Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 10322 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Senders with SPF Failures

htguru
Is there any thing wrong with this SMTP Global Exception List (see attached) for allowing a certain sender to bypass SPF checks?

Is any this else required?

What about if SMTP profiles are in use?

Sender has a valid d SPF DNS record according to mxtoolbox but the UTM is giving "Rejected: SPF (SPF check failed)" and I can have a clients traveling employees not receiving the boarding pass they try to email themselves.

Any help appreciated,
HTG


This thread was automatically locked due to age.
  • 0
    If you had read the built-in help/Admin Guide page (*hint, hint*), you would see:

    OR these sender addresses: Select the senders' email addresses that should skip the defined security checks.
    When selecting this option, the Senders box opens. You can either enter a complete valid email address (e.g., jdoe@example.com) or all email addresses of a specific domain using an asterisk as wildcard (e.g., *@example.com).
    , so yes, this is a valid address pattern.  [:)]  Exceptions are Global and apply to profiles as well.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    Scott,

    I did read the manual but I guess I was confused by the fact that "OR  these sender addresses" starts with the word OR and also when I first created the exception it was originally forcing me to add a host so I was afraid that it might not work without a host entry.

    Thankfully though it's straightforward, which can sometimes be a rarity with the UTM. Thanks for clarifying.

    HTG

    Best Regards - HTG
    Frustrated Sophos Partner seeing all the things
    that brought me to Sophos slowly slip away.
    RIP astaro.org

  • 0
    Happy to help.  Glad the issue is fixed for you.

    Doing some further checks, the issue is most likely due to them sending mail through an on-premise MTA to the Exchange online servers and not directly through Exchange Online via the web interface.  If this is the case, their SPF record is incorrect.  See Ensure your SPF Record is Correct - EOP Field Notes - Site Home - TechNet Blogs.  The proof should be in the email headers.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Unfiltered HTML