Trouble with email / SPF record.
My company runs their own Exchange server inhouse and we also utilize Postini for our email filtering. We host our external dns with an outside vendor, easydns. We recently launched a new website which is being hosted at an offsite location. When users go to this site they are able to fill out online forms and then click a submit button to have them sent to internal email accounts within my organization. I have created 4 different groups in AD, then i added the users to those groups who should receive the messages from the online forms. Then i sent a few emails from outside with my personal account to these groups and each user received the test.
When this outside webhost clicks on the submit button of these forms, it generates a message to be sent to the same group email address as i tested. However, the difference here is that they are sent with the To and From addresses both containing valid email addresses from within my organization. The thought here is that they will need an SPF record added to their DNS to allow the webhost's email server send to my email server while using a To and From address on the email that matches to a valid email address in my company.
I have created one SPF record, actually a TXT record as easy DNS will not allow you to create an SPF record they make you create a TXT record as the SPF record. I added the info provided to me from my webhost, but there is nothing in there for Postini as i'm not sure if it's needed or what it should be.
Does anyone have any suggestions?
When this outside webhost clicks on the submit button of these forms, it generates a message to be sent to the same group email address as i tested. However, the difference here is that they are sent with the To and From addresses both containing valid email addresses from within my organization. The thought here is that they will need an SPF record added to their DNS to allow the webhost's email server send to my email server while using a To and From address on the email that matches to a valid email address in my company.
I have created one SPF record, actually a TXT record as easy DNS will not allow you to create an SPF record they make you create a TXT record as the SPF record. I added the info provided to me from my webhost, but there is nothing in there for Postini as i'm not sure if it's needed or what it should be.
Does anyone have any suggestions?
ASKER
Ok, on easy dns i added the following info:
in the text box labeled host: mydomain.com
in the text box labeled text record: v=spf1 ip4:74.9.XXX.XXX ip4:64.8.0.0/20 ip4:66.228.XXX.XXX/32 a ptr include:postini.com ~all
I am still unable to get any email generated from these forms off my website.
Also should i enter (qbradiology.com) or (IN TXT) or ( " " ) anywhere in the text record listed above? I am not 100% sure of the syntax to be used.
Thanks
in the text box labeled host: mydomain.com
in the text box labeled text record: v=spf1 ip4:74.9.XXX.XXX ip4:64.8.0.0/20 ip4:66.228.XXX.XXX/32 a ptr include:postini.com ~all
I am still unable to get any email generated from these forms off my website.
Also should i enter (qbradiology.com) or (IN TXT) or ( " " ) anywhere in the text record listed above? I am not 100% sure of the syntax to be used.
Thanks
Is there a specific error? Do you know where the message flow is breaking down? It may also be helpful to know what SMTP server is doing the sending on behalf of the web form.
I assume that the from: address needs to remain an internal email address...
You may be able to add an exception in the Postini control panel to allow messages sent from the web server IP and/or the internal email address to bypass SenderID. If your SPF record appears to be functional everywhere other than sending from the web server then an exception may be the simplest solution.
Best regards-
Karbo
I assume that the from: address needs to remain an internal email address...
You may be able to add an exception in the Postini control panel to allow messages sent from the web server IP and/or the internal email address to bypass SenderID. If your SPF record appears to be functional everywhere other than sending from the web server then an exception may be the simplest solution.
Best regards-
Karbo
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey, thanks for your help guys. This actually ended up being a problem with the company who is hosting our website. I had originally thought that was the case to begin with, but they insisted that everything was right on their end and it must be us. They had configured our website forms to use their email as if they were hosting our email for us since that's what most of their clients do. However, we host and will continue to host our own exhange server. So, they had to tell their servers to simply forward the email out to the internet and not do anything with it. Then DNS and our exchange server do the rest.
Thanks for your help. I'm awarding the points to Icky since he was the first to respond and gave an answer which was very close to the solution.
thanks
Thanks for your help. I'm awarding the points to Icky since he was the first to respond and gave an answer which was very close to the solution.
thanks
The whole point of SPF is that you publish a list of servers that are authorized to send email on behalf of your domain. This is useful for external people that you send mail to. If you route your outbound mail through Postini, their IP address ranges should be listed in your SPF record. If you don't route your outbound mail through postini, the IP addresses of your own outbound servers should be in the SPF record. You can call Postini Support to get the IP ranges they use for you (this information is also on their support website - note that the IP range might vary depending on which Postini system you are on so make sure you get the right stuff and just call them if you aren't sure).
Anytime you have an external service sending email on behalf of your domain, its IP addresses should also generally be added to the SPF record. In this particular case, though, it sounds like the external web service is only sending email to your own email system? If that's true, that's fine and you don't need to worry about adding the IPs of that external service to SPF because no one outside of your org will receive email from those IPs.
I recommend you use the very useful SPF setup wizard at http://old.openspf.org/wizard.html to determine your SPF record.