems like everything is setup correctly.

0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Publishing OWA on TMG 2010 2 25
Exchange 2010:  Admin gets a copy of all mail 3 24
exchange 2 32
MX Backup 4 36
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now