SPF stopping Email
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
SPF stopping Email - 23.Sep.2008 11:29:53 AM
|
|
|
techsupport
Posts: 2
Joined: 23.Sep.2008
Status: offline
|
Very simple Question, I have several domains attempting to send email to us, I have looked in the spg.log file and can se the senders address and each time it says "Forged Email". How can I tell the system to accept all emails from this domain. We have in the past sent emails to this domain so I'm very confused why this is happening.
I am running GFI Essentials version 12
|
|
|
|
|
RE: SPF stopping Email - 23.Sep.2008 12:01:11 PM
|
|
|
newfood
Posts: 40
Joined: 24.Aug.2007
Status: offline
|
You can add the IP's in the Exception tab under SPF filtering.
What has likely happened, is that they have changed IP's of one (or more) of their outgoing mail servers without updating their SPF records (as dictated by DNS). Check the message headers for the IP of the originating server. If you want to know their SPF record (if you are curious) you can use dnsstuff.com (or if you have a unix/linux machine - dig). You can also use nslookup, but I find it more complicated.
If you are getting hit by internal emails getting blocked by SPF, you need to check your internal SPF record to make sure it lists all nodes (servers, routers, etc) that may be sending email.
|
|
|
|
|
RE: SPF stopping Email - 23.Sep.2008 12:45:11 PM
|
|
|
techsupport
Posts: 2
Joined: 23.Sep.2008
Status: offline
|
Thanks for the advice, I'll add the IP Address into the exclusion list. Strange that I even sent email s from our domain to this email and it was still blocked.
Again thanks
|
|
|
|
|
RE: SPF stopping Email - 23.Sep.2008 1:25:23 PM
|
|
|
RSP
Posts: 450
Joined: 31.Oct.2006
From: UK
Status: offline
|
To check with nslookup, do the following:
nslookup
set type=txt
senders.domain.name.com
exit
|
|
|
|
|
RE: SPF stopping Email - 23.Sep.2008 4:29:51 PM
|
|
|
newfood
Posts: 40
Joined: 24.Aug.2007
Status: offline
|
Using the dig tool (Unix/Linux)
dig txt domain.com
Forget DNSStuff.com. I guess they charge now for using the site... too bad really, it was a great tool.
It sounds like your own email is getting blocked by the SPF filter when sending outbound email, correct?
If so, look for your internal SPF record. Mine shows up like this (using nslookup):
<mydomain>.com text =
"v=spf1 ip4:<external ip address of mail server> ip4:192.168.2.0/24 ip4:192.168.0.0/24 ip4:192
.168.1.0/24 -all"
Basically, this says, as long as you are in our network, you can send out valid email from mydomain to anyone internally. (This was setup to ensure automatic emails from printers, monitoring stations, etc, would pass through the filter).
You need to set this up for every one of your domains if you want to use SPF correctly. I hope it helps.
< Message edited by newfood -- 23.Sep.2008 4:31:17 PM >
|
|
|
|
|
RE: SPF stopping Email - 24.Sep.2008 9:04:55 AM
|
|
|
RSP
Posts: 450
Joined: 31.Oct.2006
From: UK
Status: offline
|
Re-reading the original post, perhaps your SPF check is higher than your whitelist in the module priorities?
|
|
|
|
|
RE: SPF stopping Email - 24.Sep.2008 10:34:37 AM
|
|
|
joestern
Posts: 236
Joined: 18.Sep.2003
From: Philadelphia, PA
Status: offline
|
quote:
perhaps your SPF check is higher than your whitelist in the module priorities?
This makes absolute sense. If you whitelist *@bigclient.com, you want to make sure that only legitimate bigclient.com e-mail gets through.
I wrote a forum post about troubleshooting SPF, which you can find by searching this forum for "HOW TO: resolving SPF failures" My preferred SPF checking tool is http://www.kitterman.com/spf/validate.html.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
