aconway
asked on
SPF Policy rejection from remote email server
SBS2008.
Having problems sending email to a specific domain. It's returning a 550 SPF Policy Framework error saying we're being rejected. There IS an SPF Record set up, and I just verified it through a SPF look up tool: http://www.kitterman.com/spf/validate.html
Exchange is set to use the ISP's (Integra Online) SMTP as a Smart Host for all external mail delivery. Could this be part of the problem with the SPF? There were so many odd delivery problems, using the ISP's SMTP as a Smart Host solved 95% of them.. I'd like to keep using it as a smart host if possible.
It looks like, according to the error, the Exchange server is identifying itself as the .LOCAL domain instead of it's Internet domain.. could this be the problem? The MX record is set up properly and when i telnet into the server via the MX record DNS name, I get the proper FQDN for the external domain..
Ideas?
Error below:
Hi. This is the qmail-send program at mail.integraonline.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
Please visit http://support.integraonline.com/failure.html if you have questions about why you have received this message. Do NOT reply to this message.
Your e-mail was returned for the following reason(s):
<externaluser@portofportla
207.109.34.83 failed after I sent the message.
Remote host said: 550 The sender did not meet Sender Policy Framework rules. Please see http://spf.pobox.com
--- Below this line is a copy of the message.
Return-Path: <internaluser@worldoregon.
Received: (qmail 7838 invoked from network); 8 Jul 2009 18:32:58 -0000
Received: from unknown (HELO SERVER.wac.local) (internaluser.worldoregon.
(envelope-sender <internaluser@worldoregon.
by relay3.integra.net (qmail-ldap-1.03) with SMTP
for <externaluser@portofportla
Received: from SERVER.wac.local ([fe80::1168:4e84:b8f0:e3b
11:32:59 -0700
From: Internal user <internaluser@worldoregon.
To: "External User" <externaluser@portofportla
Date: Wed, 8 Jul 2009 11:32:57 -0700
Subject: RE: Test
Thread-Topic: Test
Thread-Index: Acn/+nnKCXQJMu7FQwu7agbLfp
Message-ID: <F68A50BCEA0DE84F8DBBD3037
References: <4046D668F6818C46836C9A81F
In-Reply-To: <4046D668F6818C46836C9A81F
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary="_000_F68A50BCEA0
MIME-Version: 1.0
--_000_F68A50BCEA0DE84F8DB
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding:
test
From: External User [mailto:externaluser@porto
Sent: Wednesday, July 08, 2009 11:33 AM
To: Internal User
Subject: Test
Having problems sending email to a specific domain. It's returning a 550 SPF Policy Framework error saying we're being rejected. There IS an SPF Record set up, and I just verified it through a SPF look up tool: http://www.kitterman.com/spf/validate.html
Exchange is set to use the ISP's (Integra Online) SMTP as a Smart Host for all external mail delivery. Could this be part of the problem with the SPF? There were so many odd delivery problems, using the ISP's SMTP as a Smart Host solved 95% of them.. I'd like to keep using it as a smart host if possible.
It looks like, according to the error, the Exchange server is identifying itself as the .LOCAL domain instead of it's Internet domain.. could this be the problem? The MX record is set up properly and when i telnet into the server via the MX record DNS name, I get the proper FQDN for the external domain..
Ideas?
Error below:
Hi. This is the qmail-send program at mail.integraonline.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
Please visit http://support.integraonline.com/failure.html if you have questions about why you have received this message. Do NOT reply to this message.
Your e-mail was returned for the following reason(s):
<externaluser@portofportla
207.109.34.83 failed after I sent the message.
Remote host said: 550 The sender did not meet Sender Policy Framework rules. Please see http://spf.pobox.com
--- Below this line is a copy of the message.
Return-Path: <internaluser@worldoregon.
Received: (qmail 7838 invoked from network); 8 Jul 2009 18:32:58 -0000
Received: from unknown (HELO SERVER.wac.local) (internaluser.worldoregon.
(envelope-sender <internaluser@worldoregon.
by relay3.integra.net (qmail-ldap-1.03) with SMTP
for <externaluser@portofportla
Received: from SERVER.wac.local ([fe80::1168:4e84:b8f0:e3b
11:32:59 -0700
From: Internal user <internaluser@worldoregon.
To: "External User" <externaluser@portofportla
Date: Wed, 8 Jul 2009 11:32:57 -0700
Subject: RE: Test
Thread-Topic: Test
Thread-Index: Acn/+nnKCXQJMu7FQwu7agbLfp
Message-ID: <F68A50BCEA0DE84F8DBBD3037
References: <4046D668F6818C46836C9A81F
In-Reply-To: <4046D668F6818C46836C9A81F
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary="_000_F68A50BCEA0
MIME-Version: 1.0
--_000_F68A50BCEA0DE84F8DB
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding:
test
From: External User [mailto:externaluser@porto
Sent: Wednesday, July 08, 2009 11:33 AM
To: Internal User
Subject: Test
DCMBS
Is the ip of the smarthost listed as an authorised email source in the SPF record.
ASKER
NO, it sure isn't.. that seems obvious now.. I will get that added.. I bet that was it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Still somewhat new to Exchange 2007..
Do you mean Under Hub Transport/Send Connectors/Smart Host Connector Properties/General Tab?
I have 2 connectors in there.. the default SBS connector (which already had the proper FQDN) and the Smart Host connector, which had a blank FQDN.. I just put the proper FQDN in the Smart Host connector..
Do you mean Under Hub Transport/Send Connectors/Smart Host Connector Properties/General Tab?
I have 2 connectors in there.. the default SBS connector (which already had the proper FQDN) and the Smart Host connector, which had a blank FQDN.. I just put the proper FQDN in the Smart Host connector..
Sounds good