Home > Ask the Microsoft Exchange Experts > Richard Luckett: Spam and Security Questions & Answers > Exchange email sent to a domain using SPF authentication is returned
Ask The Exchange Expert: Questions & Answers
EMAIL THIS

Exchange email sent to a domain using SPF authentication is returned

Richard Luckett EXPERT RESPONSE FROM: Richard Luckett

Pose a Question
Other Exchange Categories
Meet all Exchange Experts
Become an Expert for this site


Exchange Server tips, tutorials and expert advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 12 September 2008
Our incoming and outgoing email goes through an offsite spam/virus/content filter. We are using network address translation (NAT) to map our internal network (Exchange 2000 Server) to an external public IP address. All SMTP traffic should flow between the external IP of the Exchange server and the offsite IP address. Our MX record points to the offsite address. The Sender Policy Framework (SPF) is configured with the offsite IP. Email traveling this route goes to all domains including those using SPF authentication.

Everything I've mentioned above is working fine. We are running a sniffer on our network gateway, which displays SMTP traffic between the Exchange server and the offsite server. However, it appears that some SMTP traffic is sent directly from the external network gateway IP to the destination domain IP.

Email that is sent directly to a domain using SPF authentication is being returned, since the SPF addresses do not match. If the destination domain is not using SPF, then the email is able to get through. Internal clients using Microsoft Outlook are not the problem.

If multiple email messages are sent, one will go through the gateway and the other will go through Exchange Server. Email sent to AOL.com, Yahoo.com, etc., tend to go out through the gateway instead of the Exchange server. Why is this happening?

>

Thank you for the very clear summary of the problem you are experiencing. It sounds like you may have another Exchange server that is attempting to use DNS to route messages. All Exchange servers should use the smart host specified on your SMTP connector, which should be configured to point to the external mail security service. Note: Until you create an SMTP connector, this is the default behavior in Exchange 2000 Server and Exchange Server 2003.

You can create a firewall rule to prevent all servers -- with the exception of the SMTP host -- from sending outbound mail through port 25. You should then begin to see mail queue up on the offending Exchange server.

If you don't want to go to that extreme, you can use Winroute.exe on your Exchange server to extract the link state information to verify external mail routes. Based on the configuration you described, all outbound mail should be going to a smart host at the service provider site. Also, you should enable message tracking on your Exchange servers so that you can track the messages to see where they are being routed.

Do you have comments on this Ask the Expert Q&A? Let us know.

Ask an Exchange Server question in our forum.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
Spam and virus protection
Controlling spam in Exchange 2007 at the edge transport server level
How file-level antivirus software can harm your Exchange Server
Problems with email spoofing on SBS 2003
Exchange Insider e-zine
Securing your Exchange Server 2007 journaling archives
Troubleshooting Outlook Web Access issues on a 64-bit system
Microsoft Exchange Server security dos and don'ts
Troubleshooting Microsoft Exchange Server Event ID error 6009
How effective is tracking the IP address of an email hacker?
How can I configure Exchange IMF to allow an IP address or DNS?
Spam and virus protection Research

Richard Luckett: Spam and Security
How effective is tracking the IP address of an email hacker?
Why can't I grant users permissions to an Exchange public folder?
How can I configure Exchange IMF to allow an IP address or DNS?
How to lock down an SMTP relay to prevent spam in Exchange Server 2003
Why does a security alert pop up when accessing Outlook Web Access?
Configure SMTP relay restrictions in Exchange Server 2003 to stop spam
Tool helps identify inbound Exchange Server email flow issues
Connecting an Apple iPhone to Exchange Server on Windows SBS 2003
Selectively set email permissions for Exchange groups
What event log tracks user access to Exchange Server?

Email Protocols
Exchange Mailbag: POP3 settings and Outlook issues
Preventing duplicate SMTP addresses on Exchange
Email issues after configuring hosted Exchange server on laptop
Looking for a hosted Exchange provider that allows email auditing
Problems receiving email from outside a Exchange Server 2003 domain
Exchange Server 2003 collects email from only specific POP3 domains
Changing email address formats in Exchange Server 2003
Stop personal calendar appointments from showing on Exchange Server
Exchange users receiving email addressed to legacy users
Email mistakenly marked as 'read' when received on BlackBerry devices

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
greylist  (SearchExchange.com)
hash buster  (SearchExchange.com)
image spam  (SearchExchange.com)
KnujOn  (SearchExchange.com)
Sender ID  (SearchExchange.com)
spam confidence level  (SearchExchange.com)
spamblock  (SearchExchange.com)
spim  (SearchExchange.com)
tarpitting  (SearchExchange.com)
teergrube  (SearchExchange.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Outlook Web Access (OWA) Tips and Advice
HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersIT Downloads
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2004 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts