Solved

sendmail is rejecting email from 1 domain b/c "spf check failed" but the sender is valid

Posted on 2008-10-22
6
906 Views
Last Modified: 2013-12-18
Hi, I recently set up sendmail to serve as a relay server for inbound email

external email ---> sendmail server ----> corporate server

the sendmail server seems to work fine, but one domain (xyz.com) gets its emails bounced with the error of "550 Message rejected because SPF check failed".  the person sending mail from xyz.com **can** deliver mail successfully to gmail and hotmail accounts, so the problem appears to be on my end.

If I look at the spf records online for xyz.com (e.g. using an spf tester like this-> http://www.kitterman.com/spf/validate.html) it says that the the IP address that my sender is sending from is valid.

Are there any simple ways to disable spf checking on my relay server?  Or other ways around this?
Thanks!!
0
Comment
Question by:pdanese
  • 4
  • 2
6 Comments
 

Author Comment

by:pdanese
ID: 22778889
sorry for the lack of points, but I'm all out!
0
 
LVL 26

Expert Comment

by:jar3817
ID: 22785318
You didn't mention what software is doing the SPF checking. By default, sendmail doesn't do it, you usually need a milter like milter-spiff or mimedefang. Once we know that we can figure out how to bypass it.

The is probably due to the admin of xyz.com not setting SPF up correctly or not updating it when addresses changed. They can deliver to gmail and such because I don't think gmail will reject mail when it fails spf checking. Your system is a little stricter.

Sadly this is pretty common. I have a few vendors I work with who just can't seem to get their SPF records right and as a result always land in my spam folder, even after I repeated tell them how to fix it.
0
 

Author Comment

by:pdanese
ID: 22786214
Hi, so here's the weird part (may help shed some light on the problem).

1. if I look at the headers of the emails sent from xyz.com I can find the IP address from which they originated.  BUT the IP address is listed as "valid" if I do a SPF chek

2. I used ubuntu 8 and installed sendmail on it (apt-get install sendmail).  I did a few modifications to enable the relay, but I never installed anything remotely like SPF software.  Also, searching the server turns up no file with the term spf in it.

So...I'm thinking that I don't really have SPF checking enabled, but for whatever reason it provides that error upon bouncing certain emails.

One other thing!  If I look at the mail.log file I also see messages of "DSN: service unavailable" near the messages that are getting bounced back.

my google searches have turned up little as to what that means, though.

Thanks again!
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 
LVL 26

Accepted Solution

by:
jar3817 earned 40 total points
ID: 22786255
Can you paste the (all) entires in the /var/log/maillog for one of these bounced messages? If you didn't specifically setup SPF checking, I'm sure it's not checking them.
0
 

Author Comment

by:pdanese
ID: 22786501
Hi, here's an excerpt (I had to obfuscate the actual addresses).

Oct 22 08:51:32 ubuntu sm-mta[17430]: m9MCpQkK017430: from=<xxxxxx.x.xxxx@xyz.com>, size=13384, class=0, nrcpts=1, msgid=<C081D7F029F55E4BA2AFBE026A2088210DE5988F@xxxxxxm02.xxxx.xyz.com>, proto=ESMTP, daemon=MTA, relay=xxxxxx.xyz.com [123.456.789.01]
Oct 22 08:51:32 ubuntu sm-mta[17438]: m9MCpLAX017432: m9MCpWAX017438: DSN: Service unavailable
Oct 22 08:51:32 ubuntu sm-mta[17436]: m9MCpLU3017431: m9MCpWU3017436: DSN: Service unavailable
0
 

Author Closing Comment

by:pdanese
ID: 31508854
sorry for the delay in points
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
unable to send emails 3 41
exchange 2007, exchange 2013 4 46
Exchange 2013 - OWA Timeout 7 56
Exchange 2013 -Load Balancing 5 31
Microsoft Outlook is not just an email client but it is full featured Personal Information Manager. But sometimes Outlook gets disconnected and you simply can’t access it. What steps can you perform before calling IT support? In this article we will…
Automapping, a wonderful feature with Exchange 2010 (SP2 onwards I believe), allows additional/Shared mailboxes that a user has access to be automatically mapped on Outlook client, simplifying the process by adding them while Outlook launches. Ho…
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now