Morning all,
Does anyone have any issues delivering to some O365 domains
due to Microsoft internally SPF failing inbound email against their own
servers?
We're seeing the email go through our MXs and be delivered to
x.protection.outlook.com,
protection.outlook.com then SPF checks and passes the message, verifies the
DKIM signature and passes that.
then.
it gets routed internally from protection.outlook.com to
outlook.office365.com, back to protection.outlook.com
and then goes through a second set of SPF and DKIM checks which fail SPF
because protection.outlook.com is not a permitted server for
st-andrews.ac.uk
It 'seems' to happen for recipients in UK datacentres where their MX records
still point at the EU datacentres and I 'think' having
an O365 tenancy but routing all of our outbound email through our onsite MX
servers is a contributing factor due to the tenant
name appearing in the headers. [we're hybrid on premise, Gmail and O365]
Our support call is going round in circles, we've been told the remote site
has blacklisted us, that we need to add the MS servers into our SPF,
that we need to add our hybrid servers into our SPF, that our DKIM signature
is invalid, that our SPF is invalid, that the remote site have errors
in their EOP configuration and that Barracuda have blacklisted us.
I can see that adding protection.outlook.com to our SPF record will fix this
though protection.outlook.com shouldn't be sending email for us and
shouldn't be in our SPF but it may be that the price of having an O365
tenancy is we have to whether we send email that way or not. If anyone
knows either way and can explain why or knows how we should phrase a request
for escalation to a team that understands hybrid setups where
email is routed through non MS servers I'd appreciate sharing of the
knowledge. :)
Example headers below.
Cheers,
Duncan
Received: from LNXP265MB0905.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:5e::31)
by LO2P265MB1728.GBRP265.PROD.OUTLOOK.COM with HTTPS via
LNXP265CA0019.GBRP265.PROD.OUTLOOK.COM; Fri, 26 Oct 2018 08:00:56 +0000
Received: from CWLP265CA0256.GBRP265.PROD.OUTLOOK.COM (2603:10a6:401:25::28)
by LNXP265MB0905.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:78::11) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1273.24; Fri, 26 Oct
2018 08:00:56 +0000
Received: from VE1EUR01FT055.eop-EUR01.prod.protection.outlook.com
(2a01:111:f400:7e01::206) by CWLP265CA0256.outlook.office365.com
(2603:10a6:401:25::28) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1273.19 via Frontend
Transport; Fri, 26 Oct 2018 08:00:55 +0000
Authentication-Results: spf=fail (sender IP is 104.47.0.127)
smtp.mailfrom=st-andrews.ac.uk; uhi.ac.uk; dkim=pass (signature was
verified)
header.d=UniversityofStAndrews907.onmicrosoft.com;uhi.ac.uk;
dmarc=bestguesspass action=none header.from=st-andrews.ac.uk;
Received-SPF: Fail (protection.outlook.com: domain of st-andrews.ac.uk does
not designate 104.47.0.127 as permitted sender)
receiver=protection.outlook.com; client-ip=104.47.0.127;
helo=EUR01-HE1-obe.outbound.protection.outlook.com;
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (104.47.0.127)
by
VE1EUR01FT055.mail.protection.outlook.com (10.152.3.104) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
15.20.1294.14 via Frontend Transport; Fri, 26 Oct 2018 08:00:55 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=UniversityofStAndrews907.onmicrosoft.com; s=selector1-standrews-ac-uk0e;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-Sende
rADCheck;
bh=jmNDk9A9PZk09YI7EoXcC6bpFtKR82SKTANn3/DMLug=;
b=ED9NpX9QKXys3LSbATyd1YMgMQbsPuEcRC92nBMGdPTsmDPO7fHqm7hzMOCCkKw4+1+hnch9Jw
2kVAxit6o/NKsdo66TJ+EM0BDCmmkAefoo/2KSvwKz5cuTTp5lBId6DKAUjUSjoCOqOhIv5yf46D
zflVSY0yr4fy3dIbEe3GI=
Received: from VI1PR06CA0143.eurprd06.prod.outlook.com
(2603:10a6:803:a0::36)
by DB6PR0601MB2389.eurprd06.prod.outlook.com (2603:10a6:4:1f::20) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1273.19; Fri, 26 Oct
2018 08:00:53 +0000
Received: from VE1EUR01FT064.eop-EUR01.prod.protection.outlook.com
(2a01:111:f400:7e01::205) by VI1PR06CA0143.outlook.office365.com
(2603:10a6:803:a0::36) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1273.21 via Frontend
Transport; Fri, 26 Oct 2018 08:00:53 +0000
Authentication-Results-Original: spf=pass (sender IP is 138.251.6.249)
smtp.mailfrom=st-andrews.ac.uk; uhi.ac.uk; dkim=pass (signature was
verified)
header.d=st-andrews.ac.uk;uhi.ac.uk; dmarc=bestguesspass action=none
header.from=st-andrews.ac.uk;
Received-SPF: Pass (protection.outlook.com: domain of st-andrews.ac.uk
designates 138.251.6.249 as permitted sender)
receiver=protection.outlook.com; client-ip=138.251.6.249;
helo=mailhost.st-andrews.ac.uk;
Received: from mailhost.st-andrews.ac.uk (138.251.6.249) by
VE1EUR01FT064.mail.protection.outlook.com (10.152.3.34) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
15.20.1273.13 via Frontend Transport; Fri, 26 Oct 2018 08:00:52 +0000
Received: from mailhost02.st-andrews.ac.uk (mailhost.st-andrews.ac.uk
[192.168.0.2])
by mailhost.st-andrews.ac.uk (8.15.2/8.15.2/Debian-8) with
ESMTPS id w9Q80pTc120481
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT);
Fri, 26 Oct 2018 09:00:52 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=st-andrews.ac.uk;
s=mailhost; t=1540540852;
bh=gRTuJZzb7JI456njDWSRhuU9IlxP+i6HdwYnqMKdJJU=;
h=From:To:Subject:Date:From;
b=gaAFsl9e7JmElplb6otYlJgysWIZCbUlAl9bfTD2uRtkU8FPNDNDNEYv67RzacZCQ
5dwU2tZoAqcYPeq18kxxreiWAOaUdPkI9bzyKxJVVRahXx1cy01bKOhz7thUVWKQaA
KQVJHV3FiLGyCS7zYlE08wCygEhvavY5gXAqINaDxPdqNT0JfNsaLzsYfuL4eIGtFm
Xel+vrLfTEzoacFoYrf+yan/R5pMp5z/wQx6nVhW1Ihz5ibtPHghj4REjIlyrCbWm4
LtztByClgpj5MB7PteT3VsLO0mgJ6Q02Q4UsLLZa6HEGslfxJ2OoyAOXj1stNvcz2W
3mnsL8C9RSiOw==
X-Spam-Status: No
X-StAndrews-MailScanner-From: d...@st-andrews.ac.uk
<mailto:d...@st-andrews.ac.uk>
X-StAndrews-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
score=0.111, required 5, DKIM_SIGNED 0.10, HTML_MESSAGE 0.00,
T_DKIM_INVALID 0.01)
X-StAndrews-MailScanner: No virus detected
X-StAndrews-MailScanner-ID: w9Q80mnL120467
X-StAndrews-MailScanner-Information: Please contact the ISP for more
information
Received: from unimail.st-andrews.ac.uk (exch13-srv03.st-andrews.ac.uk
[138.251.9.20])
by mailhost02.st-andrews.ac.uk (8.15.2/8.15.2/Debian-8) with
ESMTPS id w9Q80mnL120467
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256
verify=NOT);
Fri, 26 Oct 2018 09:00:49 +0100
Received: from exch13-srv03.st-andrews.ac.uk (138.251.9.20) by
exch13-srv03.st-andrews.ac.uk (138.251.9.20) with Microsoft SMTP Server
(TLS)
id 15.0.1210.3; Fri, 26 Oct 2018 09:00:48 +0100
Received: from EUR03-VE1-obe.outbound.protection.outlook.com
(213.199.154.148)
by exch13-srv03.st-andrews.ac.uk (138.251.9.20) with Microsoft SMTP Server
(TLS) id 15.0.1210.3 via Frontend Transport; Fri, 26 Oct 2018 09:00:48 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=UniversityofStAndrews907.onmicrosoft.com; s=selector1-standrews-ac-uk0e;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-Sende
rADCheck;
bh=sfdcZ9ETxSvzJVU/5gt/HSeE7sIMoJ61hF3L/g+1OlQ=;
b=dy0PNnh1+cASR+z9cij+VQ1mawDIS5MYQVvFvRNxP1rHUjs2Gg0m6bswj0/HHOiINg6r/4XnPP
wcK22bRaMF0QMuTYtnu/a13qfN1qId1TZXpeYhHyQ4BDgcCXcT7vx6JQuN6v74OvXE5geWreHWiv
4uyDAiYR4m+pu50KOy+EY=
Received: from HE1PR0602MB3596.eurprd06.prod.outlook.com (52.133.5.31) by
HE1PR0602MB2763.eurprd06.prod.outlook.com (10.175.31.11) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.1273.18; Fri, 26 Oct 2018 08:00:46 +0000
Received: from HE1PR0602MB3596.eurprd06.prod.outlook.com
([fe80::9cbd:88d4:5772:eac2]) by HE1PR0602MB3596.eurprd06.prod.outlook.com
([fe80::9cbd:88d4:5772:eac2%2]) with mapi id 15.20.1250.028; Fri, 26 Oct
2018
08:00:46 +0000
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
