| Using anti-spoofing and Mandrill [message #146571] |
Mon, 09 September 2019 19:22  |
macjimbo
Messages: 60
Registered: June 2008
|
|
|
|
I've recently started using Mandrill for sending transactional emails to our customers and staff. The emails are addressed so that they are sent from name<_at_>ourcompany.com
We still continue to use Kerio Connect 9.2.10 for all other email sending and receiving for our company.com
This all works fine except when the Mandrill recipient is within our organisation (ie person<_at_>ourcompany.com)
Because I have sender anti-spoofing protection turned on (to stop outside organisations sending email pretending to come from us), the mail sent from Mandrill is blocked:
[09/Sep/2019 17:34:36] SMTP: Message from IP address x.x.x.x was rejected because of missing authentication for local domain sender <name<_at_>ourcompany.com>.
Because Mandrill uses an ever-changing IP address range, I can't simply add their IP address range to the whitelist - so right now the only option I can see is to turn off the anti-spoofing protection.
Has anyone got any ideas how to work around this?
Thanks!
[Updated on: Mon, 09 September 2019 23:18] Report message to a moderator |
|
|
|
| Re: Using anti-spoofing and Mandrill [message #146572 is a reply to message #146571] |
Tue, 10 September 2019 02:31  |
j.a.duke
Messages: 239
Registered: October 2006
|
|
|
|
macjimbo wrote on Mon, 09 September 2019 13:22I've recently started using Mandrill for sending transactional emails to our customers and staff. The emails are addressed so that they are sent from name<_at_>ourcompany.com
We still continue to use Kerio Connect 9.2.10 for all other email sending and receiving for our company.com
This all works fine except when the Mandrill recipient is within our organisation (ie person<_at_>ourcompany.com)
Because I have sender anti-spoofing protection turned on (to stop outside organisations sending email pretending to come from us), the mail sent from Mandrill is blocked:
[09/Sep/2019 17:34:36] SMTP: Message from IP address x.x.x.x was rejected because of missing authentication for local domain sender <name<_at_>ourcompany.com>.
Because Mandrill uses an ever-changing IP address range, I can't simply add their IP address range to the whitelist - so right now the only option I can see is to turn off the anti-spoofing protection.
Has anyone got any ideas how to work around this?
Thanks!
You can add the Mandrill IP ranges to an IP group that is excluded from various requirements that might block the messages.
I'd create a group, then add it into any other group that you specify to exclude in Spam Repellent, Greylisting, SPF, Caller ID and, most importantly, in SMTP Server-Relay Control.
To look up the IPs for Mandrill, I used DNSstuff.com:
https:// tools.dnsstuff.com/#dnsLookup|type=domain&&value=spf .mandrillapp.com&&recordType=ANY&&displaytyp e=pretty
I've used the technique for voicemail from a primitive VOIP system that had no option for authenticating when sending.
If you have any questions, please let me know.
Cheers,
Jon
|
|
|
|
| Re: Using anti-spoofing and Mandrill [message #146583 is a reply to message #146572] |
Wed, 11 September 2019 17:50 |
macjimbo
Messages: 60
Registered: June 2008
|
|
|
|
Thanks Jon. The problem is that the IP address range for Mandrill could change (and indeed they warn that it probably will).
If I use their existing IP address range then mail could suddenly start bouncing if they add another IP address.
So I'm stuck...
Cheers
James
|
|
|
|
| Re: Using anti-spoofing and Mandrill [message #146584 is a reply to message #146583] |
Wed, 11 September 2019 18:19 |
j.a.duke
Messages: 239
Registered: October 2006
|
|
|
|
macjimbo wrote on Wed, 11 September 2019 11:50Thanks Jon. The problem is that the IP address range for Mandrill could change (and indeed they warn that it probably will).
If I use their existing IP address range then mail could suddenly start bouncing if they add another IP address.
So I'm stuck...
Cheers
James
James,
I don't think you have much to worry about. There are over 4500 IPs listed in the SPF record.
I suspect that unless they change the IP ranges wholesale, you should be good.
Just check the SPF data from time to time and update your server config if needed.
Cheers,
Jon
|
|
|
|
Members
Search
Help
Register
Login
Home
