Link to home
Start Free TrialLog in
Avatar of Ben Hart
Ben HartFlag for United States of America

asked on

Exchange 2010, 450 Sender SPF Temporary Error

I had an outside client report that our emails to them were being delayed by up to 8 hours.  I went looking and right off the bat, in the queue viewer I see an entry for their domain with 26 messages backed up.

All messages have the same Last Error:

450 [XXXX random ACSII characters] sender <user@mydomain.org> SPF Temporary Error

I have googled far and wide and cannot find a resolution for this.  I've checked my own SPF on MXToolbox.com and it reads as good.  I checked the destinations's SPF record, it was good too.

I checked the transport log and did not have an entry for these backed up messages so I am unsure of where to look next.
SOLUTION
Avatar of tshearon
tshearon
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Ben Hart

ASKER

I can and get the same error.

220 relay3.edgewebhosting.net ESMTP Haraka 2.2.8 ready (781407F4-755D-426A-B19D-
95CEA2F010CF)
ehlo
501 [781407F4-755D-426A-B19D-95CEA2F010CF] EHLO requires domain/address - see RF
C-2821 4.1.1.1
EHLO domain.net
250-relay3.edgewebhosting.net Hello internetmail.domain.net [xx.xx.xxx.xx]
], Haraka is at your service.
250-PIPELINING
250-8BITMIME
250 SIZE 0
mail from: bhart@domain.net
250 sender <bhart@domain.net> OK
rcpt to: jacindac@destination.com
450 [781407F4-755D-426A-B19D-95CEA2F010CF.1] sender <bhart@domain.net> SP
F Temporary Error
So it looks like the problem is on their end.
I was unsure about whose end it's on since it specifies the sender SPF.. which I am the sender.
So how could one resolve this issue, like if this was happened on my end?  MXToolbox says their SPF record is valid, could they have maybe incorrect SPF check settings?  Maybe a weird SenderID filter?
I need to be able to give them direction to support the claim that it's on their end if at all possible.
Anyone?
SOLUTION
Avatar of Gareth Gudger
Gareth Gudger
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Is your SPF record valid? The error you got from the EHLO Telnet session shows that this might not be the case, so I would recommend reviewing your SPF to make sure that it is 100% valid.
This particular destination domain is the only one that gives this error that's been reported.  MXToolbox says my SPF is valid, and I won;t be like other people and say nothing on my end has been changed.

On Tuesday of last week I added an SPF entry for a hybrid Office365 deployment.

My current (and for the last 5 years) SPF record:

"v=spf mx a:internetmail.unifiedbrands.net ?all"

On Tuesday I left that line alone and added:

"v=spf1 includes:spf.protection.outlook.com -all"


Now on Friday I removed that latter line, restarted BIND And up until 5 hours later the problem was still occurring.

Testing it with Telnet this morning the results are different.  The error no longer occurs so... to my understanding a domain can have multiple SPF records... and since the sending address was unifiedbrands.net and not something.something.outlook.com I'd believe that the outlook SPF should not have had a dog in that fight.


Can anyone explain where the break down was?


Also for the record, we only have the one Barracuda spam filter and it does not scan outgoing items.
And only the 1 Exchange 2010 server is allowed to send out on port 25 as per the ASA 5500.


According to our parent company we *need* that Outlook related SPF record so... since the plan is to move ahead with a migration to O365 do you guys think maybe things would go smoother if I remove our SPF totally?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I did'nt want to trust me.  I'm just not familiar enough with the 365 stuff.

So in checking the destinations SPF MXToolbox, http://www.kitterman.com/getspf2.py both have an issue with their SPF record but I cannot gauge what exactly the problem is.

What's going to confound this problem is that email host has whitelisted my domain.  So I can't really test further, but according to the technical POC at the destination company my domain was the only ones they had issues with.. and from my end their domain was the only one I had issues with.
They are always going to say that. As I said previously this is their issue. You are going to be hard pressed to troubleshoot that without their cooperation.
kitterman.com looks fine to me.
I used that url Adam, to test the destination's SPF>  The recipient domain is unisourcemarketing.com

You did say that tshearon, but I need more info to help support that to my manager. That's why I didn't close this yet.
That SPF is fine and the DNS FQDN is not blacklisted.
The problem makes no sense then.  Like I said they whitelisted my domain so I guess the problem is 'fixed' now but I'd really like to know the cause.