• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 424
  • Last Modified:

Mail spf record

How should i correct the atkasgozetim.com server's spf records. it return some errors like

atlasgozetim.com        nameserver = ns4.salay.com.tr
atlasgozetim.com        nameserver = ns1.moviegy.com
atlasgozetim.com        nameserver = ns2.moviegy.com
atlasgozetim.com        nameserver = ns3.salay.com.tr
atlasgozetim.com        text =
 
        "v=spf1 +a +mx -all"
 
ns4.salay.com.tr        internet address = 77.223.156.5
ns3.salay.com.tr        internet address = 77.223.156.4


smtp-20111020-10.log:            20111020 08      :50:44 ---------------- SPF MAIL FROM  check failed (Fail) - message rejected (550), (domain=atlasgozetim.com), (address=77.223.156.17), (user=atlas@atlasgozetim.com)
smtp-20111020-10.log:            20111020 08      :54:02 ---------------- SPF MAIL FROM  check failed (Fail) - message rejected (550), (domain=atlasgozetim.com), (address=77.223.156.17), (user=atlas@atlasgozetim.com)
smtp-20111020-11.log:            20111020 09      :05:49 ---------------- SPF MAIL FROM  check failed (Fail) - message rejected (550), (domain=atlasgozetim.com), (address=77.223.156.17), (user=atlas@atlasgozetim.com)
0
3XLcom
Asked:
3XLcom
  • 4
  • 3
  • 2
2 Solutions
 
John EastonDirectorCommented:
Looking at the error message the e-mail is originating from address 77.223.156.17.  However, the SPF record only allows message to come from the server reference in the 'A' record (probably your ISP's web server, or the servers in your 'MX' record (likely to be your ISP's mail server).

I assume you are therefore sending the message directly from your own mail server.  If this is the case there is a couple of ways to fix this problem.

1. Change the '-all' to '?all' which will tell server mail could come from anywhere.  Some server may still reject this however.

2. Add your mail server to the SPF.  For example "v=spf1 a mx ip4:77.223.156.17 -all"  You can use the tool at Microsoft to customise this if you want:  http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/default.aspx

Hope this helps
0
 
PapertripCommented:
Adding on to what JEaston said,

All you need in your SPF record is the IP(s) of your sending server(s).

If 77.223.156.17 is your only sending IP, then the SPF record should be
"v=spf1 a mx ip4:77.223.156.17 -all"

Open in new window


There is no need to add the "a" or "mx" mechanisms, as they both resolve to the same IP, and that IP is apparently not your sending server.
[root@broken ~]# dig atlasgozetim.com +short
77.223.156.4
[root@broken ~]# dig mx atlasgozetim.com +short
10 mail.atlasgozetim.com.
[root@broken ~]# dig mail.atlasgozetim.com +short
77.223.156.4

Open in new window

0
 
3XLcomAuthor Commented:
i got my mind get complicated


actually this server is under my salay.com.tr domain and ns3.salay.com.tr and ns4.salay.com.tr points this domain .

but i am not sure how they get my
mail.salay.com.tr server's ip adress for spf check.

and i should not understand how to resolve this issue ?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
John EastonDirectorCommented:
None of the domains you have listed appear to resolve to the IP address in your original post (77.223.156.17).  It might be that this server forwards mail to another server which then actually delivers it.  This is likely to be the case if you are generating the e-mails from a website and the mail server is seperate.

Have you tried either the SPF record Papertrip or I suggested.  Did it work or have you got a new error message?
0
 
3XLcomAuthor Commented:
no there is nothing like this the server sending email directly ,


one of my customer got this email from their client and i suprised the only way of 77.223.156.17  is mail.salay.com.tr but there is no connection on dns lines of the server of atlasgozetim.com.


the server's reverse adress is lin.salay.com.tr maybe their mail server is looking for salay.com.tr for mail relay and see this ip :S i do not know but they send me this for information :



Messages sent from @atlasgozetim.com are being rejected as a result of SPF MAIL FROM check failure. Please find our logs below.
 
smtp-20111020-10.log:            20111020 08      :50:44 ---------------- SPF MAIL FROM  check failed (Fail) - message rejected (550), (domain=atlasgozetim.com), (address=77.223.156.17), (user=atlas@atlasgozetim.com)
smtp-20111020-10.log:            20111020 08      :54:02 ---------------- SPF MAIL FROM  check failed (Fail) - message rejected (550), (domain=atlasgozetim.com), (address=77.223.156.17), (user=atlas@atlasgozetim.com)
smtp-20111020-11.log:            20111020 09      :05:49 ---------------- SPF MAIL FROM  check failed (Fail) - message rejected (550), (domain=atlasgozetim.com), (address=77.223.156.17), (user=atlas@atlasgozetim.com)
The domain @atlasgozetim.com has the following SPF record.
 
atlasgozetim.com        text = "v=spf1 +a +mx -all"
However, the messages are being relayed via an unauthorized IP address (77.223.156.17).
 
Could you please inform the responsible admins about this.
 
I trust to have informed you well on this issue.
0
 
PapertripCommented:
Change the SPF record as suggested.
0
 
3XLcomAuthor Commented:
Should you please check if i do the right i have updated dns records and restart the services
0
 
PapertripCommented:
[papertrip@broken ~]$ dig txt atlasgozetim.com +short
"v=spf1 a mx ip4:77.223.156.17 -all"

Open in new window


Technically that is correct, but remove the "a" and "mx" mechanisms as they are unnecessary if you aren't ending from 77.223.156.4 and will only cause additional DNS lookups to be made for each SPF check.
0
 
3XLcomAuthor Commented:
Thnx issue resolved
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now