Solved

SPF error; Remote SMTP Server Returned: 550 [ip] is not allowed to send mail from [domain]

Posted on 2014-01-30
9
9,221 Views
Last Modified: 2014-01-30
The spf record for the domain in question is fully qualified and passes all tests I can find, yet I still get the above error once in a while.  How come?

Here is the full error (with IP):  

Remote SMTP Server Returned: 550 75.98.227.75 is not allowed
to send mail from firesystemspro.com

Can anyone shed some light on this?
0
Comment
Question by:jglazer63
  • 5
  • 4
9 Comments
 
LVL 39

Expert Comment

by:footech
ID: 39822518
None of the records for firesystempro.com, or any of the names used by your MX records resolves to an IP of 75.98.227.75 (only .66, .74, and .76).
So you could either adjust your SPF record to include this IP, or configure your systems so that email won't flow out from that IP.
0
 

Author Comment

by:jglazer63
ID: 39822536
That doesn't make sense.  Here is an MX lookup on firesystemspro.com and that IP is clearly listed.  How did you do your check?  Not to say you're wrong but maybe I have something misconfigured?

firesystemspro.com      MX preference = 31, mail exchanger = mail3.firesystemspro.com
firesystemspro.com      MX preference = 22, mail exchanger = mail.firesystemspro.com
firesystemspro.com      MX preference = 21, mail exchanger = mail2.firesystemspro.com
mail3.firesystemspro.com        internet address = 75.98.227.76
mail.firesystemspro.com internet address = 75.98.227.74
mail2.firesystemspro.com        internet address = 75.98.227.75

I just ran this on mxtoolbox.com with similar results:

http://mxtoolbox.com/SuperTool.aspx?action=mx%3afiresystemspro.com&run=toolpage
0
 

Author Comment

by:jglazer63
ID: 39822571
I notice that you mention .66.  I wonder what server you're hitting for that?  Maybe I have a primary/secondary issue with my dns.
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 39822608
When I do a lookup on mail2 I get the following:
Name:    mail2.firesystemspro.com
Addresses:  75.98.227.76
          75.98.227.74

The .66 comes just from looking up firesystemspro.com.
Name:    firesystemspro.com
Address:  75.98.227.66

I did a check with DNSStuff and it shows the same info you posted rather that what is shown by my own nslookup queries.  I'm using Google's DNS servers.  Perhaps there's some bad information there.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:jglazer63
ID: 39822619
I just found that ZONE transfers for that domain were not occurring between the secondary and primary so that's probably the issue.  The secondary does not show the IP.  I am forcing an update now so you may have pointed me to the issue.
0
 
LVL 39

Expert Comment

by:footech
ID: 39822628
You could get around this by explicitly including the IPs in your SPF record.
ip4:75.98.227.75     or
ip4:75.98.227.74/30   to include a range.
0
 

Author Comment

by:jglazer63
ID: 39822635
Well I would actually prefer to have the secondary DNS reflect the primary DNS zones as they should.  Now I'm having a problem getting that to happen.  I deleted the secondary zone and re-added it and it won't transfer (windows DNS).  sigh...
0
 

Author Closing Comment

by:jglazer63
ID: 39822675
While the advice wasn't the direct answer, it did lead me to the fact that zone transfers were failing with that domain and correcting that fixed this issue.
0
 
LVL 39

Expert Comment

by:footech
ID: 39822762
Good job getting it resolved.  Looks like Google has the correct info now too.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
We cannot find the source of the spam emails on our Debian 7 server 10 122
Can't connect to LDAP over SSL (port 636) 6 64
Clearing router cache 12 41
VMware 6.0 3 26
MS outlook is a premier email client that enable you to send and receive the e-mails with various file formats of attachments such as document files, media file, and many others formats. There is some scenario occurs when a receiver of an e-mail mes…
Resolve DNS query failed errors for Exchange
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now