In my new exchange 2007 organization, Im getting a lot of legitimate messages blocked at my edge Server with the following error in message tracking:
550 5.7.1 550 Message rejected because SPF check failed
To my best knowledge, this is the SenderID filter causing the issue? However, I have the SenderID filter set to "Stamp" and NOT "Reject" !? In addition, I found that my HUB Transport server is also running SenderID. I found this out by running the get-SenderIdConfig cmdlet from EMS and saw that it was running with separate settings than my Edge.
So, in short, I disabled both my Edge and Hub's SenderID via EMS cmdlet and I am still getting rejected messages due to SPF check failure!? Any ideas? Is there something else running SPF checks that can reject even though I verifed all of my filters were NOT set to "reject"
I think I got this solved...
Couple things for those that will be new to Exchange 2007. The HUB Transport does have the Anti-Spam filters configured and ready to go as a default. Notice I said "ready". If you do not run an Edge server, the Hub Transport can run the Anti-spam rules built into Exchange by using the following cmdlet:
Set-TransportServer -Identity "Hubserver" -AntispamAgentsenabled $true (false)
My issue? Well, in short it was our third party SPAM filter, Ninja by Sunbelt Software. I was tipped off to the fact that my issue was originating on my Hub Transport because in message tracking, the SMTP Fail notive had my Hub listed as the "Server IP". Obviously, Ninja has SPF checking but I could have sworn that the reject message recipients were receiving were from Exchange and not Ninja. afterall, my Hub Transport message tracking had no records of the mails!? Obviuosly since Ninja assassinated it at the gate! That said, it was catching a ton of actual SPAM.
BTW- I am finding Ninja to be an excellent Antispam solution for Exchange 2007. We were using GFI which does not support Exchange 2007 yet. We also looked at purchasing the Baracuda Spam filter but we had several resons for not purchasing their product (more on that if anyone is ever interested). However we are using a Baracuda Internet Filter in conjunction with our PIX 501 firewalls.
I to am currious why you wouldn't use barracuda. We recently upgraded to '07 from a sendmail configuration. We had barracuda before and for the most part are happy with it. It seems to do a reasonable job in an exchange environment. I do get these 550 5.7.1 messages when it tries to send its quarintine report to some users. If anyone know why I would be greatful to find out.
SPF - Sender Policy Framework (www.openspf.org). SPF is used by network admins to specify which servers are allowed to send emails from their domain. This is done by adding a TXT record in DNS. Spam filters use this informaiton to stop illegitimate emails pretending to originate form that domain.
If someone is sending bounce emails, and making them appear to originate form a domain that uses SPF, spam filters will stop these emails uless the network admin of that domain has specifically authorized the SMTP server sending the emails to do so via an SPF record in the DNS.