Hi, I have SBS 2011 and I configured SPF on external (ISP) DNS on domain (domain.com) and subdomain (remote,mail and mxback) I did it because when I create just for domain.com when I perform SPF test I am able to send from a different IP. Now after I added this and perform test as a result I am only able to send from IP1and IP2, which is good. But the bad thing is that I am still receiving emails sent as a local user! Even though tests were successful ! Please Help, what to do ? Do I need to configure something on SBS ?? Below I am sending also test results and spam email.
Tested via http://www.kitterman.com/spf/validate.html? andhttp://vamsoft.com/support/tools/spf-policy-tester
"v=spf1 ip4:IP1 ip4:IP2 a:remote.domain.com a:mail.domain.com a:mxback.domain.com -all"
SPF Fail
195.18.197.168 is not allowed to send in the name of the domain.
Evaluation Log- SPF check start.
- Domain: domain.com
- Getting SPF (TXT) record.
- Found SPF record.
- SPF policy record data:
- v=spf1 ip4:IP1 ip4:IP2 a:remote.domain.com a:mail.domain.com a:mxback.domain.com -all
- Evaluating SPF policy:
- v=spf1 ip4:IP1 ip4:IP2 a:remote.domain.com a:mail.domain.com a:mxback.domain.com -all
- Policy parsed OK, no warnings.
- Evaluating SPF policy string.
-
Evaluating SPF mechanism "ip4".
- Prefix: Pass.
- Argument network-spec: IP1
-
Evaluating SPF mechanism "ip4".
- Prefix: Pass.
- Argument network-spec: IP2
-
Evaluating SPF mechanism "a".
- Prefix: Pass.
- Argument domain-spec: remote.domain.com
-
Domain argument after macro expansion:
- remote.domain.com
- Looking up for the "A" DNS record of the argument domain.
-
Found record, data:
- IP2
-
Evaluating SPF mechanism "a".
- Prefix: Pass.
- Argument domain-spec: mail.domain.com
-
Domain argument after macro expansion:
- mail.domain.com
- Looking up for the "A" DNS record of the argument domain.
-
Found record, data:
- IP3
-
Evaluating SPF mechanism "a".
- Prefix: Pass.
- Argument domain-spec: mxback.domain.com
-
Domain argument after macro expansion:
- mxback.domain.com
- Looking up for the "A" DNS record of the argument domain.
-
Found record, data:
- IP2
-
Evaluating SPF mechanism "all".
- Prefix: Fail.
- SPF mechanism "all" matched with prefix Fail.
-
Evaluating SPF mechanism "ip4".
- Finished evaluating SPF policy.
- SPF policy evaluation finished with SPF Fail.
----- SPAM EMAIL ----
Received: from [180.250.192.42] (180.250.192.42) by remote.domain.com
(192.168.1.6) with Microsoft SMTP Server id 14.1.355.2; Wed, 17 Jul 2013
05:35:04 +0200
Received: from [195.18.197.168] (helo=ukypokgyiudi.tzbyglhyvubfwnm.su) by
with esmtpa (Exim 4.69) (envelope-from ) id 1MMSV6-5505hn-11 for
info@domain.com; Wed, 17 Jul 2013 10:39:51 +0700
Date: Wed, 17 Jul 2013 10:39:51 +0700
From: <info@domain.com>
X-Mailer: The Bat! (v2.00.18) Educational
X-Priority: 3 (Normal)
Message-ID: <5584967417.08ZLA9O3235122@cywqasxlarce.gkuglmfbio.com>
To: <info@domain.com>
Subject: [Spam]Job-Vorschlag
X-ZyXEL-AS-Log: USG 100-zywall-usg-100-1
X-ZyXEL-AS-DLog: eClass[4]-eVirusThreatLevel[0]-RefId[str=0001.0A090206.51E61209.0033,ss=3,pt=R_343985,fgs=0]
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Return-Path: extolls130@google.com
X-MS-Exchange-Organization-AuthSource: SErver1.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-PRD: domain.com
X-MS-Exchange-Organization-SenderIdResult: None
Received-SPF: None (SErver1.domain.local: info@domain.com does not designate
permitted sender hosts)
X-MS-Exchange-Organization-SCL: 0
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.11015.457;SID:SenderIDStatus None;OrigIP:180.250.192.42
X-Auto-Response-Suppress: DR, OOF, AutoReply