email issue

Hi Experts,

I have a client who is experiencing the following email issues. Please see below

They are having an intermittent issue with email and company B  rejecting their email to us indicating an old DNS

Can anyone point me on the right directions?

Please, consider all spots to check and resolve this issue

Exchange Hybrid environment [Exchange 2010, office 365 and ADFS Windows 2008 servers in a NLB]
Jerry SeinfieldAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Member_2_4839798Commented:
Hello,

Lest to say that DNS will need to be correct, also there is likely to be a SPF record, this essentially validates the sending IP address against the domain DNS, this will need to be of the same IP range of sending server, that being the external facing IP, not any internal NAT'd address.

I hope this helps.

Michael
0
Jerry SeinfieldAuthor Commented:
so,where should I check for the SPF record and follow your instructions, on the company sending or receiving the email? Source or target company?

Please advice
0
Member_2_4839798Commented:
Hello,

This will be for the external facing DNS of the company sending the email if I have interpreted this correctly.

MXTOOLBOX have a txt and spf check:

http://mxtoolbox.com/

Regards

Michael
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Jerry SeinfieldAuthor Commented:
Michael,
is there an email where i can send you a private screenshots of the error and configuration?
0
Chris StauntonCommented:
Your SPF record probably contains the on-prem IP address of your older mail server and not the new microsoft ones.  You will need to update your SPF to contain those IPs as well.  
It should look similar to this:

"v=spf1 include:spf.protection.outlook.com ip4:68.232.143.88 ip4:68.232.141.190 -all"
0
Jerry SeinfieldAuthor Commented:
Lilshooter, where should I look at that SPF record? Client uses a Symantec Brightmail as spam gateway. Please provide details to check this settings

See also NDR attached, and MBXTOOL report, and let me know your thoughts

email flows from Exchange 2010 ----. Symantec BrightMail -----> Internet

This only happens when sending emails to a specific company. Sending emails to other companies are OK
NDR.jpg
NDRGeneratedbySymantecBrightmail.txt
0
Jerry SeinfieldAuthor Commented:
Can i please get an update about last comments?
0
Chris StauntonCommented:
Your SPF record is contained in your DNS records.  Look for a TXT record that contains the SPF line in it.  This is where the IP Addresses/Names of old mail servers will reside, you will need to add the new servers to that list.
0
Jerry SeinfieldAuthor Commented:
Any comments on the NDR and screenshot attached? When you say, look for a TXT record that contains a SPF line is on the external DNS record? what about the Symantec spam gateway? what type of DNS record are we talking here?

Can you please provide an example of the file and line to look at?

For instance if the external DNS solution provide is Network solutions, where should we look at?
0
Jerry SeinfieldAuthor Commented:
Gentleman, can someone please respond to this asap?
0
Chris StauntonCommented:
So if you're hosted at Network Solutions, you will need to login to the accounts management screen and locate the DNS records for the domain.  You will see A records, CNAME records and what you're looking for is a TXT record setup like the one above.  Use http://mxtoolbox.com/DNSLookup.aspx to check your DNS records.

As for the attached 5.0.0 smtp 554 error NDR that's a rejected message due to spam content, this is most likely caused by the missing SPF record.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jerry SeinfieldAuthor Commented:
Hi Lilshhoter,

I got another NDR with another company,

#< #5.7.0 smtp; 550 5.7.0 Local Policy Violation ?EUR" SPF Failure

so, most likely is  a SPF record that needs to be updated >?

Please see screenshot with the external DNS settings for my client

Look at the TXT record for SPF, does not contain any values, here is where I have to enter the IP public of my? please provide details
AmMXrecords.jpg
AmTextSrvRecords.jpg
0
Chris StauntonCommented:
So from your AmTextSrvRecords.jpg, you should also have a record of the outside IP and name of the Received: from mail.CompanySending.com (prodexch2010r2.CompanySending.com [10.0.21.60]) machine

generally it's the hide address of the network connection or if you are using a separate IP altogether for the SMTP host.

Your SPF record should look like this:  amalienet.com.  IN TXT "v=spf1 ip4:4.35.1.70  ip4:68.232.143.88 ip4:68.232.141.190 include:spf.protection.outlook.com include:mail.amalienet.com ~all"
0
Chris StauntonCommented:
febenitezc any luck getting this sorted out?
0
Jerry SeinfieldAuthor Commented:
Chris, I got a communication from the client with the following question

From client

"I’ve had some communication with the team, and I have been advised to remove these two TXT records from the xxxxxx.com domain:"

Please see screenshots, they look to leave only one TXT record with the spf option by default

Do you believe is going to resolve this issue? I am not aware of any SPF implementation for this company, but since this is a Exchange Hybrid environment, not sure if we must enter on the SPF record the IP public requested above

Please advise
Am-TXT-records.jpg
AM2TXTRecords.jpg
0
Jerry SeinfieldAuthor Commented:
Any updates?
0
Chris StauntonCommented:
Those are TXT records that are tied to the O365 Tenant, I would not remove them unless MS tells you to do so.  Have you adjusted the SPF record yet?
0
Jerry SeinfieldAuthor Commented:
Chris, not sure If I explained the mail flow for this client

Client has one send connector to office 365, another send connector to outbound email [goes to Symantec BrightMail spam gateway], and not sure which IP should be entered on the SPF record. I know that should be a public IP, but not sure which one

On the other hand, all office 365 with hybrid deployments requires to update their SPF records?please advise
0
Chris StauntonCommented:
You can have both, the spf record I posted for you earlier has all the right settings  for all the IPs.  You can simply back up the current one you have, and replace it with the one I posted for you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.