Solved

email issue

Posted on 2014-12-29
19
185 Views
Last Modified: 2015-01-06
Hi Experts,

I have a client who is experiencing the following email issues. Please see below

They are having an intermittent issue with email and company B  rejecting their email to us indicating an old DNS

Can anyone point me on the right directions?

Please, consider all spots to check and resolve this issue

Exchange Hybrid environment [Exchange 2010, office 365 and ADFS Windows 2008 servers in a NLB]
0
Comment
Question by:Jerry Seinfield
  • 10
  • 7
  • 2
19 Comments
 
LVL 10

Expert Comment

by:Michael Ian Claridge
Comment Utility
Hello,

Lest to say that DNS will need to be correct, also there is likely to be a SPF record, this essentially validates the sending IP address against the domain DNS, this will need to be of the same IP range of sending server, that being the external facing IP, not any internal NAT'd address.

I hope this helps.

Michael
0
 

Author Comment

by:Jerry Seinfield
Comment Utility
so,where should I check for the SPF record and follow your instructions, on the company sending or receiving the email? Source or target company?

Please advice
0
 
LVL 10

Expert Comment

by:Michael Ian Claridge
Comment Utility
Hello,

This will be for the external facing DNS of the company sending the email if I have interpreted this correctly.

MXTOOLBOX have a txt and spf check:

http://mxtoolbox.com/

Regards

Michael
0
 

Author Comment

by:Jerry Seinfield
Comment Utility
Michael,
is there an email where i can send you a private screenshots of the error and configuration?
0
 
LVL 12

Expert Comment

by:Chris Staunton
Comment Utility
Your SPF record probably contains the on-prem IP address of your older mail server and not the new microsoft ones.  You will need to update your SPF to contain those IPs as well.  
It should look similar to this:

"v=spf1 include:spf.protection.outlook.com ip4:68.232.143.88 ip4:68.232.141.190 -all"
0
 

Author Comment

by:Jerry Seinfield
Comment Utility
Lilshooter, where should I look at that SPF record? Client uses a Symantec Brightmail as spam gateway. Please provide details to check this settings

See also NDR attached, and MBXTOOL report, and let me know your thoughts

email flows from Exchange 2010 ----. Symantec BrightMail -----> Internet

This only happens when sending emails to a specific company. Sending emails to other companies are OK
NDR.jpg
NDRGeneratedbySymantecBrightmail.txt
0
 

Author Comment

by:Jerry Seinfield
Comment Utility
Can i please get an update about last comments?
0
 
LVL 12

Expert Comment

by:Chris Staunton
Comment Utility
Your SPF record is contained in your DNS records.  Look for a TXT record that contains the SPF line in it.  This is where the IP Addresses/Names of old mail servers will reside, you will need to add the new servers to that list.
0
 

Author Comment

by:Jerry Seinfield
Comment Utility
Any comments on the NDR and screenshot attached? When you say, look for a TXT record that contains a SPF line is on the external DNS record? what about the Symantec spam gateway? what type of DNS record are we talking here?

Can you please provide an example of the file and line to look at?

For instance if the external DNS solution provide is Network solutions, where should we look at?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:Jerry Seinfield
Comment Utility
Gentleman, can someone please respond to this asap?
0
 
LVL 12

Accepted Solution

by:
Chris Staunton earned 500 total points
Comment Utility
So if you're hosted at Network Solutions, you will need to login to the accounts management screen and locate the DNS records for the domain.  You will see A records, CNAME records and what you're looking for is a TXT record setup like the one above.  Use http://mxtoolbox.com/DNSLookup.aspx to check your DNS records.

As for the attached 5.0.0 smtp 554 error NDR that's a rejected message due to spam content, this is most likely caused by the missing SPF record.
0
 

Author Comment

by:Jerry Seinfield
Comment Utility
Hi Lilshhoter,

I got another NDR with another company,

#< #5.7.0 smtp; 550 5.7.0 Local Policy Violation ?EUR" SPF Failure

so, most likely is  a SPF record that needs to be updated >?

Please see screenshot with the external DNS settings for my client

Look at the TXT record for SPF, does not contain any values, here is where I have to enter the IP public of my? please provide details
AmMXrecords.jpg
AmTextSrvRecords.jpg
0
 
LVL 12

Expert Comment

by:Chris Staunton
Comment Utility
So from your AmTextSrvRecords.jpg, you should also have a record of the outside IP and name of the Received: from mail.CompanySending.com (prodexch2010r2.CompanySending.com [10.0.21.60]) machine

generally it's the hide address of the network connection or if you are using a separate IP altogether for the SMTP host.

Your SPF record should look like this:  amalienet.com.  IN TXT "v=spf1 ip4:4.35.1.70  ip4:68.232.143.88 ip4:68.232.141.190 include:spf.protection.outlook.com include:mail.amalienet.com ~all"
0
 
LVL 12

Expert Comment

by:Chris Staunton
Comment Utility
febenitezc any luck getting this sorted out?
0
 

Author Comment

by:Jerry Seinfield
Comment Utility
Chris, I got a communication from the client with the following question

From client

"I’ve had some communication with the team, and I have been advised to remove these two TXT records from the xxxxxx.com domain:"

Please see screenshots, they look to leave only one TXT record with the spf option by default

Do you believe is going to resolve this issue? I am not aware of any SPF implementation for this company, but since this is a Exchange Hybrid environment, not sure if we must enter on the SPF record the IP public requested above

Please advise
Am-TXT-records.jpg
AM2TXTRecords.jpg
0
 

Author Comment

by:Jerry Seinfield
Comment Utility
Any updates?
0
 
LVL 12

Expert Comment

by:Chris Staunton
Comment Utility
Those are TXT records that are tied to the O365 Tenant, I would not remove them unless MS tells you to do so.  Have you adjusted the SPF record yet?
0
 

Author Comment

by:Jerry Seinfield
Comment Utility
Chris, not sure If I explained the mail flow for this client

Client has one send connector to office 365, another send connector to outbound email [goes to Symantec BrightMail spam gateway], and not sure which IP should be entered on the SPF record. I know that should be a public IP, but not sure which one

On the other hand, all office 365 with hybrid deployments requires to update their SPF records?please advise
0
 
LVL 12

Expert Comment

by:Chris Staunton
Comment Utility
You can have both, the spf record I posted for you earlier has all the right settings  for all the IPs.  You can simply back up the current one you have, and replace it with the one I posted for you.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now