troubleshooting Question

Help me understand (and fix) why Sender ID filtering blocks some emails and not others.

Avatar of SINC_dmack
SINC_dmack asked on
Exchange
12 Comments2 Solutions587 ViewsLast Modified:
We manage multiple Exchange '10 and '13 servers for various clients.  These are all small (50 users or less) sites, each with a single Exchange server.  A problem that's been cropping up recently is that some servers have problems emailing other servers, and the NDRs indicate:

mail.domain.com #550 5.7.1 Sender ID (PRA) Not Permitted ##

It's clearly Sender ID filtering that's blocking the emails.  Further down in the NDR, I see the following:

Received: from localservername.localdomain.local ([192.168.1.1]) by
 localservername.localdomain.local ([192.168.1.1]) with mapi id
 14.02.0387.000; Wed, 13 Aug 2014 08:05:49 -0500

It appears that the sending server is reporting its local FQDN and IP address, rather than its internet FQDN and IP address.  

Each of the clients have the following internet domain control panel DNS settings:
MX - mail.domain.com
SPF - v=spf1 a mx -all

The especially odd thing is that this is sporadic.  For example, if user@domain1.com sends 5 emails to user@domain2.com, one or two of them might be NDRed and the rest might go through.   The emails that go through indicate:

Received: from mail.domain.com ([public IP address]) by
 mail.domain.com ([public IP address]) with mapi id
 14.02.0387.000; Wed, 13 Aug 2014 08:05:49 -0500

Apparently, the sending mail server SOMETIMES reports its internet FQDN and IP address, and other times it reports its internal FQDN and IP address.  

(What is additionally frustrating is that Sender ID filtering isn't catching obvious fakes--for example, user1@domain.com might receive spam from user1@domain.com, when the email tags indicate that the email came from a server IP address that's clearly not associated with that domain in the SPF record.  That, however is a side issue--legitimate emails being blocked as spam is much worse than a few extra spam making it past the filter.)

This problem seems to have arisen over the past few weeks or so, but searching Google for "mail.domain.com #550 5.7.1 Sender ID (PRA) Not Permitted ##" and limiting it to the last year hasn't turned up anything helpful.  

My primary question is either why Exchange is sometimes reporting its internal FQDN and IP address, or why Sender ID sometimes NDRs emails from a particular server, but other times will allow them with no problems?  And, more importantly, how to fix that?

Secondary is why does Sender ID sometimes allow emails that should blatantly fail?
ASKER CERTIFIED SOLUTION
SINC_dmack

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 2 Answers and 12 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 12 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros