M SOS
asked on
SPF record preventing a user from sending e-mails
Hi
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<hbex01.domainname.com #5.5.0 smtp;550 SPF: x.x.x.x is not allowed to send mail from domainname.com>
When I preform the following command in NSLOOKUP
Set type=txt
domainname.com
I get the following
"v=spf1 mx ptr mx:mx.domainname.com mx:mx.domainname.com -all"
I am not sure what the ptr here means (Reversed IP) ?
Now I do not know the Service Provider for this client and obviously I need to change the spf record ...what is the best way or best tool to know where this domain and his mail mx record is registered? What does the ptr means here?
Thanks
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<hbex01.domainname.com #5.5.0 smtp;550 SPF: x.x.x.x is not allowed to send mail from domainname.com>
When I preform the following command in NSLOOKUP
Set type=txt
domainname.com
I get the following
"v=spf1 mx ptr mx:mx.domainname.com mx:mx.domainname.com -all"
I am not sure what the ptr here means (Reversed IP) ?
Now I do not know the Service Provider for this client and obviously I need to change the spf record ...what is the best way or best tool to know where this domain and his mail mx record is registered? What does the ptr means here?
Thanks
ASKER
One more question please:
I am right thinking that the SPF record which verify the sender does not match user address?
I am right thinking that the SPF record which verify the sender does not match user address?
ASKER
When I go to mxtoolbox.com and run a SPF check I get
Test Result
OK SPF Record Deprecated There are no records of type SPF
OK SPF Invalid Syntax The SPF record is valid
OK SPF No Records SPF record found
OK SPF Multiple Records Less than two SPF records found
So what could be the problem?
Test Result
OK SPF Record Deprecated There are no records of type SPF
OK SPF Invalid Syntax The SPF record is valid
OK SPF No Records SPF record found
OK SPF Multiple Records Less than two SPF records found
So what could be the problem?
An SPF record publishes the mail servers that are permitted to send mail on behalf of a domain, so if someone sends an email, the recipient is able to check the SPF for the sending domain name to verify if the IP Address that the email is coming from is listed as one of the authorised servers to send mail on behalf of that domain.
If the check fails, then the recipient server is able to reject the mail with an SPF Fail result.
You can use the following site to check / verify an SPF record and the sending IP, so that you can get the SPF right.
http://www.kitterman.com/spf/validate.html
It is better to have no SPF record than a badly configured one.
If you want to post / email me the domain name and I can get more specific (I can hide the domain name here if you post it so that it doesn't become public property) / run the cheek for you.
Alan
If the check fails, then the recipient server is able to reject the mail with an SPF Fail result.
You can use the following site to check / verify an SPF record and the sending IP, so that you can get the SPF right.
http://www.kitterman.com/spf/validate.html
It is better to have no SPF record than a badly configured one.
If you want to post / email me the domain name and I can get more specific (I can hide the domain name here if you post it so that it doesn't become public property) / run the cheek for you.
Alan
Here you can see the explanation of usage of spf records:
http://helpwiki.easydns.com/index.php/Sender_Policy_Framework
ptr means that hostname(s) for the client IP address are looked from PTR (or reverse DNS) records.
In short, with SPF record you can specify from which hosts, servers and IP addresses can be sent mails from specified domain.
http://helpwiki.easydns.com/index.php/Sender_Policy_Framework
ptr means that hostname(s) for the client IP address are looked from PTR (or reverse DNS) records.
In short, with SPF record you can specify from which hosts, servers and IP addresses can be sent mails from specified domain.
Oh - and by the way - welcome to Experts Exchange. Hope you find it to be a useful and helpful site :)
Alan
Alan
ASKER
Thanks
Here is the test.
SPF record lookup and validation for: domainname.com
SPF records are published in DNS as TXT records.
The TXT records found for your domain are:
v=spf1 mx ptr mx:mx.domainname.com mx:mx.domainname.com -all
Checking to see if there is a valid SPF record.
Found v=spf1 record for domainname.com:
v=spf1 mx ptr mx:mx.domainname.com mx:mx.domainname.com -all
evaluating...
SPF record passed validation test with pySPF (Python SPF library)!
I think he is the only user in his domain that get a rejected message.
Why is that any help please?
Here is the test.
SPF record lookup and validation for: domainname.com
SPF records are published in DNS as TXT records.
The TXT records found for your domain are:
v=spf1 mx ptr mx:mx.domainname.com mx:mx.domainname.com -all
Checking to see if there is a valid SPF record.
Found v=spf1 record for domainname.com:
v=spf1 mx ptr mx:mx.domainname.com mx:mx.domainname.com -all
evaluating...
SPF record passed validation test with pySPF (Python SPF library)!
I think he is the only user in his domain that get a rejected message.
Why is that any help please?
If the test passes - are you adding in all the correct settings for the particular user?
If you have an Exchange server - is the user configured to use Outlook Anywhere so that emails are actually sent from the server and not Outlook locally or is the user configured using a POP3 account?
Alan
If you have an Exchange server - is the user configured to use Outlook Anywhere so that emails are actually sent from the server and not Outlook locally or is the user configured using a POP3 account?
Alan
In the SPF Test page, enter the IP that failed according to the rejection. Enter the SPF record into the 2nd field, then the email address in the 3rd and the FQDN on the SEND Connector of your Exchange server and then test.
Does it pass still?
Does it pass still?
ASKER
Apparently I cannot test the SPF I am unable to enter the SPF format correctly
mbiguous SPF Ambiguity Warning: No MX records found for mx mechanism: mx.domain.com
mbiguous SPF Ambiguity Warning: No MX records found for mx mechanism: mx.domain.com
I hid the domain name you may have inadvertently posted :)
According to the DNS Report I ran on the domain name, you use Google for Mail.
Your SPF record should work with just the following info:
v=spf1 mx ptr -all
Anything else is just a waste of time (not to mention incorrectly configured).
According to the DNS Report I ran on the domain name, you use Google for Mail.
Your SPF record should work with just the following info:
v=spf1 mx ptr -all
Anything else is just a waste of time (not to mention incorrectly configured).
You may also want to check with Google that the SPF record you have configured is correct and amend it accordingly.
ASKER
NO I meant to give it to you in my last post
Ah - not a problem. Thank you. Details all hidden.
The IP Address you posted will fail the SPF check as it isn't a Postini IP Address / isn't included within the scope of the MX part of the SPF record.
Is that the sending IP for all users or just this one problem user?
The IP Address you posted will fail the SPF check as it isn't a Postini IP Address / isn't included within the scope of the MX part of the SPF record.
Is that the sending IP for all users or just this one problem user?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<server.domain.com #5.5.0 smtp;550 SPF: 207.xxx.xx.200 is not allowed to send mail from domain.com>
The user gets this msg when he sends an e-mail
I am confused now What should I do?
<server.domain.com #5.5.0 smtp;550 SPF: 207.xxx.xx.200 is not allowed to send mail from domain.com>
The user gets this msg when he sends an e-mail
I am confused now What should I do?
Looks like the control panel for the domain is located here:
http://www.dotster.com
You will need to login (or ask George for details) and then change the SPF record to the one listed above (v=spf1 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:74.125.148.0/22 ip4:74.125.244.0/22 ip4:123.45.6.7 ~all) and the problem should go away.
Do you know if you / George has access to this site to login?
Alan
http://www.dotster.com
You will need to login (or ask George for details) and then change the SPF record to the one listed above (v=spf1 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:74.125.148.0/22 ip4:74.125.244.0/22 ip4:123.45.6.7 ~all) and the problem should go away.
Do you know if you / George has access to this site to login?
Alan
ASKER
I will check when I get in touch...
Thanks very much for your help .. I will keep you updated.
Thanks very much for your help .. I will keep you updated.
ASKER
Just a thought though
Why he is the only user in the domain who can not send e-mails?
I think the rest of the users are fine!
Thanks
Why he is the only user in the domain who can not send e-mails?
I think the rest of the users are fine!
Thanks
ASKER
and where did you get these ip addresses from pleas? ip4:64.18.0.0/20 74.125.148.0/22
74.125.244.0/22 ip4:123.45.6.7 ?
74.125.244.0/22 ip4:123.45.6.7 ?
Does he always face the problem or only when at home / away from the office, or is it just certain domains he sends to?
You can also visit www.dnsstuff.com and run a domain report (might not be free).
Alan