Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SPF email record

Posted on 2011-03-05
5
Medium Priority
?
1,355 Views
Last Modified: 2012-06-27
Hello Experts,
Our company has recently migrated email servers and we need to verify our SPF records are correct.  Its a simple environment with an exchange box sitting behind a barracuda spam firewall.  Here is what we have: (ive changed the info a bit to protect privacy)

mx record: mx01.somecompany.com
internal exchange server: mx01.eh.local
send connector on exchange: mx01.somecompany.com
receive connector on exchange: mx01.somecompany.com
barracuda spam filter (we run outbound messages through it): ehba-001.somecompany.com

our current spf record:
v=spf1 mx ptr ip4:[64.10.10.10] mx:mx01.somecompany.com -all


Here is a bounce back message from a hotmail account:

X-ASG-Debug-ID: 1299333332-03ca88770711720001-lEgx0r
Received: from mx01.somecompany.com (mx01.eh.local [10.20.8.3]) by
 EHBA-001.somecompany.com with ESMTP id xmFdy9k5s7XQ6JLj for
 <someemailaddr@hotmail.com>; Sat, 05 Mar 2011 07:55:36 -0600 (CST)
X-Barracuda-Envelope-From: sender@somecompany.com
Received: from MX01.eh.local ([fe80::7d84:be4a:4192:9c1]) by
 mx01.eh.local ([fe80::7d84:be4a:4192:9c1%18]) with mapi id
 14.01.0270.001; Sat, 5 Mar 2011 07:53:55 -0600


Do we need to add the barracuda (ehba-001.somecompany.com) to the spf record? Or our internal exchange server (mx01.eh.local)?  

Thanks for your help!!


0
Comment
Question by:speeder503
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 35043696
All that is needed in your SPF record is your sending IP Address.

You can check your SPF record is valid on the following site:

http://www.kitterman.com/spf/validate.html

And work out what to put in your SPF record here:

http://old.openspf.org/wizard.html
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35043699
If your current SPF record is:

v=spf1 mx ptr ip4:[64.10.10.10] mx:mx01.somecompany.com -all

Then you need to remove the square brackets from around the IP Address so it looks like this:

v=spf1 mx ptr ip4:64.10.10.10 mx:mx01.somecompany.com -all
0
 
LVL 21

Expert Comment

by:Daniel McAllister
ID: 35044286
In answer to the question, to TEST your SPF record, you have many options:

1) If you have a Linux system, use the command (part of bind/named)
dig txt domain.com
 -- or, if you're using a newer DNS server, try --
dig spf domain.com
In either case, your SPF record will be in the response

2) If you want a web-based test, try here
Good Luck!

Dan
IT4SOHO
0
 

Author Comment

by:speeder503
ID: 35046942
Thanks for the suggestions:
I've modified the spf record to read: v=spf1 mx ptr ip4:myaddr -all  and it passes on kitterman.com's website.  However I still receive a 550 sc-002 message from hotmail.

Im concerned by the following header received by hotmail:

Received: from mx01.somecompany.com (mx01.eh.local [10.20.8.3]) by
 EHBA-001.somecompany.com

Are we sure I do not need to add the ip address of EHBA-001.somecompany.com to the spf record?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35046946
Is EHBA-001.somecompany.com the internal FQDN of your Exchange Server?
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question