Solved

sendmail is rejecting email from 1 domain b/c "spf check failed" but the sender is valid

Posted on 2008-10-22
6
923 Views
Last Modified: 2013-12-18
Hi, I recently set up sendmail to serve as a relay server for inbound email

external email ---> sendmail server ----> corporate server

the sendmail server seems to work fine, but one domain (xyz.com) gets its emails bounced with the error of "550 Message rejected because SPF check failed".  the person sending mail from xyz.com **can** deliver mail successfully to gmail and hotmail accounts, so the problem appears to be on my end.

If I look at the spf records online for xyz.com (e.g. using an spf tester like this-> http://www.kitterman.com/spf/validate.html) it says that the the IP address that my sender is sending from is valid.

Are there any simple ways to disable spf checking on my relay server?  Or other ways around this?
Thanks!!
0
Comment
Question by:pdanese
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 

Author Comment

by:pdanese
ID: 22778889
sorry for the lack of points, but I'm all out!
0
 
LVL 26

Expert Comment

by:jar3817
ID: 22785318
You didn't mention what software is doing the SPF checking. By default, sendmail doesn't do it, you usually need a milter like milter-spiff or mimedefang. Once we know that we can figure out how to bypass it.

The is probably due to the admin of xyz.com not setting SPF up correctly or not updating it when addresses changed. They can deliver to gmail and such because I don't think gmail will reject mail when it fails spf checking. Your system is a little stricter.

Sadly this is pretty common. I have a few vendors I work with who just can't seem to get their SPF records right and as a result always land in my spam folder, even after I repeated tell them how to fix it.
0
 

Author Comment

by:pdanese
ID: 22786214
Hi, so here's the weird part (may help shed some light on the problem).

1. if I look at the headers of the emails sent from xyz.com I can find the IP address from which they originated.  BUT the IP address is listed as "valid" if I do a SPF chek

2. I used ubuntu 8 and installed sendmail on it (apt-get install sendmail).  I did a few modifications to enable the relay, but I never installed anything remotely like SPF software.  Also, searching the server turns up no file with the term spf in it.

So...I'm thinking that I don't really have SPF checking enabled, but for whatever reason it provides that error upon bouncing certain emails.

One other thing!  If I look at the mail.log file I also see messages of "DSN: service unavailable" near the messages that are getting bounced back.

my google searches have turned up little as to what that means, though.

Thanks again!
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 26

Accepted Solution

by:
jar3817 earned 40 total points
ID: 22786255
Can you paste the (all) entires in the /var/log/maillog for one of these bounced messages? If you didn't specifically setup SPF checking, I'm sure it's not checking them.
0
 

Author Comment

by:pdanese
ID: 22786501
Hi, here's an excerpt (I had to obfuscate the actual addresses).

Oct 22 08:51:32 ubuntu sm-mta[17430]: m9MCpQkK017430: from=<xxxxxx.x.xxxx@xyz.com>, size=13384, class=0, nrcpts=1, msgid=<C081D7F029F55E4BA2AFBE026A2088210DE5988F@xxxxxxm02.xxxx.xyz.com>, proto=ESMTP, daemon=MTA, relay=xxxxxx.xyz.com [123.456.789.01]
Oct 22 08:51:32 ubuntu sm-mta[17438]: m9MCpLAX017432: m9MCpWAX017438: DSN: Service unavailable
Oct 22 08:51:32 ubuntu sm-mta[17436]: m9MCpLU3017431: m9MCpWU3017436: DSN: Service unavailable
0
 

Author Closing Comment

by:pdanese
ID: 31508854
sorry for the delay in points
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Magento Email Addresses 5 69
What Exchange User Permissions Does One have? 7 51
Exchange 2016 - not receiving mail 17 101
Configure SPF check on IMSVA 2 114
Import PST to Exchange using Power Shell new-mailboximportrequest command, you can simply import the PST file into Exchange mailbox or archived. To know How to import PST into Exchange  2013 read the complete article.
Easy CSR creation in Exchange 2007,2010 and 2013
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question