Cannot send to btinternet addresses from Exchange 2010

Are you able to resolve the mx record of the btinternet.
Enable logs on send connector and check the log.
Check if your domain have a reverse dns record created.

use your ISP's smarthost.

Check your SPF record as well if it contains your newly added server or not.

Add this new server in Source Server tab in send connector and check.

Please also make an attempt to send email using telnet command from problem server and share the the result.

Diwakar

I am working my way through Alan's document and have now configured reverse DNS (as also suggested by R--R) and I thought that had sorted it as I was able to send to my test btinternet address. However, it seems that there are other addresses that are still rejected (not BT this time - it looks like I was not given the full story at the outset). The latest problem email was sent and then some hours later, a non-delivery report was received but it was still received a little while later.
Almost everything has now checked out except the spf record. When I run the Beveridge Hosting - SPF Test from http://tools.bevhost.com/spf/ and enter the Sender IP Address, Sender Email Address and Senders Computer Name the Senders Computer Name says "Unable to resolve <myservername> in the DNS". The DNS does have the correct entry for the server and when I ping it from a command prompt it responds (albeit with the IPv6 address).

If you want, fire an email to testmail @ sohomail.co.uk and I'll see what my Anti-Spam makes of your email, assuming it gets through my defences!!

Let me know if you send one and I'll keep an eye out for it.

Alan

Test email on its way.

Thanks.

Blacklisted by the SPF Test (sender forged per policy of "yourdomain.com", SPF result: SoftFail).

So - looks like your SPF record is tripping you up.  I'll have a look see why.

Alan

Mail sent from this IP address: 82.xxx.xxx.209
Mail from (Sender): you@yourdomain.com
Mail checked using this SPF policy: v=spf1 ~all
Results - softfail domain owner discourages use of this host

You need to amend your SPF record!!

This would make your SPF pass:

v=spf1 mx ~all

So I create a DNS TXT record with this as the Text?

Type=TXT Record=(v=spf1 mx ~all)

As you may have guessed, spf records are new to me

Yes - you already have an SPF record set, it just needs the MX bit adding to it.

Don't add the Brackets though.

I can't see a TXT record anywhere I'm afraid

Are you amending them at freeola.net?

no, locally on my server

You need to login to your Domain's Control Panel with Freeola.net and amend it there.  It's not going to be any help on your own DNS server.  Has to be done externally.

Alan

The domain name is registered with freeola.net but the broadband is provided by Eclipse and it's with Eclipse that I've set rDNS. Should it therefore be Eclipse where I set the spf record?

No - you need to add that via your Domain's DNS records, which appear to be with Freeola.net.

Do you have login / password details for them?

Yes, I think so. Just digging around for the login details now.

Okay - when you have added the record, let me know and I'll check if it can be seen.

Once it can be, try sending another test email over and see if you get another rejection or if it passes.

Got myself logged into freeola and found the bit to update the spf record.
When I type "v=spf1 mx ~all" it says it's invalid.

Just type:

v=spf1 mx ~all

Nothing more.

If you are and it doesn't like it, there is nothing wrong with it, so kick Freeola's butt in the morning.

Yes, that's what I'm entering so it's butt kicking time in the morning. Thanks

Seems Freeola do it a special way. This is the text of the option to amend the spf record...

"Create/Change SPF Records (Advanced)
 
SPF records are used in an effort to identify spam mail by specifying mail servers which are allowed to send mail from your domain name. Although SPF records are written as a TXT record, our systems are set to create them seperately to ensure all mail sent via Freeola services is sent correctly, so this option must be used. "

Alternatively try this:

v=spf1 ip4:82.xxx.xxx.209 ~all

Change the xxx.xxx bit to reflect the rest of your IP Address.

It doesn't like that either. Just in case it's of use, this is the blurb they have for the screen. I realise it's what you already know but I've just included it in case it has some clue as to what they're doing differently to the norm.

"Below you can specify additional mail servers which you send mail from. Although SPF records are not required, checking SPF records is becoming an increasingly popular way to filter mail.

All Freeola domain names will already have SPF records set up for our SMTP servers (smtp.freeola.net and smtp-auth.freeola.net), as such you do not need to enter records for these below.

Most ISP's will provide you with an SPF record that looks like the following:

v=spf1 a:smtp-auth.freeola.net ~all
For this record, you would need to enter 'smtp-auth.freeola.net' as the value, select 'A' as the record type and select 'Softfail (~)' as the default action for unmatched domains.

Another example:

v=spf1 include:_spf.google.com ~all
For this record you would provide '_spf.google.com' as the record's value, select 'Include' as the record type and select 'Softfail (~)' again as the default action for unmatched domains.
"

So try selecting IP4 as the type and your IP as the value and Softfail.

See if it likes that.

I'm lights out now, so if not, talk to them in the morning and I'm around all day UK time.

Alan

I think I've just got it. It's a special freeola thing. I just entered the value I set for my reverse DNS entry. So instead of entering v=spf1 mx ~all, I entered mx-delivery11.<mydomain.com> and it's taken it.
Hopefully that's correct.

Our posts have just crossed. Maybe speak tomorrow. Cheers

Yep - that worked and I get the following:

Mail sent from this IP address: 82.xxx.xxx.209
Mail from (Sender): you@yourdomain.com
Mail checked using this SPF policy: v=spf1 a:mx-delivery11.yourdomain.com ~all
Results - PASS sender SPF authorized

I'm using the following site to test this by the way:

http://www.kitterman.com/spf/validate.html

Try another test email now to BT or another one that fails and to my test address and see what happens.

Alan

I've sent a test email to your test address Alan but unable to send to one that normally fails because they are customers of the company so I'll need to wait until later when the boss returns so he can send a test to a chosen friendly contact.

Ah - understood!

Checking my anti-spam logs.  BRB

Nothing yet.

All gone quiet from the problem email server so I guess no news is good news. Just pinged an email asking for an update.

Fingers crossed ;)

I got an update this afternoon and the news is good. There have been no rejections since I made the changes. I think we'll call this fixed.

An excellent document which included the fix for the problem. Being new to spf records I was a little confused as to where to apply the DNS change so perhaps this could be clarified in the document just to help those like me. As usual EE saved the day. Particular thanks to Alan Hardisty.
Cheers

Glad the problem is resolved and thanks for your comments.

I'll see if I can amend my article to make it clearer.

Best wishes

Alan

P.S.  Don't forget to update your SPF record if you make any changes to your IP / server etc.  Better not to have an SPF record, than to have an incorrect one too!!

FYI - article amended and some extra bonus material added!!

Hopefully it makes it a bit clearer.

Alan ;)