On 23 Mar 2011, at 08:09, Dave Funk wrote: > On Tue, 22 Mar 2011, jon1234 wrote: > >> >> >>> From where do they get that bounce message? From a host internal to your >>> network or from hosts out on the Internet? >> >> The bounce message is only when they send certain domains that are external >> to our network. >> >>> >>> If that's coming from an internal MTA, I'd suggest that MTA doesn't >>> believe your Exchange server is a legitimate source for mail from your >>> domain. If that's coming from external MTA(s) then others on the public >>> Internet apparently don't believe your public IP address is a legitimate >>> source for mail from your domain. Do you publish SPF information or use >>> Domainkeys? Has your public MTA's internet IP address changed recently? >> >> AFAIK we arent using Domainkeys, we use DynDNS.com and a check on our SPF >> records gives >> >> "The TXT records found for your domain are: >> v=spf1 ip4:202.44.190.48/28 ~all >> >> SPF records should also be published in DNS as type SPF records. >> >> No type SPF records found. >> >> Checking to see if there is a valid SPF record. >> >> Found v=spf1 record for afnsecurity.com: >> v=spf1 ip4:202.44.190.48/28 ~all " >> >> the external IP of the exchange server is 202.44.190.49.. could this be the >> cause? If so why would only certain domains be giving the error? >> >> Regards, >> Jon > > Some people may have their level of paranoia WRT SPF mis-match cranked up.
Surely that's an SPF pass (excluding possible recipient forwarding)? 202.44.190.48/28 = 202.44.190.48-202.44.190.63 Maybe I'm being dense... > > The other possible cause of those rejects is that your full-circle-DNS is > FUBAR. EG: > > $ host afnsecurity.com > afnsecurity.com has address 202.44.190.61 > afnsecurity.com mail is handled by 50 mx2.mailhop.org. > afnsecurity.com mail is handled by 60 mx1.afnsecurity.com. > afnsecurity.com mail is handled by 10 mx1.afnsecurity.com. > $ host 202.44.190.61 > 61.190.44.202.in-addr.arpa domain name pointer > 202.44.190.61.static.nexnet.net.au. > $ host 202.44.190.49 > 49.190.44.202.in-addr.arpa domain name pointer > 202.44.190.49.static.nexnet.net.au. > > afnsecurity.com != 202.44.190.61.static.nexnet.net.au > > Thus the claim that you are an imposterer > > any chance you can get your ISP to fix that DNS reverse map and those SPF > records? mx1.afnsecurity.com resolves to 202.44.190.50 and HELOs: 220 afnwall01.afnsecurity.com ESMTP spamd IP-based SPAM blocker Now afnwall01.afnsecurity.com doesn't resolve *at all*, and the rDNS is in the same format as the above. Does your exchange server relay out through this filter? If not, what name does it announce itself as? If it does, or if that name is also invalid, or resolves to a different IP then you may also encounter this kind of error.
