Solved

SPF Policy rejection from remote email server

Posted on 2009-07-08
5
4,851 Views
Last Modified: 2012-06-21
SBS2008.

Having problems sending email to a specific domain.  It's returning a 550 SPF Policy Framework error saying we're being rejected.  There IS an SPF Record set up, and I just verified it through a SPF look up tool: http://www.kitterman.com/spf/validate.html

Exchange is set to use the ISP's (Integra Online) SMTP as a Smart Host for all external mail delivery. Could this be part of the problem with the SPF?  There were so many odd delivery problems, using the ISP's SMTP as a Smart Host solved 95% of them..  I'd like to keep using it as a smart host if possible.

It looks like, according to the error, the Exchange server is identifying itself as the .LOCAL domain instead of it's Internet domain.. could this be the problem?  The MX record is set up properly and when i telnet into the server via the MX record DNS name, I get the proper FQDN for the external domain..

Ideas?

Error below:
Hi. This is the qmail-send program at mail.integraonline.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

Please visit http://support.integraonline.com/failure.html if you have questions about why you have received this message. Do NOT reply to this message.

Your e-mail was returned for the following reason(s):

<externaluser@portofportland.com>:
207.109.34.83 failed after I sent the message.
Remote host said: 550 The sender did not meet Sender Policy Framework rules. Please see http://spf.pobox.com

--- Below this line is a copy of the message.

Return-Path: <internaluser@worldoregon.org>
Received: (qmail 7838 invoked from network); 8 Jul 2009 18:32:58 -0000
Received: from unknown (HELO SERVER.wac.local) (internaluser.worldoregon.org@[64.62.17.244])
          (envelope-sender <internaluser@worldoregon.org>)
          by relay3.integra.net (qmail-ldap-1.03) with SMTP
          for <externaluser@portofportland.com>; 8 Jul 2009 18:32:58 -0000
Received: from SERVER.wac.local ([fe80::1168:4e84:b8f0:e3bc]) by  SERVER.wac.local ([fe80::1168:4e84:b8f0:e3bc%10]) with mapi; Wed, 8 Jul 2009
 11:32:59 -0700
From: Internal user <internaluser@worldoregon.org>
To: "External User" <externaluser@portofportland.com>
Date: Wed, 8 Jul 2009 11:32:57 -0700
Subject: RE: Test
Thread-Topic: Test
Thread-Index: Acn/+nnKCXQJMu7FQwu7agbLfpPs0AAAAf+w
Message-ID: <F68A50BCEA0DE84F8DBBD30379C2E7B31B31E8C9@SERVER.wac.local>
References: <4046D668F6818C46836C9A81F624DE8C0E03DE71@portexbe1.pop.portptld.com>
In-Reply-To: <4046D668F6818C46836C9A81F624DE8C0E03DE71@portexbe1.pop.portptld.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
        boundary="_000_F68A50BCEA0DE84F8DBBD30379C2E7B31B31E8C9SERVERwaclocal_"
MIME-Version: 1.0

--_000_F68A50BCEA0DE84F8DBBD30379C2E7B31B31E8C9SERVERwaclocal_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

test

From: External User [mailto:externaluser@portofportland.com]
Sent: Wednesday, July 08, 2009 11:33 AM
To: Internal User
Subject: Test
0
Comment
Question by:aconway
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 9

Expert Comment

by:DCMBS
ID: 24808209
Is the ip of the smarthost listed as an authorised email source in the SPF record.
0
 

Author Comment

by:aconway
ID: 24808228
NO, it sure isn't.. that seems obvious now.. I will get that added.. I bet that was it.
0
 
LVL 9

Accepted Solution

by:
DCMBS earned 500 total points
ID: 24808234
Also in excange smtp virtual sever ensure the FQDN is the FQDN you send as.
0
 

Author Comment

by:aconway
ID: 24808296
Still somewhat new to Exchange 2007..

Do you mean Under Hub Transport/Send Connectors/Smart Host Connector Properties/General Tab?

I have 2 connectors in there.. the default SBS connector (which already had the proper FQDN) and the Smart Host connector, which had a blank FQDN.. I just put the proper FQDN in the Smart Host connector..
0
 
LVL 9

Expert Comment

by:DCMBS
ID: 24808304
Sounds good
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question