Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

sendmail is rejecting email from 1 domain b/c "spf check failed" but the sender is valid

Posted on 2008-10-22
6
911 Views
Last Modified: 2013-12-18
Hi, I recently set up sendmail to serve as a relay server for inbound email

external email ---> sendmail server ----> corporate server

the sendmail server seems to work fine, but one domain (xyz.com) gets its emails bounced with the error of "550 Message rejected because SPF check failed".  the person sending mail from xyz.com **can** deliver mail successfully to gmail and hotmail accounts, so the problem appears to be on my end.

If I look at the spf records online for xyz.com (e.g. using an spf tester like this-> http://www.kitterman.com/spf/validate.html) it says that the the IP address that my sender is sending from is valid.

Are there any simple ways to disable spf checking on my relay server?  Or other ways around this?
Thanks!!
0
Comment
Question by:pdanese
  • 4
  • 2
6 Comments
 

Author Comment

by:pdanese
ID: 22778889
sorry for the lack of points, but I'm all out!
0
 
LVL 26

Expert Comment

by:jar3817
ID: 22785318
You didn't mention what software is doing the SPF checking. By default, sendmail doesn't do it, you usually need a milter like milter-spiff or mimedefang. Once we know that we can figure out how to bypass it.

The is probably due to the admin of xyz.com not setting SPF up correctly or not updating it when addresses changed. They can deliver to gmail and such because I don't think gmail will reject mail when it fails spf checking. Your system is a little stricter.

Sadly this is pretty common. I have a few vendors I work with who just can't seem to get their SPF records right and as a result always land in my spam folder, even after I repeated tell them how to fix it.
0
 

Author Comment

by:pdanese
ID: 22786214
Hi, so here's the weird part (may help shed some light on the problem).

1. if I look at the headers of the emails sent from xyz.com I can find the IP address from which they originated.  BUT the IP address is listed as "valid" if I do a SPF chek

2. I used ubuntu 8 and installed sendmail on it (apt-get install sendmail).  I did a few modifications to enable the relay, but I never installed anything remotely like SPF software.  Also, searching the server turns up no file with the term spf in it.

So...I'm thinking that I don't really have SPF checking enabled, but for whatever reason it provides that error upon bouncing certain emails.

One other thing!  If I look at the mail.log file I also see messages of "DSN: service unavailable" near the messages that are getting bounced back.

my google searches have turned up little as to what that means, though.

Thanks again!
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 26

Accepted Solution

by:
jar3817 earned 40 total points
ID: 22786255
Can you paste the (all) entires in the /var/log/maillog for one of these bounced messages? If you didn't specifically setup SPF checking, I'm sure it's not checking them.
0
 

Author Comment

by:pdanese
ID: 22786501
Hi, here's an excerpt (I had to obfuscate the actual addresses).

Oct 22 08:51:32 ubuntu sm-mta[17430]: m9MCpQkK017430: from=<xxxxxx.x.xxxx@xyz.com>, size=13384, class=0, nrcpts=1, msgid=<C081D7F029F55E4BA2AFBE026A2088210DE5988F@xxxxxxm02.xxxx.xyz.com>, proto=ESMTP, daemon=MTA, relay=xxxxxx.xyz.com [123.456.789.01]
Oct 22 08:51:32 ubuntu sm-mta[17438]: m9MCpLAX017432: m9MCpWAX017438: DSN: Service unavailable
Oct 22 08:51:32 ubuntu sm-mta[17436]: m9MCpLU3017431: m9MCpWU3017436: DSN: Service unavailable
0
 

Author Closing Comment

by:pdanese
ID: 31508854
sorry for the delay in points
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Easy CSR creation in Exchange 2007,2010 and 2013
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question