Solved

550 5.7.1 SPF SMTP Sender: Check failed for IP XXX.XX.XX.XX

Posted on 2011-03-15
43
5,132 Views
Last Modified: 2012-05-11
Hello. First post.  I have taken over Exchange Server administration duties and am admittedly not very savvy on more technical Exchange issues.

I have 20 users and running Exchange SBS 2003.

We are having trouble receiving mail from yahoo.co.jp (Japanese Yahoo)

We do not have an SPF record published and I am using IPCop 1.4.21

We get a bounce message that says:

Connected to XX.XX.XX.XX  (My IP Address) but sender was rejected.
Remote host said: 550 5.7.1 SPF SMTP Sender: check failed for IP 183.79.28.72


= Original message follows.
= ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿
Return-Path:
Received: (qmail 94588 invoked by uid 60001); 15 Mar 2011 13:14:28 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=yj20050223; d=yahoo.co.jp;
h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type;
b=kO5b96YdM4vKtiWtSK/g5gmVvcrfJ7QEgIGN9grE+bNgcwJfD8pUAMl6pMvDnpWOiq3jkHcpSs0pKiLwMKvxdcu+XmWj97yJ5e0/lxkiQgk4+UZYctd27JbY5NBgqEs9 ;
Message-ID: <20110315131428.94586.qmail@web100303.mail.kks.yahoo.co.jp>
Received: from [75.151.xxx.xxx] by web100303.mail.kks.yahoo.co.jp via HTTP; Tue, 15 Mar 2011 22:14:27 JST
Date: Tue, 15 Mar 2011 22:14:27 +0900 (JST)
From: Name Name
To: me@domain.com
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-449086618-1300194867=:91450"

Can someone help me figure out if I am blocking this somehow?  

Thanks
0
Comment
Question by:mat7355
  • 19
  • 19
  • 2
  • +2
43 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Remote host said: 550 5.7.1 SPF SMTP Sender: check failed for IP 183.79.28.72

What is 183.79.28.72? Your server?
0
 
LVL 11

Expert Comment

by:Old User
Comment Utility
0
 

Author Comment

by:mat7355
Comment Utility
That is yahoo.co.jp server.

Thanks!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
SPF is used to verify that the sending server is permitted to send mail on behalf of the sending domain, so if SPF is failing on inbound mail, then that is a problem with the sending end, not your end.

You not having an SPF record is not relevant for inbound mail, only outbound mail.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Checking the ip address against the test at http://www.kitterman.com/spf/validate.html shows the following result:


Input accepted, querying now...


Mail sent from this IP address: 183.79.28.72
Mail from (Sender): administrator@yahoo.co.jp
Mail checked using this SPF policy: v=spf1 include:spf.yahoo.co.jp ~all
Results - PASS sender SPF authorized

Mail sent from: 183.79.28.72
Mail Server HELO/EHLO identity: web100303.mail.kks.yahoo.co.jo

HELO/EHLO Results - none

This suggests that your server is not configured correctly as the test for that IP passes happily!!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Testing for the other IP address listed in the email headers actually gives a soft-fail result:

Input accepted, querying now...

Mail sent from this IP address: 75.151.xxx.xxx
Mail from (Sender): administrator@yahoo.co.jp
Mail checked using this SPF policy: v=spf1 include:spf.yahoo.co.jp ~all
Results - softfail domain owner discourages use of this host

Mail sent from: 75.151.xxx.xxx
Mail Server HELO/EHLO identity: web100303.mail.kks.yahoo.co.jo

HELO/EHLO Results - none
0
 

Author Comment

by:mat7355
Comment Utility
dperston68,

Sender ID Filtering is set to Accept
In the EMS, -->Default SMTP Virtual Server Properties -->Advanced --> APPLY RECIPIENT FILTER is the only option checked.

Does that answer your question?
0
 

Author Comment

by:mat7355
Comment Utility
So alan, what does that mean?  
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Well - it depends on the connecting IP address.  From the rejection message you get one IP, from the header you get another.

The IP 75.151.xxx.xxx is a comcast IP address and thus won't be permitted to be sending as yahoo.co.jp but the other IP is 183.79.28.72 and that is a yahoo.co.jp address and is the yahoo server.

So it looks like your server is checking the originating IP address and not the connecting IP address, thus the check will fail.

Do you have any settings you can change for your SPF software?
0
 

Author Comment

by:mat7355
Comment Utility
to be honest....  I dont know.  any ideas?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Is IP Cop your anti spam software?
0
 

Author Comment

by:mat7355
Comment Utility
yes....mail coming in to my office goes to IP Cop and then is sent to exchange for distribution
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
What happens to your mail and why is yahoo.co.jp doing in the mail-flow?  Do they receive your mail, filter it and pass it on?

I don't see the sender email via yahoo.co.jp to send you mail unless you have a yahoo.co.jp email address!
0
 

Author Comment

by:mat7355
Comment Utility
I am trying to receive email from several people who are in Japan.  Their mail gets returned to them undelivered with the message above.  

My company does lots of business with people in Japan.

Most of the time, when I try to send mail to them, I get a delay and then a failure notice.
0
 
LVL 6

Expert Comment

by:Syngin9
Comment Utility
Hmm, this wouldn't happen to have anything to do with the tsunami and earth quake would it?

Just a thought.

 It looks like your server is rejecting email from them based on a failed SPF lookup for their domain.

An SPF lookup on their domain reveals that they don't have an SPF record? This is strange due to the size of the company.  Maybe they have a DNS server cluster down?

Your server shouldn't be set to reject based on a soft fail SPF check, only hard fails.
0
 

Author Comment

by:mat7355
Comment Utility
no, this began well before the tsunami.  

If sender id validation fails, my exchange server is set to accept. I do not have an spf record but yahoo.co.jp does.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Is the 75.151.xxx.xxx IP your server's IP address?

Please post your domain name / IP address (which I will obscure), as without this info, it is going to be difficult to provide a sensible answer for you.

Alan
0
 
LVL 6

Expert Comment

by:Syngin9
Comment Utility
Can you post the SPF record you see for yahoo.co.jp? A lookup on my end doesn't turn up an SPF record.

Also, Sender ID and SPF aren't the same thing:

http://www.openspf.org/SPF_vs_Sender_ID
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
If you are not comfortable posting here- my contact details are in my profile.

Alan
0
 

Author Comment

by:mat7355
Comment Utility
From http://www.kitterman.com/spf/validate.html

SPF records are primarily published in DNS as TXT records.

The TXT records found for your domain are:
v=spf1 include:spf.yahoo.co.jp ~all


SPF records should also be published in DNS as type SPF records.

No type SPF records found.

Checking to see if there is a valid SPF record.

Found v=spf1 record for yahoo.co.jp:
v=spf1 include:spf.yahoo.co.jp ~all

evaluating...
SPF record passed validation test with pySPF (Python SPF library)!
0
 

Author Comment

by:mat7355
Comment Utility
Thanks!  Very cool.  :-)
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Okay - your question says we are having problems receiving, yet you post a bounce message, suggesting you are having problems sending.

Which is it?  Sending or receiving?

Assuming it is sending, do you send mail via your ISP directly as a smarthost, or do you use DNS to send directly?
0
 

Author Comment

by:mat7355
Comment Utility
in this case, the bounce you see was sent to me at my personal address from the person in Japan who recieved it.

So it went like this.  They tried to send me an email to my normal email/domain.  It came back to them undeliverable.  I asked them to send the undeliverable message to me at my personal gmail addy.

That message is the one i posted above.
0
 

Author Comment

by:mat7355
Comment Utility
sorry i wasnt more clear on that in my OP
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Not a problem.

Not getting any bright ideas here!

Can you ask them to send me an email to alan @ it-eye.co.uk please - I'll see what my server makes of them.

Thanks

Alan
0
 

Author Comment

by:mat7355
Comment Utility
yes, i can do that, but it wont happen until in the morning...thanks for all your help.  I am not the dullest knife in the drawer but today it sure feels like it.  :-)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
No problems - just let me know when they have tried and if it doesn't make it, I can check my anti-spam logs for the reason why.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
I spent several hours yesterday moving a telephone line for a customer and every time I tested the line with their phone, I got nothing but a beep from the phone - no dial-tone.  After 2 hours of getting nowhere, I put everything back to how it was and tested again - same problem.

So I asked the customer if their phone worked and they then advised me that they had two cordless handsets and one didn't work - the one I had!  I tried the other and that worked instantly.   5 minutes later the line was moved and working :D

I have asked them to throw away the faulty handset!!!

0
 

Author Comment

by:mat7355
Comment Utility
haha!!  nice!
0
 

Author Comment

by:mat7355
Comment Utility
Good morning.  you should have an email from my contact in Japan. :-)

She sent me another undeliverable notice that she got trying to send to another user on my domain.

MAILER-DAEMON@yahoo.co.jp <MAILER-DAEMON@yahoo.co.jp> wrote:


Date:2011/3/15, Tue 10:31
From:MAILER-DAEMON@yahoo.co.jp <MAILER-DAEMON@yahoo.co.jp>
Subject:failure delivery
To:shimacchi_tiny@yahoo.co.jp



Message from  yahoo.co.jp.
Unable to deliver message to the following address(es).

======================================================================
¿¿¿¿¿¿¿¿Yahoo!¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿
¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿
======================================================================

¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿
¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿

= ¿¿¿¿¿¿¿¿

<name@mydomain.com>:

Connected to 75.XXX.XX.XX but sender was rejected.

Remote host said: 550 5.7.1 SPF SMTP Sender: check failed for IP 183.79.28.80

<adifferentname@mydomain.com>:

Connected to 75.XXX.XX.XX but sender was rejected.

Remote host said: 550 5.7.1 SPF SMTP Sender: check failed for IP 183.79.28.80



= Original message follows.
= ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿

Return-Path: <japanuser@yahoo.co.jp>
Received: (qmail 39250 invoked by uid 60001); 15 Mar 2011 15:31:19 -0000

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=yj20050223; d=yahoo.co.jp;

h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=sYguH4dKalQ9tSZ7kE6TGWN2mjEaYyIx5V08Yy5d2e4sz7N7zcUfVlp9E/X2dYgsh6VcrnIf+NXDq2W4PTlk9X+lIcTwpKvfbS6W785zps/fuNQ/TXRW5JEjzBPKWv3N  ;
Message-ID: <20110315153119.39248.qmail@web100311.mail.kks.yahoo.co.jp>
X-YMail-OSG: cdhMsbsVM1mobpHHqMT5syUFSLST48F6yeV_RkzRObk_jmjmgiPAV.BR_JAgK4SUf3SAY5TrThQcwx.565v5xt9J9nITmNNimRK2O4M9MFNljzc1OIq.mXz97A_wuaNl8jEuCaU6etMzaex8tqZARQkdgiyQSGd6E0i6rnh_LZELfkw.ctIaqy_DCOK4Pi6FF3MSSJ1QMMmOfswKLGTRr8GCuyNIhgWhL4BqkcO5FwU1pz67ZzS254s-
Received: from [75.XXX.XX.XX] by web100311.mail.kks.yahoo.co.jp via HTTP; Wed, 16 Mar 2011 00:31:19 JST
X-Mailer: YahooMailWebService/0.7.289.12_30
Date: Wed, 16 Mar 2011 00:31:19 +0900 (JST)
From: Name<japanuser@yahoo.co.jp>
Subject: test
To: name@mydomain.com,
=?iso-2022-jp?B?GyRCJC0kaCRfJDUkcyEhMnE8UhsoQg==?= <anothername@mydomain.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1495250978-1300203079=:35866"

--0-1495250978-1300203079=:35866

Content-Type: text/plain; charset=iso-2022-jp


¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿~¿

¿¿¿
--0-1495250978-1300203079=:35866

Content-Type: text/html; charset=iso-2022-jp


<div>¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿~¿</div>
<div>&nbsp;</div>
<div>¿¿¿</div>
--0-1495250978-1300203079=:35866--
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
Comment Utility
I have received an email from a Japanese sounding person, so that would suggest that all is well with the SPF record, but I am out and about fixing a customer's server so can't check my server, but will do when I am finished and will report back.

Sounds like your Anti-Spam software is not configured correctly.
0
 

Author Comment

by:mat7355
Comment Utility
OK...here's where I am now.

I found a setting in my anti-spam software.  (Hexamail Guard) Sender Policy checking was enabled and soft fail was set to reject and fail is set to reject.

The other options I have are block and accept.  I set it to accept the soft fails and the email came through!

The whole time I thought Exchange was the problem!

Thanks so much.  Any additional comments ideas are welcome!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
I reject on soft-fail too, so it seems your software is possibly reading the SPF record incorrectly, or is a little bit harsher in applying the policy!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Having checked my server - the email sailed straight through with no errors and no issue with the SPF, even with soft-fail enabled, so it seems your software is doing something different to mine only I don't know what as I don't know the software.
0
 

Author Comment

by:mat7355
Comment Utility
Yes for some reason, HEXAMAIL GUARD is giving it a soft fail.  I am not sure either about why.  I set it to Allow soft fail.  Do you think thats a bad idea?  We get A LOT of spam.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Well - from a soft-fail / anti-spam perspective, that is exactly what I do with soft-fails, but from the perspective of is it working properly, then that's a different matter.

How happy are you with the Hexamail Guard and how much does it cost you?
0
 

Author Comment

by:mat7355
Comment Utility
I am very happy with it.  Our company advertises the email address of our staff so we recieve TONS of viagra, rolex, russian wife spam.

The cost is about 650 for 50 user licenses.  Not too bad considering the time saved.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Okay - if you could replace it with a piece of software that cost $249 dollars as a one-off cost and approx $99 if you choose to renew it annually, priced per server and no user limit, and it is incredibly effective, would that be an interesting idea?

If you like the product and it works happily, apart from not doing what you expect it to, is there an update for it?
0
 

Author Comment

by:mat7355
Comment Utility
Obviously I'd be open to the idea.  However, aside from this recent problem, I have been very happy with Hexamail so far.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Okay - well if you think about straying, then take a look at Vamsoft ORF - www.vamsoft.com.

If you leave the Soft-Fail disabled on your device, then hopefully you will be happier, but I am surprised that the device is seeing a Soft-Fail as my end doesn't, but then they could be querying different things!

Worth a call to the manufacturer to see what they say I think.
0
 

Author Comment

by:mat7355
Comment Utility
I sent in a support ticket.  They are on UK time so I probably wont hear anything until tomorrow.  I'll let you know what they say.

0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Ah - only UK people like me working this late!

Fingers crossed you hear back soon.

Alan
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now