Can't send email to a couple clients

One of my clients was having a problem sending mail to one domain.
I've been banging my head on this for a couple hours.  Originally it was a dns issue.  I resolved that, but now I'm not really sure what it is.  I think it's a postfix issue.

here is the error message we get

Last Error: 450 4.7.1 <xxxxxx@12thfloor.com.au>: Recipient address rejected: SPF-Result=ceelaw1.ceelaw.com.au: 'SERVFAIL' error on DNS 'SPF' lookup of 'ceelaw1.ceelaw.com.au'

ceelaw1.ceelaw.com.au resolves correctly.

here is our spf record: v=spf1 ip4:220.233.210.46 include:ceelaw1.ceelaw.com.au ~all

The only thing I can think of is that the reverse lookup on 220.233.210.46 is not ceelaw1.ceelaw.com.au, but it's 46.210.233.220.static.exetel.com.au

Hoping someone could help.
LivetechsupportAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LivetechsupportAuthor Commented:
Thanks for the response, but I don't have access to the postfix server, that belongs to the receipient...
Everything is good with our domain other then the reverse DNS..


Mark
0
TheGeezer2010Commented:
The problem is that their Postfix is hard rejecting your messages when it should be soft-rejecting can you suggest the workround to the remote mail admin ?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

LivetechsupportAuthor Commented:
I have sent them an email a few days ago, no response.
I just wanted another set of eyes to look at it in case I was missing something.
I can't believe I'd be the only person with this problem trying to send to them.

Mark
0
TheGeezer2010Commented:
Normally, if your FQDN resolves to your IP specified then it will pass. It is possible however on devices to configure it to ALSO check the reverse IP as per this link :-

https://community.mcafee.com/message/169074

Could you not configure this so that whoever holds your external DNS records could create a PTR record to match the IP for this domain ? Even if it means changing your SPF record to resolve to the 46. IP address ?

Other than that, it is down to the remote messaging admin.
0
DLeaverCommented:
Firstly I would address your SPF record, I'm not going to post the MS link to the SPF wizard as Papertrip will be on my case ;-) ...(although he does have a point)

... But look at this current open question and follow Papertrips instructions here

http://www.experts-exchange.com/Networking/Protocols/DNS/Q_27643172.html

Also change the PTR by contacting your ISP as currently you have their default assigned which is also causing you an issue
0
LivetechsupportAuthor Commented:
I will try and contact the isp to get the ptr record changed.
I did have my ptr record with only the ip address before, I added the include section recently, didn't make a difference.

Thanks for all the help

Mark
0
DrDave242Senior Support EngineerCommented:
You don't need the include mechanism in your SPF record at all if you've only got the one outbound mail server.  That mechanism is for including another domain's SPF entries within yours, and since you've specified a hostname (which does not have its own SPF record) in that mechanism rather than a domain, that may very well be what's causing the problem: it can't look up an SPF record for the domain ceelaw1.ceelaw.com.au, because no such thing exists.

I'd remove include:ceelaw1.ceelaw.com.au from your SPF record entirely and test again.
0
TheGeezer2010Commented:
Good point drDave
0
LivetechsupportAuthor Commented:
I got a response from the mailserver admin that our mail was being rejected because we had an ip address instead of a host name for our name servers.

Hi Mark,
The error is occurring because the NS records for that domain are invalid.



;; QUESTION SECTION:
;ceelaw.com.au.                 IN      NS

;; ANSWER SECTION:
ceelaw.com.au.          86400   IN      NS      27.109.109.107.

;; Query time: 8 msec
;; SERVER: 27.109.109.107#53(27.109.109.107)
;; WHEN: Mon Mar 26 10:46:18 2012
;; MSG SIZE  rcvd: 59


NS records must be domain-names (not IP addresses)

So I'll try and resolved that issue and let you all know how it works out.

Thanks,

Mark
0
PapertripCommented:
While having an IP in the data portion of an NS record is not RFC compliant, it is not the source of this particular problem.

The problem here as previously mentioned is the include mechanism in your SPF record, as there is no SPF record for ceelaw1.ceelaw.com.au.

FYI while having ~all does mean softfail, it does not mean that the receiving server will not ultimately reject the message.  Also a 4xx reply is not a hardbounce but rather a softbounce.

DLeaver and DrDave are correct.

[root@broken ~]# dig txt ceelaw1.ceelaw.com.au

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> txt ceelaw1.ceelaw.com.au
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64950
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ceelaw1.ceelaw.com.au.		IN	TXT

;; AUTHORITY SECTION:
ceelaw.com.au.		10474	IN	SOA	ns1.linode.com. luckystunter.gmail.com. 2012032264 14400 14400 1209600 86400

;; Query time: 1 msec

Open in new window

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.