Solved

sbs 2011/Exchange 2010 e-mails being flagged as Spam

Posted on 2014-02-14
17
1,205 Views
Last Modified: 2014-02-17
Up until 1 day ago we had no problems sending out e-mail via our sbs 2011. Since then recipients have called and stated that they are not receiving our e-mails. Not everyone here is receiving "NDRs". I have checked the following:

Public IP address on any blacklists - No (MXtoolbox.com)
Exchange is not an open relay - (Mxtoolbox.com)

I was finally able to get a NDR from one of the users:

From: Microsoft Outlook
Sent: Friday, February 14, 2014 4:21 AM
To: user@somecompany.com; user@somecompnay.com
Subject: Undeliverable: TEST after Reboot
p3plibsmtp01-05.prod.phx3.secureserver.net rejected your message to the following e-mail addresses:
user@somecompnay.com (user@somecompnay.com)
p3plibsmtp01-05.prod.phx3.secureserver.net gave this error:
S9Mu1n00R4XxHTV019Mvce IB212 msg rejected as spam
There's a problem with the recipient's mailbox. Please try resending the message. If the problem continues, please contact your helpdesk.
user@somecompnay.com (user@somecompnay.com)
p3plibsmtp01-05.prod.phx3.secureserver.net gave this error:
S9Mu1n00R4XxHTV019Mvce IB212 msg rejected as spam
There's a problem with the recipient's mailbox. Please try resending the message. If the problem continues, please contact your helpdesk.
Diagnostic information for administrators:
Generating server: SERVER.domain.local
user@somecompnay.com p3plibsmtp01-05.prod.phx3.secureserver.net #552 5.2.0 S9Mu1n00R4XxHTV019Mvce IB212 msg rejected as spam ##
user@somecompnay.com
p3plibsmtp01-05.prod.phx3.secureserver.net #552 5.2.0 S9Mu1n00R4XxHTV019Mvce IB212 msg rejected as spam ##
Original message headers:
Received: from SERVER.domain.local ([fe80::9c28:d33:39b1:705]) by
 SERVER.domain.local ([fe80::9c28:d33:39b1:705%11]) with mapi id
 14.01.0438.000; Fri, 14 Feb 2014 04:21:45 -0500
From: some user < user@somecompnay.com >
To: " user@somecompnay.com " < user@somecompnay.com >
CC: " user@somecompnay.com " < user@somecompnay.com >
Subject: TEST after Reboot
Thread-Topic: TEST after Reboot
Thread-Index: Ac8pZi1xcGSaJOOcSgayLC0MF/nwjg==
Date: Fri, 14 Feb 2014 09:21:44 +0000
Message-ID: <43D021F9200BB6489D68A4E71CD729849AB1FF@SERVER.stpeterdeland.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [72.188.1.0]
Content-Type: multipart/alternative;
      boundary="_000_43D021F9200BB6489D68A4E71CD729849AB1FFSERVERstpeterdela_"
MIME-Version: 1.0
0
Comment
Question by:flteng562
  • 8
  • 8
17 Comments
 
LVL 13

Expert Comment

by:Michael Machie
ID: 39860405
p3plibsmtp01-05.prod.phx3.secureserver.net rejected your message to the following e-mail addresses:
user@somecompnay.com (user@somecompnay.com)
p3plibsmtp01-05.prod.phx3.secureserver.net gave this error:
S9Mu1n00R4XxHTV019Mvce IB212 msg rejected as spam
There's a problem with the recipient's mailbox. Please try resending the message. If the problem continues, please contact your helpdesk.

I would start there..
Does this occur with ALL emails being sent or just to this one recipient? The message states it is a problem with their mailbox, not anything with your server.
0
 

Author Comment

by:flteng562
ID: 39860464
Hi Machienet,

The e-mails are not getting through on several domains. I logged into one of the senders email accounts and sent a test e-mail to me at my company domain e-mail address that is when I got the above error information.

Regards,

Frank
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39861020
You will definitely get these type messages (especially from secureserver.net which is GoDaddy) if you don't have a valid SPF record for your domain.

This will help you to create it:
https://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Then add it to your public DNS for your domain.

It would also help if you had a PTR (Reverse DNS entry) that matches your domain name.  More than likely your PTR is some generic one created by your ISP.  Check with your ISP to see if they will provide a custom one and then set it as the hostname of your server (ie, mail.yourdomain.com) used in your MX records.

Jeff
0
 

Author Comment

by:flteng562
ID: 39861067
Hi Jeff,

I have generated the "SPF" record via the link you provided. It was then entered as a txt file. I did notice that it has quotes on each end. Will this create any problems?. I double checked the copied string in notepad and that did not have quotes on either end of the string. We are using ATT Webhosting. After saving changes that is when the "quotes" appeared.

Regards,

Frank
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39861193
Verify your SPF using http://mxtoolbox.com/spf.aspx
0
 

Author Comment

by:flteng562
ID: 39861770
Hi Jeffery,

I created the SPF record and entered it as "txt" in my hosts DNS Manger:

v=spf1 a mx ip4:149.115.20.189 mx:server512.appriver.com mx:server513.appriver.com ~all

Then for domain entry I used the clients: somecompany.com

We are using "Appriver" for offsight e-mail spam filtering.

I tried the SPF verifyer but it came back as "SPF is not valid"

Is the record itself correct?

Regards,

Frank
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39862286
Are you sending OUTBOUND through AppRiver?  If so, then you need to follow their instructions for your SPF:  https://support.appriver.com/KB/a253/spf-record-setup-for-appriver-hosted-services.aspx

But if you are NOT sending outbound through their service your SPF shouldn't include them.  

And by the looks of the NDR you posted originally you are NOT sending outbound through them.

Jeff
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39862289
Also...

"Then for domain entry I used the clients: somecompany.com"

What do you mean by this?  The domain entry should be your own!
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 

Author Comment

by:flteng562
ID: 39862499
Hi Jeffery,

We are using AppRiver.com for inbound spam filtering.

As for the domain entry it is actually: "stpeterdeland.org"
0
 

Author Comment

by:flteng562
ID: 39862534
Update,

I just performed a "unblock request" from Godaddy  using our public IP - 65.34.20.210.

The response back was it was not being blocked
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39862552
So, I'm not sure what you entered on your public DNS, but it still doesn't show an SPF record at all.  This is what you need to enter for it:

v=spf1 ptr:se.biz.rr.com ip4:65.34.20.210 ~all

If there is a box for "hostname" you can enter a @ in it (which = "all")

There should NOT be any quotes around the main entry though.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39862555
Also, I ran a test at Microsoft's Test Connectivity and it shows as well that the only thing you are missing is a valid SPF record.  See the attached.
Microsoft-Remote-Connectivity-An.pdf
0
 

Author Comment

by:flteng562
ID: 39862676
Hi Jeffery,

I attempted to change the SPF file but and error message appeared stating that "Value of TXT record should be taken in quotes. For example "value=value of TXT record".

I have attached a word document with a screen shot of the ATT DNS Manager screen.

Frank
SPF.docx
0
 

Author Comment

by:flteng562
ID: 39862755
Update,

I went ahead and added the SPF record with the required double quotes as per ATT. Also added the "@" symbol in the name column.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39863648
And it looks like you now have a functional SPF Record:
SPF @ MXToolbox
Jeff
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 39863661
And a successful Connectivity Test for outbound SMTP!

Connectivity Test
Congratulations!

Hopefully now your mail will get delivered without a problem.

Jeff
0
 

Author Closing Comment

by:flteng562
ID: 39864201
Hi Jeff,

Thanks for all of your help with this. Strange that thes erver has been running with no problems for 1.5 years without the SPF record then all of sudden this problem occurs.

I suspect that "SecureServer.net" probably made some tweak and that sent us into Spam Land.

Anyways, thanks again,

Frank
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now