SPF email record

Hello Experts,
Our company has recently migrated email servers and we need to verify our SPF records are correct.  Its a simple environment with an exchange box sitting behind a barracuda spam firewall.  Here is what we have: (ive changed the info a bit to protect privacy)

mx record: mx01.somecompany.com
internal exchange server: mx01.eh.local
send connector on exchange: mx01.somecompany.com
receive connector on exchange: mx01.somecompany.com
barracuda spam filter (we run outbound messages through it): ehba-001.somecompany.com

our current spf record:
v=spf1 mx ptr ip4:[64.10.10.10] mx:mx01.somecompany.com -all


Here is a bounce back message from a hotmail account:

X-ASG-Debug-ID: 1299333332-03ca88770711720001-lEgx0r
Received: from mx01.somecompany.com (mx01.eh.local [10.20.8.3]) by
 EHBA-001.somecompany.com with ESMTP id xmFdy9k5s7XQ6JLj for
 <someemailaddr@hotmail.com>; Sat, 05 Mar 2011 07:55:36 -0600 (CST)
X-Barracuda-Envelope-From: sender@somecompany.com
Received: from MX01.eh.local ([fe80::7d84:be4a:4192:9c1]) by
 mx01.eh.local ([fe80::7d84:be4a:4192:9c1%18]) with mapi id
 14.01.0270.001; Sat, 5 Mar 2011 07:53:55 -0600


Do we need to add the barracuda (ehba-001.somecompany.com) to the spf record? Or our internal exchange server (mx01.eh.local)?  

Thanks for your help!!


speeder503Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
All that is needed in your SPF record is your sending IP Address.

You can check your SPF record is valid on the following site:

http://www.kitterman.com/spf/validate.html

And work out what to put in your SPF record here:

http://old.openspf.org/wizard.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alan HardistyCo-OwnerCommented:
If your current SPF record is:

v=spf1 mx ptr ip4:[64.10.10.10] mx:mx01.somecompany.com -all

Then you need to remove the square brackets from around the IP Address so it looks like this:

v=spf1 mx ptr ip4:64.10.10.10 mx:mx01.somecompany.com -all
0
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
In answer to the question, to TEST your SPF record, you have many options:

1) If you have a Linux system, use the command (part of bind/named)
dig txt domain.com
 -- or, if you're using a newer DNS server, try --
dig spf domain.com
In either case, your SPF record will be in the response

2) If you want a web-based test, try here
Good Luck!

Dan
IT4SOHO
0
speeder503Author Commented:
Thanks for the suggestions:
I've modified the spf record to read: v=spf1 mx ptr ip4:myaddr -all  and it passes on kitterman.com's website.  However I still receive a 550 sc-002 message from hotmail.

Im concerned by the following header received by hotmail:

Received: from mx01.somecompany.com (mx01.eh.local [10.20.8.3]) by
 EHBA-001.somecompany.com

Are we sure I do not need to add the ip address of EHBA-001.somecompany.com to the spf record?
0
Alan HardistyCo-OwnerCommented:
Is EHBA-001.somecompany.com the internal FQDN of your Exchange Server?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.