Solved

SPF error; Remote SMTP Server Returned: 550 [ip] is not allowed to send mail from [domain]

Posted on 2014-01-30
9
9,670 Views
Last Modified: 2014-01-30
The spf record for the domain in question is fully qualified and passes all tests I can find, yet I still get the above error once in a while.  How come?

Here is the full error (with IP):  

Remote SMTP Server Returned: 550 75.98.227.75 is not allowed
to send mail from firesystemspro.com

Can anyone shed some light on this?
0
Comment
Question by:jglazer63
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 40

Expert Comment

by:footech
ID: 39822518
None of the records for firesystempro.com, or any of the names used by your MX records resolves to an IP of 75.98.227.75 (only .66, .74, and .76).
So you could either adjust your SPF record to include this IP, or configure your systems so that email won't flow out from that IP.
0
 

Author Comment

by:jglazer63
ID: 39822536
That doesn't make sense.  Here is an MX lookup on firesystemspro.com and that IP is clearly listed.  How did you do your check?  Not to say you're wrong but maybe I have something misconfigured?

firesystemspro.com      MX preference = 31, mail exchanger = mail3.firesystemspro.com
firesystemspro.com      MX preference = 22, mail exchanger = mail.firesystemspro.com
firesystemspro.com      MX preference = 21, mail exchanger = mail2.firesystemspro.com
mail3.firesystemspro.com        internet address = 75.98.227.76
mail.firesystemspro.com internet address = 75.98.227.74
mail2.firesystemspro.com        internet address = 75.98.227.75

I just ran this on mxtoolbox.com with similar results:

http://mxtoolbox.com/SuperTool.aspx?action=mx%3afiresystemspro.com&run=toolpage
0
 

Author Comment

by:jglazer63
ID: 39822571
I notice that you mention .66.  I wonder what server you're hitting for that?  Maybe I have a primary/secondary issue with my dns.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 39822608
When I do a lookup on mail2 I get the following:
Name:    mail2.firesystemspro.com
Addresses:  75.98.227.76
          75.98.227.74

The .66 comes just from looking up firesystemspro.com.
Name:    firesystemspro.com
Address:  75.98.227.66

I did a check with DNSStuff and it shows the same info you posted rather that what is shown by my own nslookup queries.  I'm using Google's DNS servers.  Perhaps there's some bad information there.
0
 

Author Comment

by:jglazer63
ID: 39822619
I just found that ZONE transfers for that domain were not occurring between the secondary and primary so that's probably the issue.  The secondary does not show the IP.  I am forcing an update now so you may have pointed me to the issue.
0
 
LVL 40

Expert Comment

by:footech
ID: 39822628
You could get around this by explicitly including the IPs in your SPF record.
ip4:75.98.227.75     or
ip4:75.98.227.74/30   to include a range.
0
 

Author Comment

by:jglazer63
ID: 39822635
Well I would actually prefer to have the secondary DNS reflect the primary DNS zones as they should.  Now I'm having a problem getting that to happen.  I deleted the secondary zone and re-added it and it won't transfer (windows DNS).  sigh...
0
 

Author Closing Comment

by:jglazer63
ID: 39822675
While the advice wasn't the direct answer, it did lead me to the fact that zone transfers were failing with that domain and correcting that fixed this issue.
0
 
LVL 40

Expert Comment

by:footech
ID: 39822762
Good job getting it resolved.  Looks like Google has the correct info now too.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New-MailboxSearch Powershell Command and step by step approach to Search and Extract Emails form Exchange 2013 Journaling server.
Easy CSR creation in Exchange 2007,2010 and 2013
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question