Solved

sendmail is rejecting email from 1 domain b/c "spf check failed" but the sender is valid

Posted on 2008-10-22
6
910 Views
Last Modified: 2013-12-18
Hi, I recently set up sendmail to serve as a relay server for inbound email

external email ---> sendmail server ----> corporate server

the sendmail server seems to work fine, but one domain (xyz.com) gets its emails bounced with the error of "550 Message rejected because SPF check failed".  the person sending mail from xyz.com **can** deliver mail successfully to gmail and hotmail accounts, so the problem appears to be on my end.

If I look at the spf records online for xyz.com (e.g. using an spf tester like this-> http://www.kitterman.com/spf/validate.html) it says that the the IP address that my sender is sending from is valid.

Are there any simple ways to disable spf checking on my relay server?  Or other ways around this?
Thanks!!
0
Comment
Question by:pdanese
  • 4
  • 2
6 Comments
 

Author Comment

by:pdanese
ID: 22778889
sorry for the lack of points, but I'm all out!
0
 
LVL 26

Expert Comment

by:jar3817
ID: 22785318
You didn't mention what software is doing the SPF checking. By default, sendmail doesn't do it, you usually need a milter like milter-spiff or mimedefang. Once we know that we can figure out how to bypass it.

The is probably due to the admin of xyz.com not setting SPF up correctly or not updating it when addresses changed. They can deliver to gmail and such because I don't think gmail will reject mail when it fails spf checking. Your system is a little stricter.

Sadly this is pretty common. I have a few vendors I work with who just can't seem to get their SPF records right and as a result always land in my spam folder, even after I repeated tell them how to fix it.
0
 

Author Comment

by:pdanese
ID: 22786214
Hi, so here's the weird part (may help shed some light on the problem).

1. if I look at the headers of the emails sent from xyz.com I can find the IP address from which they originated.  BUT the IP address is listed as "valid" if I do a SPF chek

2. I used ubuntu 8 and installed sendmail on it (apt-get install sendmail).  I did a few modifications to enable the relay, but I never installed anything remotely like SPF software.  Also, searching the server turns up no file with the term spf in it.

So...I'm thinking that I don't really have SPF checking enabled, but for whatever reason it provides that error upon bouncing certain emails.

One other thing!  If I look at the mail.log file I also see messages of "DSN: service unavailable" near the messages that are getting bounced back.

my google searches have turned up little as to what that means, though.

Thanks again!
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 26

Accepted Solution

by:
jar3817 earned 40 total points
ID: 22786255
Can you paste the (all) entires in the /var/log/maillog for one of these bounced messages? If you didn't specifically setup SPF checking, I'm sure it's not checking them.
0
 

Author Comment

by:pdanese
ID: 22786501
Hi, here's an excerpt (I had to obfuscate the actual addresses).

Oct 22 08:51:32 ubuntu sm-mta[17430]: m9MCpQkK017430: from=<xxxxxx.x.xxxx@xyz.com>, size=13384, class=0, nrcpts=1, msgid=<C081D7F029F55E4BA2AFBE026A2088210DE5988F@xxxxxxm02.xxxx.xyz.com>, proto=ESMTP, daemon=MTA, relay=xxxxxx.xyz.com [123.456.789.01]
Oct 22 08:51:32 ubuntu sm-mta[17438]: m9MCpLAX017432: m9MCpWAX017438: DSN: Service unavailable
Oct 22 08:51:32 ubuntu sm-mta[17436]: m9MCpLU3017431: m9MCpWU3017436: DSN: Service unavailable
0
 

Author Closing Comment

by:pdanese
ID: 31508854
sorry for the delay in points
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft has released various new features which are capable of handling various tasks. One of these tasks is ‘Migration from pop3 to Exchange Server’. Pop3 data stores various data along mailboxes like contacts, tasks, etc. So, it becomes the need…
Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now