SOLVED Incoming Emails bouncing (SPF) AND accepted

inspyre

Member
Jul 20, 2011
17
0
51
An account on our server has had an issue over the last couple of days, where multiple incoming emails are both bouncing and being delivered. The problem isn't affecting all incoming emails, just a few each day, and I can't find any link between the senders. Different domains, different providers (some with Office 365, some with other providers).

Even though the emails are only being sent once, there are two entries in the 'Email Trace' log. Here are the delivery details for one of these emails:
Code:
Event:    failure
User:    xxx
Domain:    xxx.co.nz
Sender:    [email protected]
Sent Time:    Feb 9, 2017 9:33:09 AM
Sender Host:    mail-xxxx.outbound.protection.outlook.com
Sender IP:    xxx.xx.xxx.x
Authentication:    forwarder
Spam Score:    0
Recipient:    [email protected]
Delivery User:    xxx
Delivery Domain:    xxx.co.nz
Delivered To:  
Router:    lookuphost
Transport:    remote_smtp
Out Time:    Feb 9, 2017 9:37:09 AM
ID:    1xxxxx-000xxx-ON
Delivery Host:    mx.xtra.co.nz
Delivery IP:    xxx.xx.xx.x
Size:    577.23 KB
Result:    DHE-RSA-AES256-GCM-SHA384:256 CV=yes DN="/C=NZ/ST=Auckland/L=Auckland/O=Spark New Zealand Limited/OU=Spark Connect/CN=mx.xtra.co.nz": SMTP error from remote mail server after end of data: 550 5.7.1 Message rejected due to SPF policy


Event:    success
User:    xxx
Domain:    xxx.co.nz
Sender:    [email protected]
Sent Time:    Feb 9, 2017 9:33:09 AM
Sender Host:    mail-xxxx.outbound.protection.outlook.com
Sender IP:    xxx.xx.xxx.x
Authentication:    forwarder
Spam Score:    0
Recipient:    [email protected]
Delivery User:    xxx
Delivery Domain:    xxx.co.nz
Delivered To:    [email protected]
Router:    virtual_user
Transport:    dovecot_virtual_delivery
Out Time:    Feb 9, 2017 9:33:09 AM
ID:    1xxxxx-000xxx-ON
Delivery Host:    localhost
Delivery IP:    127.0.0.1
Size:    577.23 KB
Result:    Accepted
There's nothing wrong with the SPF records for any of the incoming emails' domains. Has anyone seen this problem before?

Thanks :)
 
Last edited by a moderator:

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
Hi,


Connect/CN=mx.xtra.co.nz": SMTP error from remote mail server after end of data: 550 5.7.1 Message rejected due to SPF policy
--> I am seeing the above line in the logs meaning they are rejected due to SPF policy..

You can test your mail score by testing it . Send in a mail to email ID mention and get the full report Newsletters spam test by mail-tester.com
 

inspyre

Member
Jul 20, 2011
17
0
51
thanks for your response. as mentioned in my above message, the SPF records appear to be fine, and the issue is happening with multiple senders. also, mail is both being delivered and bounced, oddly
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,225
463
Hello,

Could you provide the output from /var/log/exim_mainlog for one of the affected messages? EX:

Code:
exigrep MSGID /var/log/exim_mainlog
Also, could you let us know of any custom Exim SmartHost configuration enabled on this system? You can review /etc/exim.conf.local to see what's enabled. EX:

Code:
cat /etc/exim.conf.local
Also, is the Enable Sender Rewriting Scheme (SRS) Support option enabled in WHM Home >> Service Configuration >> Exim Configuration Manager?

Thank you.
 

inspyre

Member
Jul 20, 2011
17
0
51
Thanks Michael, sorry for the delay in responding.

Having looked through the exim main log myself now, I can see the issue.
The customer had set up a forwarder on their email account, and it was being delivered locally fine, but the forwards failed dependent on the SPF records of the original sender.

Thanks for your time and help!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,225
463
Hello,

I'm happy to see you were able to determine the cause of the issue. Thank you for updating us with the outcome.