Jump to content

Outgoing emails being blocked by mail control


gingib
 Share

Recommended Posts

Has there been any recent changes to Hornbill's SPF Record?  We have just discovered that our outgoing emails have been blocked by our mail control as being spoofed - this has been happening for about a week.  We have checked everything at our end and cannot find a reason for this unless you have maybe made some changes.  Please can you advise?

Link to comment
Share on other sites

Gingib.

Thanks for the post. No changes have been made to the SPF record since 9/15/2016 at 10:43:33 AM and having checked the SPF record everything looks as it should.

Can you provide the full headers of an email that was sent and blocked so we can see where it got to.

Kind Regards

Keith Stevenson

Link to comment
Share on other sites

Hi Keith,

We had already started to take the actions you had previously suggested (think those comments may have now been deleted).  Below is as requested:-

Received: from live.hornbill.com (unknown [172.16.1.52])by live.hornbill.com (Postfix) with ESMTP id DE0A01401BBfor <fred.blogs@xxx.org>; Tue, 14 Feb 2017 12:39:13 +0000 (UTC)
Date: Tue, 14 Feb 2017 12:39:11 +0000 (GMT Standard Time)
MIME-Version: 1.0
Subject: [SR00025194] Your request regarding "New Starter Request for ??? starting on 2017-02-14" has been logged
X-Priority: 3
X-Mailer: Hornbill Mailer 8.0.0.2687
From: "IT Service Desk" <wbcitservicedesk@wokingham.gov.uk>
To: fred.blogs@xxx.org
Content-Type: multipart/alternative; boundary="__=_Part_Boundary_003_012019.001950"
Message-Id: <000000000001cc01@wbcservicedesk.mail.hornbill.com>
X-Mailcontrol-TLSQueued: g4wZfm+MR!NIMxq6Ro!sG3a5aOyRpqyiLM1WvYW2iEvzMcexbDZ9ApdNlfvZ3LKs7w5ARWlIr3v0SmYluureVePBLAzdSwFt

Edited by gingib
Remove user email address
Link to comment
Share on other sites

@gingib your outbound rule for your domain should be using direct outbound instead of smarthost. You are are using our postfix server as a smarthost which is not an allowed sender for anything other than live.hornbill.com addresses.

https://mxtoolbox.com/SuperTool.aspx?action=ptr%3a78.129.173.121&run=networktools#

If you change the outbound rule for your domain to direct outbound, it should work correctly.

(thanks to @jeffreysmith and @Keith Stevenson for assistance with this issue :))

Link to comment
Share on other sites

Hi Victor,

When we went to apply this suggested fix we got the following message:-

SPF Check Success

 

SPF RECORD: include:spf.mailjet.com ip4:5.153.254.63 ip4:31.210.25.132 ip4:89.16.161.57 ip4:85.232.51.207 include:spf.protection.outlook.com include:_spf.live.hornbill.com mx ptr ~all

 

SPF OK: sender policy allows origin domain to send, matched '~all' for a SoftFail

 

SPF WARNING: the SPF rule found matches any originating domain, which is not recommended as mail you send could be unreliable and end up in junk folders!

Is this what you would expect to see?

Link to comment
Share on other sites

@gingib apologies, I was convinced I replied to your last comment which obviously I didn't, really sorry :(

So, I don't see anything unusual except the SPF record configuration set to _spf:.live.hornbill.com instead of _spf.hornbill.com - which shoudl be the correct record.

Second, sender policy allows origin domain to send, matched '~all' for a SoftFail means if the domain is not listed it will trigger a "soft fail" which means the email is delivered but marked as such. In other words, all mail servers not listed in the SPF record are not authorized to send mail using the sender’s domain, but the owner of the domain is unwilling to make a strong assertion to that effect.

Link to comment
Share on other sites

Hi Victor,

(I work with Ginny)
I've had infrastructure look at the issues and this is the error they found on the spoofed emails from Hornbill:
PermError SPF Permanent Error: Too many DNS lookup (thisis a link to a post on stackoverflow explaining it)

Infrastructure have asked
"Is there an alternative, possibly an IP address we can add into our SPF record instead of the include?"

Otherwise might you or someone from Hornbill know how we can resolve this?

Thanks

Samuel

Link to comment
Share on other sites

@samwoo @gingib

Upon investigation, it seems that our own recent move to office365 has meant we added another include which pushed passed the 10 limit and had not realised that.  We will make changes to our DNS in the next few hours so should propagate through the DNS caches and the problem will be resolved tomorrow.  

Gerry

Link to comment
Share on other sites

15 hours ago, Gerry said:

@samwoo @gingib

Upon investigation, it seems that our own recent move to office365 has meant we added another include which pushed passed the 10 limit and had not realised that.  We will make changes to our DNS in the next few hours so should propagate through the DNS caches and the problem will be resolved tomorrow.  

Gerry

Hi Gerry,

Thanks for further investigating this. Infrastructure has checked the emails and all is now going through ok.

Cheers for the help,

Samuel

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...