We help IT Professionals succeed at work.
Get Started

Postini #550 SPF forgery

2,447 Views
Last Modified: 2012-05-09
I am suddenly recieving bounce back emails from my exchange 2007 server saying that there is a Postini #550 SPF forgery

Postini by Google is my spam filtering product which used outbounds7.postini.com as it's SMTP server.

We use smart hosts and never had this problem before, but its becoming more and more of an issue.

Delivery has failed to these recipients or distribution lists:
 
'docs@x.com'
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.
 
The following organization rejected your message: Postini.
 
  _____  
Sent by Microsoft Exchange Server 2007





 
Diagnostic information for administrators:
 
Generating server: mail.x.tv
 
docs@x.com
Postini #550 SPF forgery: (Deleted for privacy)
 
Original message headers:
 
Received: from mail.x.tv ([192.168.22.13]) by mail.x.tv
 ([192.168.22.13]) with mapi; Fri, 11 Jun 2010 12:17:56 -0400
From: David x <david@x.tv>
To: "'docs@x.com'" <docs@x.com>
Importance: high
X-Priority: 1
Date: Fri, 11 Jun 2010 12:17:55 -0400
Subject: Order 9129406 - Documents
Thread-Topic: Order 9129406 - Documents
Thread-Index: AcsJgaZglxh/omjMRqOXiGskb41weA==
Message-ID: <91FEC5A4A8289A4F8EA86A7D3D7E99DD0639DADAFD@mail.x.tv>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/mixed;
        boundary="_004_91FEC5A4A8289A4F8EA86A7D3D7E99DD0639DADAFDmailindelible_"
MIME-Version: 1.0



That is the EMAIL that bounces back, now this is the link that is included







Why did SPF cause my mail to be rejected?
What is SPF?

SPF is an extension to Internet e-mail. It prevents unauthorized people from forging your e-mail address (see the introduction). But for it to work, your own or your e-mail service provider's setup may need to be adjusted. Otherwise, the system may mistake you for an unauthorized sender.

Note that there is no central institution that enforces SPF. If a message of yours gets blocked due to SPF, this is because (1) your domain has declared an SPF policy that forbids you to send through the mail server through which you sent the message, and (2) the recipient's mail server detected this and blocked the message.
mcmail4.mcr.colo.comodo.net rejected a message that claimed an envelope sender address of david@x.tv.

mcmail4.mcr.colo.comodo.net received a message from exprod7og111.obsmtp.com (64.18.2.175) that claimed an envelope sender address of david@x.tv.

However, the domain indelible.tv has declared using SPF that it does not send mail through exprod7og111.obsmtp.com (64.18.2.175). That is why the message was rejected.
If you are david@x.tv:
x
x.tv should have given you a way to send mail through an authorized server.

If you are using a mail program as opposed to web-mail, you may need to update the "SMTP server" configuration setting according to your ISP's instructions. You may also need to turn on authentication, and enter your username and password in your mail program's options. Please contact your ISP for assistance.

If you run your own MTA, you may have to set a "smarthost" or "relayhost". If you are mailing from outside your ISP's network, you may also have to make your MTA use authenticated SMTP. Ideally your server should listen on port 587 as well as port 25.

If your mail was correctly sent, but was rejected because it passed through a forwarding service, as an interim solution you can mail the final destination address directly (it should be shown in the bounce message). See the forwarding best practices (or refer the recipient there) for the discussion of a proper solution.

If you need further help, see our support section for free support and professional consulting services.
If you are confident that your message did go through an authorized server:

The administrator of the domain indelible.tv may have incorrectly configured its SPF record. This is a common cause of mistakes.

Here's what you can do: Contact the indelible.tv postmaster and tell them that they need to change indelible.tv's SPF record so that it authorizes exprod7og111.obsmtp.com. For example, they could change the record to something like

    v=spf1 mx include:spf.mailengine1.com ip4:66.59.3.188 a:exprod7og111.obsmtp.com -all

If you refer your postmaster to this web page, they should be able to solve the problem.
If you did not send the message:

SPF successfully blocked a forgery attempt; someone tried to send mail pretending to be from david@x.tv, but the message was rejected before anybody saw it. This means SPF is working as designed.
How can I reference this web page for explaining SPF results?

This web page is a public service of the SPF project. SPF implementations can (and do) use it to help explain the results of SPF checks by presenting to users a parameterized link to this page. See the "Why?" page documentation for details on how this works.


Help would be MOST appreciated
Comment
Watch Question
PowerShell Developer
CERTIFIED EXPERT
Top Expert 2010
Commented:
This problem has been solved!
Unlock 1 Answer and 40 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE