email issues POP3 and SPF

SBS2003 R2, Static IP, Mail Send via Smarthost (BT) and Retrieve via POP3
We have issues with POP3 mail not being routed due to undisclosed recipients
and BCC addresses etc and increasing problems with mail being returned due
to SPF records being incorrect.
We have been advised that these can all be sloved by ditching our smarthost
and POP3 and switching to SMTP for sending and receiving mail.
I am totally dumb when it comes to Exchange issues, so I would greatly
appreciate any comments on this.
Thanks

"Chris" <> wrote in message
news:FEFF7338-3EA9-40F3-992E-...
> SBS2003 R2, Static IP, Mail Send via Smarthost (BT) and Retrieve via POP3
> We have issues with POP3 mail not being routed due to undisclosed
> recipients
> and BCC addresses etc and increasing problems with mail being returned
> due
> to SPF records being incorrect.
> We have been advised that these can all be sloved by ditching our
> smarthost
> and POP3 and switching to SMTP for sending and receiving mail.
> I am totally dumb when it comes to Exchange issues, so I would greatly
> appreciate any comments on this.
> Thanks
>


I'm not fond of the POP3 connector. Depending on what type of ISP line you
have (some ISPs will not allow you to send email on their line, such as
Comcast residential non-business, or DSL lines, etc), you can send/retrieve
mail from your SBS, which along with indicating that mail is sent from your
WAN address in your SPF record (if your DNS hosting provider allows you to
make SPF records), should alleviate the problem.

More info on SPF. This will show you how to create the record, but it all
depends on your DNS hosting company if they allow or provision the ability
to create an SPF record. An SPF record is simply a text record that shows
what IP address and/or FQDN (such as mail.yourdomain.com), that is
authorized to send mail for your public domain name. If not sure, the best
bet is to call your DNS provider.

SPF: IntroductionMay 11, 2008 ... The Sender Policy Framework (SPF) is an
open standard specifying a technical method to prevent sender address
forgery. ...
www.openspf.org/Introduction

One example of an easy SPF record is, which simply states that any email
from our domain can only come from 123.123.123.123, and nothing else. It
really only works if the receiving mail system checks for SPF records, which
most of them do these days.

v=spf1 ip4:123.123.123.123/32 -all

You can make it a little more elaborate as well, such as including your MX
record in the SPF, but honestly the one above will suffice:
v=spf1 ip4:123.123.123.123/32 mx a:mail.yourdomain.com
mx:bandwidthpros.com -all


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

Thanks for the responses guys, i have been away for the weekend, so, sorry
for the slow reply. I will no doubt come back with some more dumb questions.
Regards
Chris
"Ace Fekay [MCT]" wrote:

> "Chris" <> wrote in message
> news:FEFF7338-3EA9-40F3-992E-...
> > SBS2003 R2, Static IP, Mail Send via Smarthost (BT) and Retrieve via POP3
> > We have issues with POP3 mail not being routed due to undisclosed
> > recipients
> > and BCC addresses etc and increasing problems with mail being returned
> > due
> > to SPF records being incorrect.
> > We have been advised that these can all be sloved by ditching our
> > smarthost
> > and POP3 and switching to SMTP for sending and receiving mail.
> > I am totally dumb when it comes to Exchange issues, so I would greatly
> > appreciate any comments on this.
> > Thanks
> >
>
>
> I'm not fond of the POP3 connector. Depending on what type of ISP line you
> have (some ISPs will not allow you to send email on their line, such as
> Comcast residential non-business, or DSL lines, etc), you can send/retrieve
> mail from your SBS, which along with indicating that mail is sent from your
> WAN address in your SPF record (if your DNS hosting provider allows you to
> make SPF records), should alleviate the problem.
>
> More info on SPF. This will show you how to create the record, but it all
> depends on your DNS hosting company if they allow or provision the ability
> to create an SPF record. An SPF record is simply a text record that shows
> what IP address and/or FQDN (such as mail.yourdomain.com), that is
> authorized to send mail for your public domain name. If not sure, the best
> bet is to call your DNS provider.
>
> SPF: IntroductionMay 11, 2008 ... The Sender Policy Framework (SPF) is an
> open standard specifying a technical method to prevent sender address
> forgery. ...
> www.openspf.org/Introduction
>
> One example of an easy SPF record is, which simply states that any email
> from our domain can only come from 123.123.123.123, and nothing else. It
> really only works if the receiving mail system checks for SPF records, which
> most of them do these days.
>
> v=spf1 ip4:123.123.123.123/32 -all
>
> You can make it a little more elaborate as well, such as including your MX
> record in the SPF, but honestly the one above will suffice:
> v=spf1 ip4:123.123.123.123/32 mx a:mail.yourdomain.com
> mx:bandwidthpros.com -all
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit among
> responding engineers, and to help others benefit from your resolution.
>
> Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>
>

"Chris" <> wrote in message
news:8685BC63-96D9-48E9-998F-...
>
> Thanks for the responses guys, i have been away for the weekend, so, sorry
> for the slow reply. I will no doubt come back with some more dumb
> questions.
> Regards
> Chris

No questions are dumb unless you don't ask. :-)

Ace

Hi, thanks again for your help. Can you tell me where to find the existing
SPF record please.
Regards

"Ace Fekay [MCT]" wrote:

> "Chris" <> wrote in message
> news:8685BC63-96D9-48E9-998F-...
> >
> > Thanks for the responses guys, i have been away for the weekend, so, sorry
> > for the slow reply. I will no doubt come back with some more dumb
> > questions.
> > Regards
> > Chris
>
> No questions are dumb unless you don't ask. :-)
>
> Ace
>
>
>

"Chris" <> wrote in message
news:9EF98B46-C018-4653-A7E9-...

It's a record that you would create under your public domain name. It is a
TXT (text) record. A simple example was what I previously posted:

v=spf1 ip4:123.123.123.123/32 -all

This example simply contains the IP address authorized to send email for
this domain. The -all means 'no others.' Substitute your WAN IP for
123.123.123.123.

Now depending on your ISP or whomever is hosting your public domain may or
may not allow creating an SPF. You will have to logon to your provider's
control panel to find out. If not sure how, I would suggest to contact them.

To find out if you have an existing record, or simply how to check for an
SPF record (if you don't have one), you can use nslookup. Keep in mind, that
if your public domain name is the same as your internal domain name, you
have to use an external DNS to check it. The following is an example. The
'server' command tells it to switch servers to an outside server of your
choosing. The 'set q=txt' tells it to query for a TXT record, which is what
SPF uses.

Start, Run, cmd
nslookup
(nslookup initializes and indicates your DNS server name and IP)
set q=txt
domain.com
(results will show)

If your internal name is the same as the external, change server to an
external one. 4.2.2.3 works nicely or you can use your ISP's DNS server.

nslookup
> server 4.2.2.3
set q=txt
domain.com


I hope that helps.

You can also let us know what your domain name is, and we can check it out
for you, as well as check to see if a PTR (reverse IP) is set, meaning if
typing in your IP address returns the name of your mail record, as well as
we can check current MX records, etc.

Ace


> Hi, thanks again for your help. Can you tell me where to find the
> existing
> SPF record please.
> Regards
>
> "Ace Fekay [MCT]" wrote:
>
>> "Chris" <> wrote in message
>> news:8685BC63-96D9-48E9-998F-...
>> >
>> > Thanks for the responses guys, i have been away for the weekend, so,
>> > sorry
>> > for the slow reply. I will no doubt come back with some more dumb
>> > questions.
>> > Regards
>> > Chris
>>
>> No questions are dumb unless you don't ask. :-)
>>
>> Ace
>>
>>
>>

Just wanted to say thanks for your help so far on this. I have not done
anything yet on changing the SPF record as I am currently trying to figure
out problems changing form POP3 to SMTP for incoming mail. Once i have got
the incoming working again, I will tackle the SPF issues on the outgoing mail.
Many thanks Chris

"Ace Fekay [MCT]" wrote:

> "Chris" <> wrote in message
> news:9EF98B46-C018-4653-A7E9-...
>
> It's a record that you would create under your public domain name. It is a
> TXT (text) record. A simple example was what I previously posted:
>
> v=spf1 ip4:123.123.123.123/32 -all
>
> This example simply contains the IP address authorized to send email for
> this domain. The -all means 'no others.' Substitute your WAN IP for
> 123.123.123.123.
>
> Now depending on your ISP or whomever is hosting your public domain may or
> may not allow creating an SPF. You will have to logon to your provider's
> control panel to find out. If not sure how, I would suggest to contact them.
>
> To find out if you have an existing record, or simply how to check for an
> SPF record (if you don't have one), you can use nslookup. Keep in mind, that
> if your public domain name is the same as your internal domain name, you
> have to use an external DNS to check it. The following is an example. The
> 'server' command tells it to switch servers to an outside server of your
> choosing. The 'set q=txt' tells it to query for a TXT record, which is what
> SPF uses.
>
> Start, Run, cmd
> nslookup
> (nslookup initializes and indicates your DNS server name and IP)
> set q=txt
> domain.com
> (results will show)
>
> If your internal name is the same as the external, change server to an
> external one. 4.2.2.3 works nicely or you can use your ISP's DNS server.
>
> nslookup
> > server 4.2.2.3
> set q=txt
> domain.com
>
>
> I hope that helps.
>
> You can also let us know what your domain name is, and we can check it out
> for you, as well as check to see if a PTR (reverse IP) is set, meaning if
> typing in your IP address returns the name of your mail record, as well as
> we can check current MX records, etc.
>
> Ace
>
>
> > Hi, thanks again for your help. Can you tell me where to find the
> > existing
> > SPF record please.
> > Regards
> >
> > "Ace Fekay [MCT]" wrote:
> >
> >> "Chris" <> wrote in message
> >> news:8685BC63-96D9-48E9-998F-...
> >> >
> >> > Thanks for the responses guys, i have been away for the weekend, so,
> >> > sorry
> >> > for the slow reply. I will no doubt come back with some more dumb
> >> > questions.
> >> > Regards
> >> > Chris
> >>
> >> No questions are dumb unless you don't ask. :-)
> >>
> >> Ace
> >>
> >>
> >>
>
>
>

"Chris" <> wrote in message
news:4871C3B2-E522-49DB-9A77-...

You are welcome.

Keep in mind, to change from using the POP3 Connector to SMTP, meaning that
you want your server to receive and send mail to the internet, and no longer
use the mail hosting company, involves changing the MX record to point to
your WAN IP address, then after allowing 2 days to let the change propagate,
remove the POP3 connector.

Let us know how you make out.

Ace

> Just wanted to say thanks for your help so far on this. I have not done
> anything yet on changing the SPF record as I am currently trying to figure
> out problems changing form POP3 to SMTP for incoming mail. Once i have got
> the incoming working again, I will tackle the SPF issues on the outgoing
> mail.
> Many thanks Chris
>
> "Ace Fekay [MCT]" wrote:
>
>> "Chris" <> wrote in message
>> news:9EF98B46-C018-4653-A7E9-...
>>
>> It's a record that you would create under your public domain name. It is
>> a
>> TXT (text) record. A simple example was what I previously posted:
>>
>> v=spf1 ip4:123.123.123.123/32 -all
>>
>> This example simply contains the IP address authorized to send email for
>> this domain. The -all means 'no others.' Substitute your WAN IP for
>> 123.123.123.123.
>>
>> Now depending on your ISP or whomever is hosting your public domain may
>> or
>> may not allow creating an SPF. You will have to logon to your provider's
>> control panel to find out. If not sure how, I would suggest to contact
>> them.
>>
>> To find out if you have an existing record, or simply how to check for an
>> SPF record (if you don't have one), you can use nslookup. Keep in mind,
>> that
>> if your public domain name is the same as your internal domain name, you
>> have to use an external DNS to check it. The following is an example. The
>> 'server' command tells it to switch servers to an outside server of your
>> choosing. The 'set q=txt' tells it to query for a TXT record, which is
>> what
>> SPF uses.
>>
>> Start, Run, cmd
>> nslookup
>> (nslookup initializes and indicates your DNS server name and IP)
>> set q=txt
>> domain.com
>> (results will show)
>>
>> If your internal name is the same as the external, change server to an
>> external one. 4.2.2.3 works nicely or you can use your ISP's DNS server.
>>
>> nslookup
>> > server 4.2.2.3
>> set q=txt
>> domain.com
>>
>>
>> I hope that helps.
>>
>> You can also let us know what your domain name is, and we can check it
>> out
>> for you, as well as check to see if a PTR (reverse IP) is set, meaning if
>> typing in your IP address returns the name of your mail record, as well
>> as
>> we can check current MX records, etc.
>>
>> Ace
>>
>>
>> > Hi, thanks again for your help. Can you tell me where to find the
>> > existing
>> > SPF record please.
>> > Regards
>> >
>> > "Ace Fekay [MCT]" wrote:
>> >
>> >> "Chris" <> wrote in message
>> >> news:8685BC63-96D9-48E9-998F-...
>> >> >
>> >> > Thanks for the responses guys, i have been away for the weekend, so,
>> >> > sorry
>> >> > for the slow reply. I will no doubt come back with some more dumb
>> >> > questions.
>> >> > Regards
>> >> > Chris
>> >>
>> >> No questions are dumb unless you don't ask. :-)
>> >>
>> >> Ace
>> >>
>> >>
>> >>
>>
>>
>>

Hi guys, sorry for the slow response, I have been off sick for 2 months,
(serious back problems after an accident) just got back today.
The SPF issue is still ongoing, I have spoken to our domain hosts and they
have added the SPF corresponding to our fixed IP at their server, but somehow
during the transport process another IP address is being added to the mail
still causing it to be returned.
Im going to contact our Internet provider to see why this is happening, and
i will let you know how i make out.
Is there anything else I should be looking at?
Regards
Chris

"Ace Fekay [MCT]" wrote:

> "Chris" <> wrote in message
> news:4871C3B2-E522-49DB-9A77-...
>
> You are welcome.
>
> Keep in mind, to change from using the POP3 Connector to SMTP, meaning that
> you want your server to receive and send mail to the internet, and no longer
> use the mail hosting company, involves changing the MX record to point to
> your WAN IP address, then after allowing 2 days to let the change propagate,
> remove the POP3 connector.
>
> Let us know how you make out.
>
> Ace
>
> > Just wanted to say thanks for your help so far on this. I have not done
> > anything yet on changing the SPF record as I am currently trying to figure
> > out problems changing form POP3 to SMTP for incoming mail. Once i have got
> > the incoming working again, I will tackle the SPF issues on the outgoing
> > mail.
> > Many thanks Chris
> >
> > "Ace Fekay [MCT]" wrote:
> >
> >> "Chris" <> wrote in message
> >> news:9EF98B46-C018-4653-A7E9-...
> >>
> >> It's a record that you would create under your public domain name. It is
> >> a
> >> TXT (text) record. A simple example was what I previously posted:
> >>
> >> v=spf1 ip4:123.123.123.123/32 -all
> >>
> >> This example simply contains the IP address authorized to send email for
> >> this domain. The -all means 'no others.' Substitute your WAN IP for
> >> 123.123.123.123.
> >>
> >> Now depending on your ISP or whomever is hosting your public domain may
> >> or
> >> may not allow creating an SPF. You will have to logon to your provider's
> >> control panel to find out. If not sure how, I would suggest to contact
> >> them.
> >>
> >> To find out if you have an existing record, or simply how to check for an
> >> SPF record (if you don't have one), you can use nslookup. Keep in mind,
> >> that
> >> if your public domain name is the same as your internal domain name, you
> >> have to use an external DNS to check it. The following is an example. The
> >> 'server' command tells it to switch servers to an outside server of your
> >> choosing. The 'set q=txt' tells it to query for a TXT record, which is
> >> what
> >> SPF uses.
> >>
> >> Start, Run, cmd
> >> nslookup
> >> (nslookup initializes and indicates your DNS server name and IP)
> >> set q=txt
> >> domain.com
> >> (results will show)
> >>
> >> If your internal name is the same as the external, change server to an
> >> external one. 4.2.2.3 works nicely or you can use your ISP's DNS server.
> >>
> >> nslookup
> >> > server 4.2.2.3
> >> set q=txt
> >> domain.com
> >>
> >>
> >> I hope that helps.
> >>
> >> You can also let us know what your domain name is, and we can check it
> >> out
> >> for you, as well as check to see if a PTR (reverse IP) is set, meaning if
> >> typing in your IP address returns the name of your mail record, as well
> >> as
> >> we can check current MX records, etc.
> >>
> >> Ace
> >>
> >>
> >> > Hi, thanks again for your help. Can you tell me where to find the
> >> > existing
> >> > SPF record please.
> >> > Regards
> >> >
> >> > "Ace Fekay [MCT]" wrote:
> >> >
> >> >> "Chris" <> wrote in message
> >> >> news:8685BC63-96D9-48E9-998F-...
> >> >> >
> >> >> > Thanks for the responses guys, i have been away for the weekend, so,
> >> >> > sorry
> >> >> > for the slow reply. I will no doubt come back with some more dumb
> >> >> > questions.
> >> >> > Regards
> >> >> > Chris
> >> >>
> >> >> No questions are dumb unless you don't ask. :-)
> >> >>
> >> >> Ace
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>

"Chris" <> wrote in message
news:F87A895E-57F4-4F92-9155-...
> Hi guys, sorry for the slow response, I have been off sick for 2 months,
> (serious back problems after an accident) just got back today.
> The SPF issue is still ongoing, I have spoken to our domain hosts and they
> have added the SPF corresponding to our fixed IP at their server, but
> somehow
> during the transport process another IP address is being added to the mail
> still causing it to be returned.
> Im going to contact our Internet provider to see why this is happening,
> and
> i will let you know how i make out.
> Is there anything else I should be looking at?
> Regards
> Chris
>

Sorry to hear. I hope your back and you are doing better.

Perhaps if you can post the actual domain name, we can take a look and make
a determination.

Ace