SPF record preventing a user from sending e-mails

Hi

   There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <hbex01.domainname.com #5.5.0 smtp;550 SPF: x.x.x.x is not allowed to send mail from domainname.com>

When I preform the following command in NSLOOKUP

Set type=txt
domainname.com

I get the following

"v=spf1 mx ptr mx:mx.domainname.com mx:mx.domainname.com -all"

I am not sure what the ptr here means (Reversed IP) ?

Now I do not know the Service Provider for this client and obviously I need to change the spf record ...what is the best way or best tool to know where this domain and his mail mx record is registered? What does the ptr means here?

Thanks
M SOSAsked:
Who is Participating?
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
According to the following Postini page:

https://support.google.com/postini/answer/132370?hl=en

SPF outbound:
Setting up SPF DNS entries as follows will minimize non-deliveries through outbound. Use this if you ONLY send your outgoing messages via email security outbound services:


"v=spf1 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:74.125.148.0/22 ip4:74.125.244.0/22 ip4:123.45.6.7 ~all"

Running a test on the test site gives an SPF PASS result using that IP Address.
0
 
Alan HardistyCo-OwnerCommented:
You can go to http://www.whois.com/whois/domainname.com which should tell you where the Nameservers for the domain are located.

You can also visit www.dnsstuff.com and run a domain report (might not be free).

Alan
0
 
M SOSAuthor Commented:
One more question please:

I am right thinking that the SPF record which verify the sender does not match user address?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
M SOSAuthor Commented:
When I go to mxtoolbox.com and run a SPF check I get


Test      Result
OK      SPF Record Deprecated      There are no records of type SPF
OK      SPF Invalid Syntax              The SPF record is valid
OK      SPF No Records                      SPF record found
OK      SPF Multiple Records              Less than two SPF records found

So what could be the problem?
0
 
Alan HardistyCo-OwnerCommented:
An SPF record publishes the mail servers that are permitted to send mail on behalf of a domain, so if someone sends an email, the recipient is able to check the SPF for the sending domain name to verify if the IP Address that the email is coming from is listed as one of the authorised servers to send mail on behalf of that domain.

If the check fails, then the recipient server is able to reject the mail with an SPF Fail result.

You can use the following site to check / verify an SPF record and the sending IP, so that you can get the SPF right.

http://www.kitterman.com/spf/validate.html

It is better to have no SPF record than a badly configured one.

If you want to post / email me the domain name and I can get more specific (I can hide the domain name here if you post it so that it doesn't become public property) / run the cheek for you.

Alan
0
 
davorinCommented:
Here you can see the explanation of usage of spf records:
http://helpwiki.easydns.com/index.php/Sender_Policy_Framework

ptr means that hostname(s) for the client IP address are looked from PTR (or reverse DNS) records.

In short, with SPF record you can specify from which hosts, servers and IP addresses can be sent mails from specified domain.
0
 
Alan HardistyCo-OwnerCommented:
Oh - and by the way - welcome to Experts Exchange.  Hope you find it to be a useful and helpful site :)

Alan
0
 
M SOSAuthor Commented:
Thanks

Here is the test.

SPF record lookup and validation for: domainname.com

SPF records are published in DNS as TXT records.

The TXT records found for your domain are:
v=spf1 mx ptr mx:mx.domainname.com mx:mx.domainname.com -all

Checking to see if there is a valid SPF record.

Found v=spf1 record for domainname.com:
v=spf1 mx ptr mx:mx.domainname.com mx:mx.domainname.com -all

evaluating...
SPF record passed validation test with pySPF (Python SPF library)!

I think he is the only user in his domain that get a rejected message.

Why is that any help please?
0
 
Alan HardistyCo-OwnerCommented:
If the test passes - are you adding in all the correct settings for the particular user?

If you have an Exchange server - is the user configured to use Outlook Anywhere so that emails are actually sent from the server and not Outlook locally or is the user configured using a POP3 account?

Alan
0
 
Alan HardistyCo-OwnerCommented:
In the SPF Test page, enter the IP that failed according to the rejection.  Enter the SPF record into the 2nd field, then the email address in the 3rd and the FQDN on the SEND Connector of your Exchange server and then test.

Does it pass still?
0
 
M SOSAuthor Commented:
Apparently  I cannot test the SPF I am unable to enter the SPF format correctly

mbiguous SPF Ambiguity Warning: No MX records found for mx mechanism: mx.domain.com
0
 
Alan HardistyCo-OwnerCommented:
I hid the domain name you may have inadvertently posted :)

According to the DNS Report I ran on the domain name, you use Google for Mail.

Your SPF record should work with just the following info:

v=spf1 mx ptr -all

Anything else is just a waste of time (not to mention incorrectly configured).
0
 
Alan HardistyCo-OwnerCommented:
You may also want to check with Google that the SPF record you have configured is correct and amend it accordingly.
0
 
M SOSAuthor Commented:
NO I meant to give it to you in my last post
0
 
Alan HardistyCo-OwnerCommented:
Ah - not a problem.  Thank you.  Details all hidden.

The IP Address you posted will fail the SPF check as it isn't a Postini IP Address / isn't included within the scope of the MX part of the SPF record.

Is that the sending IP for all users or just this one problem user?
0
 
M SOSAuthor Commented:
There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <server.domain.com #5.5.0 smtp;550 SPF: 207.xxx.xx.200 is not allowed to send mail from domain.com>

The user gets this msg when he sends an e-mail

I am confused now What should I do?
0
 
Alan HardistyCo-OwnerCommented:
Looks like the control panel for the domain is located here:

http://www.dotster.com

You will need to login (or ask George for details) and then change the SPF record to the one listed above (v=spf1 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:74.125.148.0/22 ip4:74.125.244.0/22 ip4:123.45.6.7 ~all) and the problem should go away.

Do you know if you / George has access to this site to login?

Alan
0
 
M SOSAuthor Commented:
I will check when I get in touch...

Thanks very much for your help .. I will keep you updated.
0
 
M SOSAuthor Commented:
Just a thought though

Why he is the only user in the domain who can not send e-mails?

I think the rest of the users are fine!

Thanks
0
 
M SOSAuthor Commented:
and where did you get these ip addresses from pleas? ip4:64.18.0.0/20 74.125.148.0/22

74.125.244.0/22 ip4:123.45.6.7 ?
0
 
Alan HardistyCo-OwnerCommented:
0
 
Alan HardistyCo-OwnerCommented:
Does he always face the problem or only when at home / away from the office, or is it just certain domains he sends to?
0
All Courses

From novice to tech pro — start learning today.