
	Home > Ask the Microsoft Exchange Experts > Richard Luckett: Spam and Security Questions & Answers > Exchange email sent to a domain using SPF authentication is returned

Ask The Exchange Expert: Questions & Answers

EMAIL THIS

Exchange email sent to a domain using SPF authentication is returned

EXPERT RESPONSE FROM: Richard Luckett

		Pose a Question

		Other Exchange Categories

		Meet all Exchange Experts
		Become an Expert for this site

Exchange Server tips, tutorials and expert advice

Digg This! StumbleUpon Del.icio.us

QUESTION POSED ON: 12 September 2008
Our incoming and outgoing email goes through an offsite spam/virus/content filter. We are using network address translation (NAT) to map our internal network (Exchange 2000 Server) to an external public IP address. All SMTP traffic should flow between the external IP of the Exchange server and the offsite IP address. Our MX record points to the offsite address. The Sender Policy Framework (SPF) is configured with the offsite IP. Email traveling this route goes to all domains including those using SPF authentication.

Everything I've mentioned above is working fine. We are running a sniffer on our network gateway, which displays SMTP traffic between the Exchange server and the offsite server. However, it appears that some SMTP traffic is sent directly from the external network gateway IP to the destination domain IP.

Email that is sent directly to a domain using SPF authentication is being returned, since the SPF addresses do not match. If the destination domain is not using SPF, then the email is able to get through. Internal clients using Microsoft Outlook are not the problem.

If multiple email messages are sent, one will go through the gateway and the other will go through Exchange Server. Email sent to AOL.com, Yahoo.com, etc., tend to go out through the gateway instead of the Exchange server. Why is this happening?

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Antispam Software and Spam Filtering
	Problems with email spoofing on SBS 2003
	Exchange Insider e-zine
	Securing your Exchange Server 2007 journaling archives
	Microsoft Exchange Server security dos and don'ts
	Troubleshooting Microsoft Exchange Server Event ID error 6009
	How can I configure Exchange IMF to allow an IP address or DNS?
	Tool helps identify inbound Exchange Server email flow issues
	Configure SMTP relay restrictions in Exchange Server 2003 to stop spam
	Secure Edge Transport servers using the Security Configuration Wizard
	Create a global Safe Senders List in Exchange 2007 to filter spam
	Antispam Software and Spam Filtering Research

SMTP

Changing email address formats in Exchange Server 2003

Exchange users receiving email addressed to legacy users

Configure BES to direct email from a new domain email address

Troubleshooting Microsoft Exchange Server Event ID error 6009

How to lock down an SMTP relay to prevent spam in Exchange Server 2003

Tool helps identify inbound Exchange Server email flow issues

Configure SMTP relay restrictions in Exchange Server 2003 to stop spam

Why can't POP3 clients receive Exchange Server email?

Exchange event sink scripting error when configuring email disclaimer

Configure SMTP connection limits in Exchange Server 2003 and SBS

Richard Luckett: Spam and Security

How effective is tracking the IP address of an email hacker?

Why can't I grant users permissions to an Exchange public folder?

How can I configure Exchange IMF to allow an IP address or DNS?

How to lock down an SMTP relay to prevent spam in Exchange Server 2003

Why does a security alert pop up when accessing Outlook Web Access?

Configure SMTP relay restrictions in Exchange Server 2003 to stop spam

Tool helps identify inbound Exchange Server email flow issues

Connecting an Apple iPhone to Exchange Server on Windows SBS 2003

Selectively set email permissions for Exchange groups

What event log tracks user access to Exchange Server?

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

greylist (SearchExchange.com)

hash buster (SearchExchange.com)

image spam (SearchExchange.com)

KnujOn (SearchExchange.com)

Sender ID (SearchExchange.com)

spam confidence level (SearchExchange.com)

spamblock (SearchExchange.com)

spim (SearchExchange.com)

tarpitting (SearchExchange.com)

teergrube (SearchExchange.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Thank you for the very clear summary of the problem you are experiencing. It sounds like you may have another Exchange server that is attempting to use DNS to route messages. All Exchange servers should use the smart host specified on your SMTP connector, which should be configured to point to the external mail security service. Note: Until you create an SMTP connector, this is the default behavior in Exchange 2000 Server and Exchange Server 2003.

You can create a firewall rule to prevent all servers -- with the exception of the SMTP host -- from sending outbound mail through port 25. You should then begin to see mail queue up on the offending Exchange server.

If you don't want to go to that extreme, you can use Winroute.exe on your Exchange server to extract the link state information to verify external mail routes. Based on the configuration you described, all outbound mail should be going to a smart host at the service provider site. Also, you should enable message tracking on your Exchange servers so that you can track the messages to see where they are being routed.

Do you have comments on this Ask the Expert Q&A? Let us know.

Ask an Exchange Server question in our forum.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Outlook Web Access (OWA) Tips and Advice

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2004 - 2009, TechTarget \| Read our Privacy Policy