Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Email rejected SPF

Posted on 2015-01-13
17
Medium Priority
?
823 Views
Last Modified: 2015-03-29
Hi.

I run a corporate network that runs exchange 2013. We are having issues with sending emails to a certain domain. Below is the error message I receive:


The following message to <Rosemary.Joe@towerinsurance.com.fj> was undeliverable.
The reason for the problem:
5.3.0 - Other mail system problem 550-'5.7.1 Message rejected (SPF)


I would appreciate any assistance provided.

Thanks,
0
Comment
Question by:fijiboy
  • 6
  • 5
  • 2
  • +3
17 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 40547902
run the following command using the sender's email address

nslookup -q=txt <domain of sender>

There should  be a reference to the authorized source of the emails.  The source of the mailing that is being rejected fell outside that rule and the recipients server is configure for strict enforcement.

without the full info, this is as good as I can do.
0
 
LVL 19

Expert Comment

by:R--R
ID: 40547909
Do you have a PTR or spf record created for your domain?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40547913
If your emails are being rejected because of SPF, it says that you have an SPF (Sender Policy Framework) record that doesn't include the IP Address that you are sending your emails from.

You can run an SPF report here http://mxtoolbox.com/NetworkTools.aspx

Then if you check using http://www.kitterman.com/spf/validate.html (bottom of the screen) you can enter your relevant details, SPF record, IP Address and mail server FQDN and see if the test passes or fails.

If the test fails, you need to amend your SPF record to make sure that you get a pass. Alternatively, remove the SPF record completely as it is better to not have an SPF record than it is to have an invalid one.

Alan
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 

Author Comment

by:fijiboy
ID: 40547946
I have the following from the nslookup command:


C:\>nslookup -q=txt towerinsurance.com.fj
Server:  hfc-dc.hfcnet.local
Address:  192.168.1.8

abc.com.fj
        primary name server = ns1.secure.net
        responsible mail addr = hostmaster.secure.net
        serial  = 2010051651
        refresh = 86400 (1 day)
        retry   = 7200 (2 hours)
        expire  = 2592000 (30 days)
        default TTL = 86400 (1 day)

C:\>
0
 
LVL 80

Expert Comment

by:arnold
ID: 40547958
Is this on your server from which the rejecting message came?
The error says an email sent to a recipient @towerinsurance.com.fj

This domain seems tp be served by a third party, they may have filtering policies.  Was this notice sent to the recipient that an email addressed to them was rejected?
0
 
LVL 8

Expert Comment

by:Jessie Gill, CISSP
ID: 40547964
192.168.1.8 Isn’t the IP you are sending emails from

Alan is right on this, that your SPF record does not have your sending gateways IP or hostname.

1. Update your SFP record to include the information
0
 

Author Comment

by:fijiboy
ID: 40548002
Hi.

The ip address 192.168.1.8 is our internal DC/DNS server. Do I need to include this in our external SPF record?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40548003
No - you need your Public fixed IP address not your internal IP.
0
 

Author Comment

by:fijiboy
ID: 40548070
Hi....this would be the IP for our firewall? the outbound connector on our server also has an internal IP.
0
 
LVL 8

Assisted Solution

by:Jessie Gill, CISSP
Jessie Gill, CISSP earned 501 total points
ID: 40548077
It would be you fw if your send connector has that set
0
 

Author Comment

by:fijiboy
ID: 40548101
Hi. I already have this as an mx record.....mail.company.com.fj

My SPF is:

v=spf1 mx a ptr: xxx.xxx.xxx.xxx
0
 
LVL 80

Expert Comment

by:arnold
ID: 40548115
is your MX A and PTR resolve to the same name, you are leaving the level ~All -All to the recipient such that they might be enforcing a strict rule.

you have a public domain...
0
 

Author Comment

by:fijiboy
ID: 40548251
Hi.

Sorry I have a -all at the end of the SPF record. So it appears as this:

IN      TXT     "v=spf1 mx a:smtp2x.abc.com.fj -all"
0
 
LVL 80

Accepted Solution

by:
arnold earned 501 total points
ID: 40548278
In this case, does you MX a reord match the IP returned when you visit http://whatismyip.com from the mail server?
If not, add a PTR revord that includes all your public IPs ptr:x.x.x.y/29
0
 

Author Comment

by:fijiboy
ID: 40548281
Yes this does match.
0
 
LVL 80

Expert Comment

by:arnold
ID: 40548286
If you email from your system to your other email address on an external server.

Look at the received: header to see how your server identifies itself.  It might not match the conditions and your spf is set to strict.

The issue could have been with the remote being unable to resolve .........

Add the PTR to your spf and sed if that makes a difference.  Is the issue with that domain intermittent?

Are you getting services web site from one provider, while email handling through a different one?  Reason for asking, make sure in this case that youhave DNS records only on one or if you have on both, make sure they are configured identically.

I.e. The domain in question shares providers with you and the listing this provider has is not up to date.
0
 
LVL 3

Assisted Solution

by:Bahloul
Bahloul earned 498 total points
ID: 40548304
Hi,

This is done by adding a TXT record in DNS. Spam filters use this informaiton to stop illegitimate emails pretending to originate form that domain.

Do a spf check on http://www.kitterman.com/spf/validate.html site and ensure it isn't giving any errors if yes go here to create your SPF :-

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/ OR  

http://spfwizard.com/

make sure that your PTR record is correct ans SPF also

use the folllwoing link it will provide you a solution if you are restricted domain :-

www.mxtoolbox.com

and check here fir black list may your Domain listed :-

http://mxtoolbox.com/blacklists.aspx

the website will help you to fix this issues.

check also here it may help you :-


Bahloul.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses
Course of the Month11 days, 17 hours left to enroll

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question