Solved

SPF Error - Can't send emails to few domains

Posted on 2009-05-05
10
1,112 Views
Last Modified: 2012-05-06
I have recently setup SPF record for one of the clients and now it is causing few issues while sending emails to certain domains. It comes up with this error message:

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <[Our Domain] #5.5.0 smtp;550 SPF: [Server IP] is not allowed to send mail from [Our Domain]>

This network has SBS2003 and as exchange resides on SBS, that is the only IP address which is allowed to send emails out. And even in the error message, it is the same IP address listed that should have allowed the mail to send. This issue is only with few selected domains wheras the emails can be sent to other domains. Can this be an issue with the recepient's server (SPF check rule)? What is causing this issue?
0
Comment
Question by:MSWarrior
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 24

Accepted Solution

by:
Rajith Enchiparambil earned 200 total points
ID: 24304134
Paste your spf record details here
0
 
LVL 6

Author Comment

by:MSWarrior
ID: 24304285
domain.co.uk. IN TXT "v=spf1 mx:mx1.domain.co.uk -all"
0
 
LVL 6

Assisted Solution

by:ilantz
ilantz earned 200 total points
ID: 24304347
are you sure that the ip of mx1.domain.co.uk = the external ip of the mailserver ?
might be that you are going with NAT outside and have a different ip when the mailserver access the internet ?

that's all i can think of, because your line is a correct syntax.
http://www.openspf.org/SPF_Record_Syntax
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 6

Author Comment

by:MSWarrior
ID: 24304450
Thanks ilantz.

Yes the IP address mentioned in the error is the same. On one of the email error messages, it actually had link for openspf.org and that suggested that I need to change my SPF record to this:

domain.co.uk. IN TXT  "v=spf1 mx:mx1.domain.co.uk a:mail.domain.co.uk -all"

I think, when the recepient server checks the sending IP it comes back as mail.domain.co.uk and in the the SPF record, it only had the mx:mx1.domain.co.uk. I don't know if the a:field and mx:field make any difference but I have added it and hopefully withing few hours it should be clear if this has resolved the issue. What do you think?
0
 
LVL 6

Expert Comment

by:ilantz
ID: 24304489
humm sounds weird but then again .. i too always configure a: or ipv4 entries in my SPF records...

i'll rather just use the ip , because there's no way to go wrong there. just my point of view.

good luck mate!
0
 
LVL 26

Assisted Solution

by:jar3817
jar3817 earned 100 total points
ID: 24304730
You could try ~all at the end instead of -all to cause a softfail rather than a fail. This should still allow your email to be delivered, but maybe marked. At least until you sort out the record. I agree with ilantz, use the IP address rather than the name, if DNS goes down or has a hiccup, you're screwed.
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24304939
It's always better to use the ip address in the spf record. I am pretty sure that it will correct the issues that you are having with a few domains.

Rajith.
0
 
LVL 6

Author Comment

by:MSWarrior
ID: 24312048
HI Guys,

As discussed above in my last message, I have tried adding the a:mail.domain.co.uk field to the SPF record and it is still giving few error messages while sending emails to certain domains. Here is one:

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator. <domain.co.uk #5.5.0 smtp;550 SPF check failed. Sender not authorized>

Now I made the changes yesterday at about 13:15 and assume that they should have been processed by now. I have checked it on Microsoft SPF wizard and it is returning the correct SPF record. Do you think that this error message will be gone if I change the a: field and mx: field in the SPF record to contain IP addresses? If so is this the correct syntax:
domain.co.uk. IN TXT  "v=spf1 mx:SERVER IP a:SERVER IP -all"
(Is it just a: that I need to change or both a: and mx:)
0
 
LVL 6

Expert Comment

by:ilantz
ID: 24312605
just keep the ip in the record , remove the MX "v=spf1 ip4:192.168.0.1 -all"
i like to check my spf with google for instance (gmail) and look in the message header to see if it works :)
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24313750
Put the actual ip address and don't use the dns names (mail.domain.co.uk).

eg: v=spf1 ip4:1.2.3.4 -all
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In-place Upgrading Dirsync to Azure AD Connect
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Suggested Courses
Course of the Month3 days, 19 hours left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question