[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

how to properly setup SPF in a clustered environment, using a frontend and a backend mailbox solution

Posted on 2008-06-20
6
Medium Priority
?
342 Views
Last Modified: 2013-11-30
I am trying to setup Sender's Policy Framework (SPF) on my exchange 2003 SP2 servers, in a clustered environment, using a frontend and a backend mailbox solution.  I am not sure it is configured right.  When I follow the instructions as outlined in an article, to configure the Froned exchange server:

http://blogs.technet.com/industry_insiders/articles/spf_in_sp2_exchange.aspx 

I get an error that states" Sender ID Filter must be configured globally on the the message delivery property pages.  Go to the message delivery object's property pages under Global Settings to configure Sender ID Filtering"

In the Sender IT Filtering tab of the Message Delivery Properties, I have it set to Accept(SenderID status will be attached to the message for further anti-spam processing.

any ideas?
SPF-error-screen-shots.doc
0
Comment
Question by:Kendall900
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 23

Expert Comment

by:Stacy Spear
ID: 21846120
Thats just a warning box telling you that the checkbox doesn't configure SPF filtering. Are you having issues with the filtering?
0
 

Author Comment

by:Kendall900
ID: 21846510
Yes it appears that the SPF is not doing reverse name look up since I am still getting SPAM from addresses that I know does not exist.
0
 
LVL 23

Expert Comment

by:Stacy Spear
ID: 21847018
You are in accept mode according to your screenshots. That means that Exchange will still accept and deliver the message.

What you might need is a SMTP Sink that scans the inbound message for a failed SPF status and moves it to an admin folder or somewhere for intervention.

Or you could Delete or Reject the messages. Reject is the best as sending parties can at least dispute their failures with you whereas delete doesn't tell them anything.
0
 

Author Comment

by:Kendall900
ID: 21847045
but wouldn't that cause a massive amount of NDR since the spammers do not have valid addresses, as such the NDR's would be stuck in my queue
0
 
LVL 23

Accepted Solution

by:
Stacy Spear earned 1000 total points
ID: 21847475
It would cause some, but I doubt massive amounts. Why? Its because they are usually using spoofed addresses that are legitimate. The NDRs you get will be from the fake addresses bouncing back to the admin box.

SPF is good to stop some spam, but not the best solution. I would recommend using IronPort devices if you can afford it $$$$$. If not Postini is a good alternative for smaller companies, followed by Barracuda Networks' devices.

Due to SPF not being implemented heavily globally, it only gets you so far in its effectiveness against spam. Even if it was, it still could be affected by a DNS poison attack where the after DNS is corrupted (which is a nightmarish situation) spam mail could be successfully sent through the SPF protection wall.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question