2 of our users have recently received the following error messages. We
have a rather complicated setup and I have obviously missed something.
Below the error messages I have listed our setup. I could use any
thoughts on what I need to do to get the SPF record correct to match our
setup.
There was a SMTP communication problem with the recipient's email
server. Please contact your system administrator.
<mail.fishers.in.us #5.5.0 smtp;550 The sender did not meet Sender
Policy Framework rules. Please see http://spf.pobox.com
<http://spf.pobox.com/> >
And
The following recipient(s) could not be reached:
'k_fox@mail.fletcherchrysler.com' on 3/3/2010 9:23 AM
You do not have permission to send to this recipient. For
assistance, contact your system administrator.
<mail.fishers.in.us #5.7.1 smtp;550 5.7.1
<k_fox@mail.fletcherchrysler.com
<mailto:k_fox@mail.fletcherchrysler.com>>... Relaying denied. IP name
possibly forged [64.255.243.147]>
Our current SPF record is: "v=spf1 a mx a:fishers.hamcty.iquest.net
a:fishers2.hamcty.iquest.net a:IP-64-255-243-147.nframe.net
a:IP-64-255-243-150.nframe.net mx:mail4.fishers.in.us
mx:mail3.fishers.in.us mx:mail2.fishers.in.us mx:mail.fishers.in.us
~all"
Our setup is: We have one exchange server. We have 2 firewalls, each
with a connection to 2 ISP's.
Public IP's for mail server: 208.40.242.35 mail2.fishers.in.us
208.40.242.61 mail3.fishers.in.us
209.43.92.27 mail.fishers.in.us
209.43.92.11 mail4.fishers.in.us
Mail3 and Mail4 are on the secondary firewall and will only work if the
primary is down. ( this is not a problem, only stated for information
purposes )
When mail is translated out through the firewall it is usually tagged as
coming from one of our 4 firewall address.
Firewall addresses: 209.43.47.195
64.255.243.150
209.43.47.194
64.255.243.147
At first we had problems with other mail servers performing reverse dns
lookups since they saw the firewall IP's and not the public IP's of the
mail server. We fixed this issue by having our IPS and domain owner
place pointer records for the firewall ip's to the public IP's.
To add to this, we also are looking to use Symantec Brightmail Gateway.
I am currently testing it my translating the mail2.fishers.in.us mx
record (208.40.242.35) to the internal ip of the gateway.
Here is a link with more information.
http://www.dnsstuff.com/tools/dnsreport?domain=www.fishers.in.us&format=
raw&loadresults=true&token=20e1dbb3e23239dc16e2310916d0e017
Thank you,
Isaac Crowe
Sr. Systems Administrator
Town of Fishers
317-595-3478
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
have a rather complicated setup and I have obviously missed something.
Below the error messages I have listed our setup. I could use any
thoughts on what I need to do to get the SPF record correct to match our
setup.
There was a SMTP communication problem with the recipient's email
server. Please contact your system administrator.
<mail.fishers.in.us #5.5.0 smtp;550 The sender did not meet Sender
Policy Framework rules. Please see http://spf.pobox.com
<http://spf.pobox.com/> >
And
The following recipient(s) could not be reached:
'k_fox@mail.fletcherchrysler.com' on 3/3/2010 9:23 AM
You do not have permission to send to this recipient. For
assistance, contact your system administrator.
<mail.fishers.in.us #5.7.1 smtp;550 5.7.1
<k_fox@mail.fletcherchrysler.com
<mailto:k_fox@mail.fletcherchrysler.com>>... Relaying denied. IP name
possibly forged [64.255.243.147]>
Our current SPF record is: "v=spf1 a mx a:fishers.hamcty.iquest.net
a:fishers2.hamcty.iquest.net a:IP-64-255-243-147.nframe.net
a:IP-64-255-243-150.nframe.net mx:mail4.fishers.in.us
mx:mail3.fishers.in.us mx:mail2.fishers.in.us mx:mail.fishers.in.us
~all"
Our setup is: We have one exchange server. We have 2 firewalls, each
with a connection to 2 ISP's.
Public IP's for mail server: 208.40.242.35 mail2.fishers.in.us
208.40.242.61 mail3.fishers.in.us
209.43.92.27 mail.fishers.in.us
209.43.92.11 mail4.fishers.in.us
Mail3 and Mail4 are on the secondary firewall and will only work if the
primary is down. ( this is not a problem, only stated for information
purposes )
When mail is translated out through the firewall it is usually tagged as
coming from one of our 4 firewall address.
Firewall addresses: 209.43.47.195
64.255.243.150
209.43.47.194
64.255.243.147
At first we had problems with other mail servers performing reverse dns
lookups since they saw the firewall IP's and not the public IP's of the
mail server. We fixed this issue by having our IPS and domain owner
place pointer records for the firewall ip's to the public IP's.
To add to this, we also are looking to use Symantec Brightmail Gateway.
I am currently testing it my translating the mail2.fishers.in.us mx
record (208.40.242.35) to the internal ip of the gateway.
Here is a link with more information.
http://www.dnsstuff.com/tools/dnsreport?domain=www.fishers.in.us&format=
raw&loadresults=true&token=20e1dbb3e23239dc16e2310916d0e017
Thank you,
Isaac Crowe
Sr. Systems Administrator
Town of Fishers
317-595-3478
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com