Ben Hart
asked on
Exchange 2010, 450 Sender SPF Temporary Error
I had an outside client report that our emails to them were being delayed by up to 8 hours. I went looking and right off the bat, in the queue viewer I see an entry for their domain with 26 messages backed up.
All messages have the same Last Error:
450 [XXXX random ACSII characters] sender <user@mydomain.org> SPF Temporary Error
I have googled far and wide and cannot find a resolution for this. I've checked my own SPF on MXToolbox.com and it reads as good. I checked the destinations's SPF record, it was good too.
I checked the transport log and did not have an entry for these backed up messages so I am unsure of where to look next.
All messages have the same Last Error:
450 [XXXX random ACSII characters] sender <user@mydomain.org> SPF Temporary Error
I have googled far and wide and cannot find a resolution for this. I've checked my own SPF on MXToolbox.com and it reads as good. I checked the destinations's SPF record, it was good too.
I checked the transport log and did not have an entry for these backed up messages so I am unsure of where to look next.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So it looks like the problem is on their end.
ASKER
I was unsure about whose end it's on since it specifies the sender SPF.. which I am the sender.
ASKER
So how could one resolve this issue, like if this was happened on my end? MXToolbox says their SPF record is valid, could they have maybe incorrect SPF check settings? Maybe a weird SenderID filter?
I need to be able to give them direction to support the claim that it's on their end if at all possible.
I need to be able to give them direction to support the claim that it's on their end if at all possible.
ASKER
Anyone?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is your SPF record valid? The error you got from the EHLO Telnet session shows that this might not be the case, so I would recommend reviewing your SPF to make sure that it is 100% valid.
ASKER
This particular destination domain is the only one that gives this error that's been reported. MXToolbox says my SPF is valid, and I won;t be like other people and say nothing on my end has been changed.
On Tuesday of last week I added an SPF entry for a hybrid Office365 deployment.
My current (and for the last 5 years) SPF record:
"v=spf mx a:internetmail.unifiedbran ds.net ?all"
On Tuesday I left that line alone and added:
"v=spf1 includes:spf.protection.ou tlook.com -all"
Now on Friday I removed that latter line, restarted BIND And up until 5 hours later the problem was still occurring.
Testing it with Telnet this morning the results are different. The error no longer occurs so... to my understanding a domain can have multiple SPF records... and since the sending address was unifiedbrands.net and not something.something.outloo k.com I'd believe that the outlook SPF should not have had a dog in that fight.
Can anyone explain where the break down was?
Also for the record, we only have the one Barracuda spam filter and it does not scan outgoing items.
And only the 1 Exchange 2010 server is allowed to send out on port 25 as per the ASA 5500.
According to our parent company we *need* that Outlook related SPF record so... since the plan is to move ahead with a migration to O365 do you guys think maybe things would go smoother if I remove our SPF totally?
On Tuesday of last week I added an SPF entry for a hybrid Office365 deployment.
My current (and for the last 5 years) SPF record:
"v=spf mx a:internetmail.unifiedbran
On Tuesday I left that line alone and added:
"v=spf1 includes:spf.protection.ou
Now on Friday I removed that latter line, restarted BIND And up until 5 hours later the problem was still occurring.
Testing it with Telnet this morning the results are different. The error no longer occurs so... to my understanding a domain can have multiple SPF records... and since the sending address was unifiedbrands.net and not something.something.outloo
Can anyone explain where the break down was?
Also for the record, we only have the one Barracuda spam filter and it does not scan outgoing items.
And only the 1 Exchange 2010 server is allowed to send out on port 25 as per the ASA 5500.
According to our parent company we *need* that Outlook related SPF record so... since the plan is to move ahead with a migration to O365 do you guys think maybe things would go smoother if I remove our SPF totally?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did'nt want to trust me. I'm just not familiar enough with the 365 stuff.
So in checking the destinations SPF MXToolbox, http://www.kitterman.com/getspf2.py both have an issue with their SPF record but I cannot gauge what exactly the problem is.
What's going to confound this problem is that email host has whitelisted my domain. So I can't really test further, but according to the technical POC at the destination company my domain was the only ones they had issues with.. and from my end their domain was the only one I had issues with.
So in checking the destinations SPF MXToolbox, http://www.kitterman.com/getspf2.py both have an issue with their SPF record but I cannot gauge what exactly the problem is.
What's going to confound this problem is that email host has whitelisted my domain. So I can't really test further, but according to the technical POC at the destination company my domain was the only ones they had issues with.. and from my end their domain was the only one I had issues with.
They are always going to say that. As I said previously this is their issue. You are going to be hard pressed to troubleshoot that without their cooperation.
kitterman.com looks fine to me.
ASKER
I used that url Adam, to test the destination's SPF> The recipient domain is unisourcemarketing.com
You did say that tshearon, but I need more info to help support that to my manager. That's why I didn't close this yet.
You did say that tshearon, but I need more info to help support that to my manager. That's why I didn't close this yet.
That SPF is fine and the DNS FQDN is not blacklisted.
ASKER
The problem makes no sense then. Like I said they whitelisted my domain so I guess the problem is 'fixed' now but I'd really like to know the cause.
ASKER
220 relay3.edgewebhosting.net ESMTP Haraka 2.2.8 ready (781407F4-755D-426A-B19D-
95CEA2F010CF)
ehlo
501 [781407F4-755D-426A-B19D-9
C-2821 4.1.1.1
EHLO domain.net
250-relay3.edgewebhosting.
], Haraka is at your service.
250-PIPELINING
250-8BITMIME
250 SIZE 0
mail from: bhart@domain.net
250 sender <bhart@domain.net> OK
rcpt to: jacindac@destination.com
450 [781407F4-755D-426A-B19D-9
F Temporary Error