[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

550 5.7.1 SPF SMTP Sender: Check failed for IP XXX.XX.XX.XX

Posted on 2011-03-15
43
Medium Priority
?
5,603 Views
Last Modified: 2012-05-11
Hello. First post.  I have taken over Exchange Server administration duties and am admittedly not very savvy on more technical Exchange issues.

I have 20 users and running Exchange SBS 2003.

We are having trouble receiving mail from yahoo.co.jp (Japanese Yahoo)

We do not have an SPF record published and I am using IPCop 1.4.21

We get a bounce message that says:

Connected to XX.XX.XX.XX  (My IP Address) but sender was rejected.
Remote host said: 550 5.7.1 SPF SMTP Sender: check failed for IP 183.79.28.72


= Original message follows.
= ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿
Return-Path:
Received: (qmail 94588 invoked by uid 60001); 15 Mar 2011 13:14:28 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=yj20050223; d=yahoo.co.jp;
h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type;
b=kO5b96YdM4vKtiWtSK/g5gmVvcrfJ7QEgIGN9grE+bNgcwJfD8pUAMl6pMvDnpWOiq3jkHcpSs0pKiLwMKvxdcu+XmWj97yJ5e0/lxkiQgk4+UZYctd27JbY5NBgqEs9 ;
Message-ID: <20110315131428.94586.qmail@web100303.mail.kks.yahoo.co.jp>
Received: from [75.151.xxx.xxx] by web100303.mail.kks.yahoo.co.jp via HTTP; Tue, 15 Mar 2011 22:14:27 JST
Date: Tue, 15 Mar 2011 22:14:27 +0900 (JST)
From: Name Name
To: me@domain.com
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-449086618-1300194867=:91450"

Can someone help me figure out if I am blocking this somehow?  

Thanks
0
Comment
Question by:mat7355
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 19
  • 19
  • 2
  • +2
43 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 35141043
Remote host said: 550 5.7.1 SPF SMTP Sender: check failed for IP 183.79.28.72

What is 183.79.28.72? Your server?
0
 
LVL 11

Expert Comment

by:Old User
ID: 35141085
0
 

Author Comment

by:mat7355
ID: 35141090
That is yahoo.co.jp server.

Thanks!
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35141238
SPF is used to verify that the sending server is permitted to send mail on behalf of the sending domain, so if SPF is failing on inbound mail, then that is a problem with the sending end, not your end.

You not having an SPF record is not relevant for inbound mail, only outbound mail.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35141345
Checking the ip address against the test at http://www.kitterman.com/spf/validate.html shows the following result:


Input accepted, querying now...


Mail sent from this IP address: 183.79.28.72
Mail from (Sender): administrator@yahoo.co.jp
Mail checked using this SPF policy: v=spf1 include:spf.yahoo.co.jp ~all
Results - PASS sender SPF authorized

Mail sent from: 183.79.28.72
Mail Server HELO/EHLO identity: web100303.mail.kks.yahoo.co.jo

HELO/EHLO Results - none

This suggests that your server is not configured correctly as the test for that IP passes happily!!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35141368
Testing for the other IP address listed in the email headers actually gives a soft-fail result:

Input accepted, querying now...

Mail sent from this IP address: 75.151.xxx.xxx
Mail from (Sender): administrator@yahoo.co.jp
Mail checked using this SPF policy: v=spf1 include:spf.yahoo.co.jp ~all
Results - softfail domain owner discourages use of this host

Mail sent from: 75.151.xxx.xxx
Mail Server HELO/EHLO identity: web100303.mail.kks.yahoo.co.jo

HELO/EHLO Results - none
0
 

Author Comment

by:mat7355
ID: 35141610
dperston68,

Sender ID Filtering is set to Accept
In the EMS, -->Default SMTP Virtual Server Properties -->Advanced --> APPLY RECIPIENT FILTER is the only option checked.

Does that answer your question?
0
 

Author Comment

by:mat7355
ID: 35141618
So alan, what does that mean?  
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35141679
Well - it depends on the connecting IP address.  From the rejection message you get one IP, from the header you get another.

The IP 75.151.xxx.xxx is a comcast IP address and thus won't be permitted to be sending as yahoo.co.jp but the other IP is 183.79.28.72 and that is a yahoo.co.jp address and is the yahoo server.

So it looks like your server is checking the originating IP address and not the connecting IP address, thus the check will fail.

Do you have any settings you can change for your SPF software?
0
 

Author Comment

by:mat7355
ID: 35141730
to be honest....  I dont know.  any ideas?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35141755
Is IP Cop your anti spam software?
0
 

Author Comment

by:mat7355
ID: 35141818
yes....mail coming in to my office goes to IP Cop and then is sent to exchange for distribution
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35141846
What happens to your mail and why is yahoo.co.jp doing in the mail-flow?  Do they receive your mail, filter it and pass it on?

I don't see the sender email via yahoo.co.jp to send you mail unless you have a yahoo.co.jp email address!
0
 

Author Comment

by:mat7355
ID: 35141882
I am trying to receive email from several people who are in Japan.  Their mail gets returned to them undelivered with the message above.  

My company does lots of business with people in Japan.

Most of the time, when I try to send mail to them, I get a delay and then a failure notice.
0
 
LVL 6

Expert Comment

by:Syngin9
ID: 35142082
Hmm, this wouldn't happen to have anything to do with the tsunami and earth quake would it?

Just a thought.

 It looks like your server is rejecting email from them based on a failed SPF lookup for their domain.

An SPF lookup on their domain reveals that they don't have an SPF record? This is strange due to the size of the company.  Maybe they have a DNS server cluster down?

Your server shouldn't be set to reject based on a soft fail SPF check, only hard fails.
0
 

Author Comment

by:mat7355
ID: 35142158
no, this began well before the tsunami.  

If sender id validation fails, my exchange server is set to accept. I do not have an spf record but yahoo.co.jp does.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35142169
Is the 75.151.xxx.xxx IP your server's IP address?

Please post your domain name / IP address (which I will obscure), as without this info, it is going to be difficult to provide a sensible answer for you.

Alan
0
 
LVL 6

Expert Comment

by:Syngin9
ID: 35142206
Can you post the SPF record you see for yahoo.co.jp? A lookup on my end doesn't turn up an SPF record.

Also, Sender ID and SPF aren't the same thing:

http://www.openspf.org/SPF_vs_Sender_ID
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35142311
If you are not comfortable posting here- my contact details are in my profile.

Alan
0
 

Author Comment

by:mat7355
ID: 35142354
From http://www.kitterman.com/spf/validate.html 

SPF records are primarily published in DNS as TXT records.

The TXT records found for your domain are:
v=spf1 include:spf.yahoo.co.jp ~all


SPF records should also be published in DNS as type SPF records.

No type SPF records found.

Checking to see if there is a valid SPF record.

Found v=spf1 record for yahoo.co.jp:
v=spf1 include:spf.yahoo.co.jp ~all

evaluating...
SPF record passed validation test with pySPF (Python SPF library)!
0
 

Author Comment

by:mat7355
ID: 35142385
Thanks!  Very cool.  :-)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35142454
Okay - your question says we are having problems receiving, yet you post a bounce message, suggesting you are having problems sending.

Which is it?  Sending or receiving?

Assuming it is sending, do you send mail via your ISP directly as a smarthost, or do you use DNS to send directly?
0
 

Author Comment

by:mat7355
ID: 35142561
in this case, the bounce you see was sent to me at my personal address from the person in Japan who recieved it.

So it went like this.  They tried to send me an email to my normal email/domain.  It came back to them undeliverable.  I asked them to send the undeliverable message to me at my personal gmail addy.

That message is the one i posted above.
0
 

Author Comment

by:mat7355
ID: 35142565
sorry i wasnt more clear on that in my OP
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35142629
Not a problem.

Not getting any bright ideas here!

Can you ask them to send me an email to alan @ it-eye.co.uk please - I'll see what my server makes of them.

Thanks

Alan
0
 

Author Comment

by:mat7355
ID: 35142652
yes, i can do that, but it wont happen until in the morning...thanks for all your help.  I am not the dullest knife in the drawer but today it sure feels like it.  :-)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35142675
No problems - just let me know when they have tried and if it doesn't make it, I can check my anti-spam logs for the reason why.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35142700
I spent several hours yesterday moving a telephone line for a customer and every time I tested the line with their phone, I got nothing but a beep from the phone - no dial-tone.  After 2 hours of getting nowhere, I put everything back to how it was and tested again - same problem.

So I asked the customer if their phone worked and they then advised me that they had two cordless handsets and one didn't work - the one I had!  I tried the other and that worked instantly.   5 minutes later the line was moved and working :D

I have asked them to throw away the faulty handset!!!

0
 

Author Comment

by:mat7355
ID: 35142788
haha!!  nice!
0
 

Author Comment

by:mat7355
ID: 35147878
Good morning.  you should have an email from my contact in Japan. :-)

She sent me another undeliverable notice that she got trying to send to another user on my domain.

MAILER-DAEMON@yahoo.co.jp <MAILER-DAEMON@yahoo.co.jp> wrote:


Date:2011/3/15, Tue 10:31
From:MAILER-DAEMON@yahoo.co.jp <MAILER-DAEMON@yahoo.co.jp>
Subject:failure delivery
To:shimacchi_tiny@yahoo.co.jp



Message from  yahoo.co.jp.
Unable to deliver message to the following address(es).

======================================================================
¿¿¿¿¿¿¿¿Yahoo!¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿
¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿
======================================================================

¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿
¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿

= ¿¿¿¿¿¿¿¿

<name@mydomain.com>:

Connected to 75.XXX.XX.XX but sender was rejected.

Remote host said: 550 5.7.1 SPF SMTP Sender: check failed for IP 183.79.28.80

<adifferentname@mydomain.com>:

Connected to 75.XXX.XX.XX but sender was rejected.

Remote host said: 550 5.7.1 SPF SMTP Sender: check failed for IP 183.79.28.80



= Original message follows.
= ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿

Return-Path: <japanuser@yahoo.co.jp>
Received: (qmail 39250 invoked by uid 60001); 15 Mar 2011 15:31:19 -0000

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=yj20050223; d=yahoo.co.jp;

h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=sYguH4dKalQ9tSZ7kE6TGWN2mjEaYyIx5V08Yy5d2e4sz7N7zcUfVlp9E/X2dYgsh6VcrnIf+NXDq2W4PTlk9X+lIcTwpKvfbS6W785zps/fuNQ/TXRW5JEjzBPKWv3N  ;
Message-ID: <20110315153119.39248.qmail@web100311.mail.kks.yahoo.co.jp>
X-YMail-OSG: cdhMsbsVM1mobpHHqMT5syUFSLST48F6yeV_RkzRObk_jmjmgiPAV.BR_JAgK4SUf3SAY5TrThQcwx.565v5xt9J9nITmNNimRK2O4M9MFNljzc1OIq.mXz97A_wuaNl8jEuCaU6etMzaex8tqZARQkdgiyQSGd6E0i6rnh_LZELfkw.ctIaqy_DCOK4Pi6FF3MSSJ1QMMmOfswKLGTRr8GCuyNIhgWhL4BqkcO5FwU1pz67ZzS254s-
Received: from [75.XXX.XX.XX] by web100311.mail.kks.yahoo.co.jp via HTTP; Wed, 16 Mar 2011 00:31:19 JST
X-Mailer: YahooMailWebService/0.7.289.12_30
Date: Wed, 16 Mar 2011 00:31:19 +0900 (JST)
From: Name<japanuser@yahoo.co.jp>
Subject: test
To: name@mydomain.com,
=?iso-2022-jp?B?GyRCJC0kaCRfJDUkcyEhMnE8UhsoQg==?= <anothername@mydomain.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1495250978-1300203079=:35866"

--0-1495250978-1300203079=:35866

Content-Type: text/plain; charset=iso-2022-jp


¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿~¿

¿¿¿
--0-1495250978-1300203079=:35866

Content-Type: text/html; charset=iso-2022-jp


<div>¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿~¿</div>
<div>&nbsp;</div>
<div>¿¿¿</div>
--0-1495250978-1300203079=:35866--
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 35147910
I have received an email from a Japanese sounding person, so that would suggest that all is well with the SPF record, but I am out and about fixing a customer's server so can't check my server, but will do when I am finished and will report back.

Sounds like your Anti-Spam software is not configured correctly.
0
 

Author Comment

by:mat7355
ID: 35148439
OK...here's where I am now.

I found a setting in my anti-spam software.  (Hexamail Guard) Sender Policy checking was enabled and soft fail was set to reject and fail is set to reject.

The other options I have are block and accept.  I set it to accept the soft fails and the email came through!

The whole time I thought Exchange was the problem!

Thanks so much.  Any additional comments ideas are welcome!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35148948
I reject on soft-fail too, so it seems your software is possibly reading the SPF record incorrectly, or is a little bit harsher in applying the policy!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35152406
Having checked my server - the email sailed straight through with no errors and no issue with the SPF, even with soft-fail enabled, so it seems your software is doing something different to mine only I don't know what as I don't know the software.
0
 

Author Comment

by:mat7355
ID: 35152532
Yes for some reason, HEXAMAIL GUARD is giving it a soft fail.  I am not sure either about why.  I set it to Allow soft fail.  Do you think thats a bad idea?  We get A LOT of spam.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35152557
Well - from a soft-fail / anti-spam perspective, that is exactly what I do with soft-fails, but from the perspective of is it working properly, then that's a different matter.

How happy are you with the Hexamail Guard and how much does it cost you?
0
 

Author Comment

by:mat7355
ID: 35156971
I am very happy with it.  Our company advertises the email address of our staff so we recieve TONS of viagra, rolex, russian wife spam.

The cost is about 650 for 50 user licenses.  Not too bad considering the time saved.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35157010
Okay - if you could replace it with a piece of software that cost $249 dollars as a one-off cost and approx $99 if you choose to renew it annually, priced per server and no user limit, and it is incredibly effective, would that be an interesting idea?

If you like the product and it works happily, apart from not doing what you expect it to, is there an update for it?
0
 

Author Comment

by:mat7355
ID: 35159079
Obviously I'd be open to the idea.  However, aside from this recent problem, I have been very happy with Hexamail so far.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35159112
Okay - well if you think about straying, then take a look at Vamsoft ORF - www.vamsoft.com.

If you leave the Soft-Fail disabled on your device, then hopefully you will be happier, but I am surprised that the device is seeing a Soft-Fail as my end doesn't, but then they could be querying different things!

Worth a call to the manufacturer to see what they say I think.
0
 

Author Comment

by:mat7355
ID: 35160984
I sent in a support ticket.  They are on UK time so I probably wont hear anything until tomorrow.  I'll let you know what they say.

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35161006
Ah - only UK people like me working this late!

Fingers crossed you hear back soon.

Alan
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question