• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5712
  • Last Modified:

550 5.7.1 SPF SMTP Sender: Check failed for IP XXX.XX.XX.XX

Hello. First post.  I have taken over Exchange Server administration duties and am admittedly not very savvy on more technical Exchange issues.

I have 20 users and running Exchange SBS 2003.

We are having trouble receiving mail from yahoo.co.jp (Japanese Yahoo)

We do not have an SPF record published and I am using IPCop 1.4.21

We get a bounce message that says:

Connected to XX.XX.XX.XX  (My IP Address) but sender was rejected.
Remote host said: 550 5.7.1 SPF SMTP Sender: check failed for IP 183.79.28.72


= Original message follows.
= ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿
Return-Path:
Received: (qmail 94588 invoked by uid 60001); 15 Mar 2011 13:14:28 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=yj20050223; d=yahoo.co.jp;
h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type;
b=kO5b96YdM4vKtiWtSK/g5gmVvcrfJ7QEgIGN9grE+bNgcwJfD8pUAMl6pMvDnpWOiq3jkHcpSs0pKiLwMKvxdcu+XmWj97yJ5e0/lxkiQgk4+UZYctd27JbY5NBgqEs9 ;
Message-ID: <20110315131428.94586.qmail@web100303.mail.kks.yahoo.co.jp>
Received: from [75.151.xxx.xxx] by web100303.mail.kks.yahoo.co.jp via HTTP; Tue, 15 Mar 2011 22:14:27 JST
Date: Tue, 15 Mar 2011 22:14:27 +0900 (JST)
From: Name Name
To: me@domain.com
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-449086618-1300194867=:91450"

Can someone help me figure out if I am blocking this somehow?  

Thanks
0
mat7355
Asked:
mat7355
  • 19
  • 19
  • 2
  • +2
1 Solution
 
MegaNuk3Commented:
Remote host said: 550 5.7.1 SPF SMTP Sender: check failed for IP 183.79.28.72

What is 183.79.28.72? Your server?
0
 
Old UserCommented:
0
 
mat7355Author Commented:
That is yahoo.co.jp server.

Thanks!
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Alan HardistyCommented:
SPF is used to verify that the sending server is permitted to send mail on behalf of the sending domain, so if SPF is failing on inbound mail, then that is a problem with the sending end, not your end.

You not having an SPF record is not relevant for inbound mail, only outbound mail.
0
 
Alan HardistyCommented:
Checking the ip address against the test at http://www.kitterman.com/spf/validate.html shows the following result:


Input accepted, querying now...


Mail sent from this IP address: 183.79.28.72
Mail from (Sender): administrator@yahoo.co.jp
Mail checked using this SPF policy: v=spf1 include:spf.yahoo.co.jp ~all
Results - PASS sender SPF authorized

Mail sent from: 183.79.28.72
Mail Server HELO/EHLO identity: web100303.mail.kks.yahoo.co.jo

HELO/EHLO Results - none

This suggests that your server is not configured correctly as the test for that IP passes happily!!
0
 
Alan HardistyCommented:
Testing for the other IP address listed in the email headers actually gives a soft-fail result:

Input accepted, querying now...

Mail sent from this IP address: 75.151.xxx.xxx
Mail from (Sender): administrator@yahoo.co.jp
Mail checked using this SPF policy: v=spf1 include:spf.yahoo.co.jp ~all
Results - softfail domain owner discourages use of this host

Mail sent from: 75.151.xxx.xxx
Mail Server HELO/EHLO identity: web100303.mail.kks.yahoo.co.jo

HELO/EHLO Results - none
0
 
mat7355Author Commented:
dperston68,

Sender ID Filtering is set to Accept
In the EMS, -->Default SMTP Virtual Server Properties -->Advanced --> APPLY RECIPIENT FILTER is the only option checked.

Does that answer your question?
0
 
mat7355Author Commented:
So alan, what does that mean?  
0
 
Alan HardistyCommented:
Well - it depends on the connecting IP address.  From the rejection message you get one IP, from the header you get another.

The IP 75.151.xxx.xxx is a comcast IP address and thus won't be permitted to be sending as yahoo.co.jp but the other IP is 183.79.28.72 and that is a yahoo.co.jp address and is the yahoo server.

So it looks like your server is checking the originating IP address and not the connecting IP address, thus the check will fail.

Do you have any settings you can change for your SPF software?
0
 
mat7355Author Commented:
to be honest....  I dont know.  any ideas?
0
 
Alan HardistyCommented:
Is IP Cop your anti spam software?
0
 
mat7355Author Commented:
yes....mail coming in to my office goes to IP Cop and then is sent to exchange for distribution
0
 
Alan HardistyCommented:
What happens to your mail and why is yahoo.co.jp doing in the mail-flow?  Do they receive your mail, filter it and pass it on?

I don't see the sender email via yahoo.co.jp to send you mail unless you have a yahoo.co.jp email address!
0
 
mat7355Author Commented:
I am trying to receive email from several people who are in Japan.  Their mail gets returned to them undelivered with the message above.  

My company does lots of business with people in Japan.

Most of the time, when I try to send mail to them, I get a delay and then a failure notice.
0
 
Syngin9Commented:
Hmm, this wouldn't happen to have anything to do with the tsunami and earth quake would it?

Just a thought.

 It looks like your server is rejecting email from them based on a failed SPF lookup for their domain.

An SPF lookup on their domain reveals that they don't have an SPF record? This is strange due to the size of the company.  Maybe they have a DNS server cluster down?

Your server shouldn't be set to reject based on a soft fail SPF check, only hard fails.
0
 
mat7355Author Commented:
no, this began well before the tsunami.  

If sender id validation fails, my exchange server is set to accept. I do not have an spf record but yahoo.co.jp does.
0
 
Alan HardistyCommented:
Is the 75.151.xxx.xxx IP your server's IP address?

Please post your domain name / IP address (which I will obscure), as without this info, it is going to be difficult to provide a sensible answer for you.

Alan
0
 
Syngin9Commented:
Can you post the SPF record you see for yahoo.co.jp? A lookup on my end doesn't turn up an SPF record.

Also, Sender ID and SPF aren't the same thing:

http://www.openspf.org/SPF_vs_Sender_ID
0
 
Alan HardistyCommented:
If you are not comfortable posting here- my contact details are in my profile.

Alan
0
 
mat7355Author Commented:
From http://www.kitterman.com/spf/validate.html 

SPF records are primarily published in DNS as TXT records.

The TXT records found for your domain are:
v=spf1 include:spf.yahoo.co.jp ~all


SPF records should also be published in DNS as type SPF records.

No type SPF records found.

Checking to see if there is a valid SPF record.

Found v=spf1 record for yahoo.co.jp:
v=spf1 include:spf.yahoo.co.jp ~all

evaluating...
SPF record passed validation test with pySPF (Python SPF library)!
0
 
mat7355Author Commented:
Thanks!  Very cool.  :-)
0
 
Alan HardistyCommented:
Okay - your question says we are having problems receiving, yet you post a bounce message, suggesting you are having problems sending.

Which is it?  Sending or receiving?

Assuming it is sending, do you send mail via your ISP directly as a smarthost, or do you use DNS to send directly?
0
 
mat7355Author Commented:
in this case, the bounce you see was sent to me at my personal address from the person in Japan who recieved it.

So it went like this.  They tried to send me an email to my normal email/domain.  It came back to them undeliverable.  I asked them to send the undeliverable message to me at my personal gmail addy.

That message is the one i posted above.
0
 
mat7355Author Commented:
sorry i wasnt more clear on that in my OP
0
 
Alan HardistyCommented:
Not a problem.

Not getting any bright ideas here!

Can you ask them to send me an email to alan @ it-eye.co.uk please - I'll see what my server makes of them.

Thanks

Alan
0
 
mat7355Author Commented:
yes, i can do that, but it wont happen until in the morning...thanks for all your help.  I am not the dullest knife in the drawer but today it sure feels like it.  :-)
0
 
Alan HardistyCommented:
No problems - just let me know when they have tried and if it doesn't make it, I can check my anti-spam logs for the reason why.
0
 
Alan HardistyCommented:
I spent several hours yesterday moving a telephone line for a customer and every time I tested the line with their phone, I got nothing but a beep from the phone - no dial-tone.  After 2 hours of getting nowhere, I put everything back to how it was and tested again - same problem.

So I asked the customer if their phone worked and they then advised me that they had two cordless handsets and one didn't work - the one I had!  I tried the other and that worked instantly.   5 minutes later the line was moved and working :D

I have asked them to throw away the faulty handset!!!

0
 
mat7355Author Commented:
haha!!  nice!
0
 
mat7355Author Commented:
Good morning.  you should have an email from my contact in Japan. :-)

She sent me another undeliverable notice that she got trying to send to another user on my domain.

MAILER-DAEMON@yahoo.co.jp <MAILER-DAEMON@yahoo.co.jp> wrote:


Date:2011/3/15, Tue 10:31
From:MAILER-DAEMON@yahoo.co.jp <MAILER-DAEMON@yahoo.co.jp>
Subject:failure delivery
To:shimacchi_tiny@yahoo.co.jp



Message from  yahoo.co.jp.
Unable to deliver message to the following address(es).

======================================================================
¿¿¿¿¿¿¿¿Yahoo!¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿
¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿
======================================================================

¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿
¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿

= ¿¿¿¿¿¿¿¿

<name@mydomain.com>:

Connected to 75.XXX.XX.XX but sender was rejected.

Remote host said: 550 5.7.1 SPF SMTP Sender: check failed for IP 183.79.28.80

<adifferentname@mydomain.com>:

Connected to 75.XXX.XX.XX but sender was rejected.

Remote host said: 550 5.7.1 SPF SMTP Sender: check failed for IP 183.79.28.80



= Original message follows.
= ¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿

Return-Path: <japanuser@yahoo.co.jp>
Received: (qmail 39250 invoked by uid 60001); 15 Mar 2011 15:31:19 -0000

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=yj20050223; d=yahoo.co.jp;

h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=sYguH4dKalQ9tSZ7kE6TGWN2mjEaYyIx5V08Yy5d2e4sz7N7zcUfVlp9E/X2dYgsh6VcrnIf+NXDq2W4PTlk9X+lIcTwpKvfbS6W785zps/fuNQ/TXRW5JEjzBPKWv3N  ;
Message-ID: <20110315153119.39248.qmail@web100311.mail.kks.yahoo.co.jp>
X-YMail-OSG: cdhMsbsVM1mobpHHqMT5syUFSLST48F6yeV_RkzRObk_jmjmgiPAV.BR_JAgK4SUf3SAY5TrThQcwx.565v5xt9J9nITmNNimRK2O4M9MFNljzc1OIq.mXz97A_wuaNl8jEuCaU6etMzaex8tqZARQkdgiyQSGd6E0i6rnh_LZELfkw.ctIaqy_DCOK4Pi6FF3MSSJ1QMMmOfswKLGTRr8GCuyNIhgWhL4BqkcO5FwU1pz67ZzS254s-
Received: from [75.XXX.XX.XX] by web100311.mail.kks.yahoo.co.jp via HTTP; Wed, 16 Mar 2011 00:31:19 JST
X-Mailer: YahooMailWebService/0.7.289.12_30
Date: Wed, 16 Mar 2011 00:31:19 +0900 (JST)
From: Name<japanuser@yahoo.co.jp>
Subject: test
To: name@mydomain.com,
=?iso-2022-jp?B?GyRCJC0kaCRfJDUkcyEhMnE8UhsoQg==?= <anothername@mydomain.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1495250978-1300203079=:35866"

--0-1495250978-1300203079=:35866

Content-Type: text/plain; charset=iso-2022-jp


¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿~¿

¿¿¿
--0-1495250978-1300203079=:35866

Content-Type: text/html; charset=iso-2022-jp


<div>¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿¿~¿</div>
<div>&nbsp;</div>
<div>¿¿¿</div>
--0-1495250978-1300203079=:35866--
0
 
Alan HardistyCommented:
I have received an email from a Japanese sounding person, so that would suggest that all is well with the SPF record, but I am out and about fixing a customer's server so can't check my server, but will do when I am finished and will report back.

Sounds like your Anti-Spam software is not configured correctly.
0
 
mat7355Author Commented:
OK...here's where I am now.

I found a setting in my anti-spam software.  (Hexamail Guard) Sender Policy checking was enabled and soft fail was set to reject and fail is set to reject.

The other options I have are block and accept.  I set it to accept the soft fails and the email came through!

The whole time I thought Exchange was the problem!

Thanks so much.  Any additional comments ideas are welcome!
0
 
Alan HardistyCommented:
I reject on soft-fail too, so it seems your software is possibly reading the SPF record incorrectly, or is a little bit harsher in applying the policy!
0
 
Alan HardistyCommented:
Having checked my server - the email sailed straight through with no errors and no issue with the SPF, even with soft-fail enabled, so it seems your software is doing something different to mine only I don't know what as I don't know the software.
0
 
mat7355Author Commented:
Yes for some reason, HEXAMAIL GUARD is giving it a soft fail.  I am not sure either about why.  I set it to Allow soft fail.  Do you think thats a bad idea?  We get A LOT of spam.
0
 
Alan HardistyCommented:
Well - from a soft-fail / anti-spam perspective, that is exactly what I do with soft-fails, but from the perspective of is it working properly, then that's a different matter.

How happy are you with the Hexamail Guard and how much does it cost you?
0
 
mat7355Author Commented:
I am very happy with it.  Our company advertises the email address of our staff so we recieve TONS of viagra, rolex, russian wife spam.

The cost is about 650 for 50 user licenses.  Not too bad considering the time saved.
0
 
Alan HardistyCommented:
Okay - if you could replace it with a piece of software that cost $249 dollars as a one-off cost and approx $99 if you choose to renew it annually, priced per server and no user limit, and it is incredibly effective, would that be an interesting idea?

If you like the product and it works happily, apart from not doing what you expect it to, is there an update for it?
0
 
mat7355Author Commented:
Obviously I'd be open to the idea.  However, aside from this recent problem, I have been very happy with Hexamail so far.
0
 
Alan HardistyCommented:
Okay - well if you think about straying, then take a look at Vamsoft ORF - www.vamsoft.com.

If you leave the Soft-Fail disabled on your device, then hopefully you will be happier, but I am surprised that the device is seeing a Soft-Fail as my end doesn't, but then they could be querying different things!

Worth a call to the manufacturer to see what they say I think.
0
 
mat7355Author Commented:
I sent in a support ticket.  They are on UK time so I probably wont hear anything until tomorrow.  I'll let you know what they say.

0
 
Alan HardistyCommented:
Ah - only UK people like me working this late!

Fingers crossed you hear back soon.

Alan
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 19
  • 19
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now