Wrong SPF & PTR - ORF Forums

Wrong SPF & PTR RSS Back to forum

1

Good afternoon. After the introduction of ORF there is a problem. We use Exchange 2010. External CIsco redirects 25th port on the ORF, the other ports on the Exchange. Address CIsco - xx.xx.158.1. ip exchange - xx.xx.158.113.
Tests show that the outside world looking for our ptr and spf at the gateway and therefore many of the mails do not pass spam-checking

Reverse DNS does not exist for Email server. Ask your ISP to set reverse DNS for Email server IP to match your Mail server Host name (in FQDN format).

SPF records for <ith.su> specify that Email server <ith.su> is not allowed to send emails for <ith.su>. This means that there is a high chance of your Emails being rejected or being classified as SPAM. Ideally, the SPF records for <ith.su> must return 'pass' for your Email server IP <xx.s.158.1>. For more details on checking SPF records for your domain, please refer to http://old.openspf.org/why.html

we serve ourselves the External dns zone.
Why is it so?

Reply
by Evgeniy Tserulev more than 10 years ago
2

@Evgeniy Tserulev: "Tests show that the outside world looking for our ptr and spf at the gateway and therefore many of the mails do not pass spam-checking"

If external recipients are receiving emails from your gateway server IP and not from your MX directly, you should include your gateway IP in your SPF policy. Also, if emails are arriving to recipients from the gateway, the gateway reverse name should match mail server host name as the standards require.

The simplest solution would be to point your MX record to the Cisco server instead of the Exchange server I guess.

Reply
by Krisztian Fekete (Vamsoft) more than 10 years ago
(in reply to this post)

3

Did it work? A-record corresponds to the address mailer xx.xx.158.113

It seems that the mails were sent on behalf of the ORF, and he does not have a public ip, it displays the gateway address. How to make sure that mail is to go on behalf of the Exchange?

Reply
by Evgeniy Tserulev more than 10 years ago
4

@Evgeniy Tserulev: "Did it work? A-record corresponds to the address mailer xx.xx.158.113"

Sorry, I am not sure I understand...

"It seems that the mails were sent on behalf of the ORF, and he does not have a public ip, it displays the gateway address."

ORF does not send any emails, Exchange does... If the outbound email is relayed from Exchange via the Cisco gateway, the recipient will consider Cisco as the sender host, that's normal behavior.

"How to make sure that mail is to go on behalf of the Exchange?"

By not relaying outgoing emails through Cisco, or by configuring Cisco to relay in a transparent way. Is NAT configured properly in your setup (http://en.wikipedia.org/wiki/Network_address_translation)?

Reply
by Krisztian Fekete (Vamsoft) more than 10 years ago
(in reply to this post)

5

During testing it became clear that the cause of the peculiarity of Cisco. If you put forward is not just the all ip range, but specific ports (80,443 etc), then outcoming packages are marked ip Cisco. I do not know why...

Reply
by Evgeniy Tserulev more than 10 years ago
6

You can test the email authentication by following the instructions here (http://www.unlocktheinbox.com/resources/emailauthentication/) to verify your SPF and Spam Score assigned. Also it's important to make sure your smtp banner on your mail server matches your host name.

Reply
by Henry more than 10 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2