Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SPF Error - Can't send emails to few domains

Posted on 2009-05-05
10
Medium Priority
?
1,119 Views
Last Modified: 2012-05-06
I have recently setup SPF record for one of the clients and now it is causing few issues while sending emails to certain domains. It comes up with this error message:

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <[Our Domain] #5.5.0 smtp;550 SPF: [Server IP] is not allowed to send mail from [Our Domain]>

This network has SBS2003 and as exchange resides on SBS, that is the only IP address which is allowed to send emails out. And even in the error message, it is the same IP address listed that should have allowed the mail to send. This issue is only with few selected domains wheras the emails can be sent to other domains. Can this be an issue with the recepient's server (SPF check rule)? What is causing this issue?
0
Comment
Question by:MSWarrior
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 24

Accepted Solution

by:
Rajith Enchiparambil earned 600 total points
ID: 24304134
Paste your spf record details here
0
 
LVL 6

Author Comment

by:MSWarrior
ID: 24304285
domain.co.uk. IN TXT "v=spf1 mx:mx1.domain.co.uk -all"
0
 
LVL 6

Assisted Solution

by:ilantz
ilantz earned 600 total points
ID: 24304347
are you sure that the ip of mx1.domain.co.uk = the external ip of the mailserver ?
might be that you are going with NAT outside and have a different ip when the mailserver access the internet ?

that's all i can think of, because your line is a correct syntax.
http://www.openspf.org/SPF_Record_Syntax
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 6

Author Comment

by:MSWarrior
ID: 24304450
Thanks ilantz.

Yes the IP address mentioned in the error is the same. On one of the email error messages, it actually had link for openspf.org and that suggested that I need to change my SPF record to this:

domain.co.uk. IN TXT  "v=spf1 mx:mx1.domain.co.uk a:mail.domain.co.uk -all"

I think, when the recepient server checks the sending IP it comes back as mail.domain.co.uk and in the the SPF record, it only had the mx:mx1.domain.co.uk. I don't know if the a:field and mx:field make any difference but I have added it and hopefully withing few hours it should be clear if this has resolved the issue. What do you think?
0
 
LVL 6

Expert Comment

by:ilantz
ID: 24304489
humm sounds weird but then again .. i too always configure a: or ipv4 entries in my SPF records...

i'll rather just use the ip , because there's no way to go wrong there. just my point of view.

good luck mate!
0
 
LVL 26

Assisted Solution

by:jar3817
jar3817 earned 300 total points
ID: 24304730
You could try ~all at the end instead of -all to cause a softfail rather than a fail. This should still allow your email to be delivered, but maybe marked. At least until you sort out the record. I agree with ilantz, use the IP address rather than the name, if DNS goes down or has a hiccup, you're screwed.
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24304939
It's always better to use the ip address in the spf record. I am pretty sure that it will correct the issues that you are having with a few domains.

Rajith.
0
 
LVL 6

Author Comment

by:MSWarrior
ID: 24312048
HI Guys,

As discussed above in my last message, I have tried adding the a:mail.domain.co.uk field to the SPF record and it is still giving few error messages while sending emails to certain domains. Here is one:

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator. <domain.co.uk #5.5.0 smtp;550 SPF check failed. Sender not authorized>

Now I made the changes yesterday at about 13:15 and assume that they should have been processed by now. I have checked it on Microsoft SPF wizard and it is returning the correct SPF record. Do you think that this error message will be gone if I change the a: field and mx: field in the SPF record to contain IP addresses? If so is this the correct syntax:
domain.co.uk. IN TXT  "v=spf1 mx:SERVER IP a:SERVER IP -all"
(Is it just a: that I need to change or both a: and mx:)
0
 
LVL 6

Expert Comment

by:ilantz
ID: 24312605
just keep the ip in the record , remove the MX "v=spf1 ip4:192.168.0.1 -all"
i like to check my spf with google for instance (gmail) and look in the message header to see if it works :)
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24313750
Put the actual ip address and don't use the dns names (mail.domain.co.uk).

eg: v=spf1 ip4:1.2.3.4 -all
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question