Solved

SPF error; Remote SMTP Server Returned: 550 [ip] is not allowed to send mail from [domain]

Posted on 2014-01-30
9
9,557 Views
Last Modified: 2014-01-30
The spf record for the domain in question is fully qualified and passes all tests I can find, yet I still get the above error once in a while.  How come?

Here is the full error (with IP):  

Remote SMTP Server Returned: 550 75.98.227.75 is not allowed
to send mail from firesystemspro.com

Can anyone shed some light on this?
0
Comment
Question by:jglazer63
  • 5
  • 4
9 Comments
 
LVL 40

Expert Comment

by:footech
ID: 39822518
None of the records for firesystempro.com, or any of the names used by your MX records resolves to an IP of 75.98.227.75 (only .66, .74, and .76).
So you could either adjust your SPF record to include this IP, or configure your systems so that email won't flow out from that IP.
0
 

Author Comment

by:jglazer63
ID: 39822536
That doesn't make sense.  Here is an MX lookup on firesystemspro.com and that IP is clearly listed.  How did you do your check?  Not to say you're wrong but maybe I have something misconfigured?

firesystemspro.com      MX preference = 31, mail exchanger = mail3.firesystemspro.com
firesystemspro.com      MX preference = 22, mail exchanger = mail.firesystemspro.com
firesystemspro.com      MX preference = 21, mail exchanger = mail2.firesystemspro.com
mail3.firesystemspro.com        internet address = 75.98.227.76
mail.firesystemspro.com internet address = 75.98.227.74
mail2.firesystemspro.com        internet address = 75.98.227.75

I just ran this on mxtoolbox.com with similar results:

http://mxtoolbox.com/SuperTool.aspx?action=mx%3afiresystemspro.com&run=toolpage
0
 

Author Comment

by:jglazer63
ID: 39822571
I notice that you mention .66.  I wonder what server you're hitting for that?  Maybe I have a primary/secondary issue with my dns.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 39822608
When I do a lookup on mail2 I get the following:
Name:    mail2.firesystemspro.com
Addresses:  75.98.227.76
          75.98.227.74

The .66 comes just from looking up firesystemspro.com.
Name:    firesystemspro.com
Address:  75.98.227.66

I did a check with DNSStuff and it shows the same info you posted rather that what is shown by my own nslookup queries.  I'm using Google's DNS servers.  Perhaps there's some bad information there.
0
 

Author Comment

by:jglazer63
ID: 39822619
I just found that ZONE transfers for that domain were not occurring between the secondary and primary so that's probably the issue.  The secondary does not show the IP.  I am forcing an update now so you may have pointed me to the issue.
0
 
LVL 40

Expert Comment

by:footech
ID: 39822628
You could get around this by explicitly including the IPs in your SPF record.
ip4:75.98.227.75     or
ip4:75.98.227.74/30   to include a range.
0
 

Author Comment

by:jglazer63
ID: 39822635
Well I would actually prefer to have the secondary DNS reflect the primary DNS zones as they should.  Now I'm having a problem getting that to happen.  I deleted the secondary zone and re-added it and it won't transfer (windows DNS).  sigh...
0
 

Author Closing Comment

by:jglazer63
ID: 39822675
While the advice wasn't the direct answer, it did lead me to the fact that zone transfers were failing with that domain and correcting that fixed this issue.
0
 
LVL 40

Expert Comment

by:footech
ID: 39822762
Good job getting it resolved.  Looks like Google has the correct info now too.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question