Re: Setup problem with SenderID and OWA

Hi Rich,

Both the Sending and Receiving Mail servers are Exchange 2003 with SP2.
The browser is IE 6 SP1. The 70.247.95.109 address is one of my static IPs
at my home where I was running using the IE explorer from.

Only one Received from header was in the SMTP DATA Portion. To actually see
the Received from header, I had to put a packet sniffer on the receiving
Exchange server and watch the exact data being sent. The Exchange server was
rejecting the mail with a 550 5.7.1 Sender ID (PRA) Not Permitted as soon as
the DATA conversation portion was ended with the standard .<CR><LF> . Since
it was rejected by the SMTP server,I would never see the note in my Inbox.

If you are looking at the headers in Outlook for a note sent via OWA , you
will need to look at the lowest Received: from the note because it has been
relay from one SMTP server to another and the path as been updated.

(Example from an Inbox after successful transmission...)
Received: from houston.chickenfriedbacon.com ([70.247.95.98]) by
solar.solarwinds.net with Microsoft SMTPSVC(6.0.3790.1830);
Fri, 16 Dec 2005 09:44:54 -0600
Received: from 206.231.4.58 ([206.231.4.58]) by
houston.tul.chickenfriedbacon.com ([1.0.0.8]) with Microsoft Exchange Server
HTTP-DAV ;

After making my post last night, I did more reading about the PRA and added
what I think is the correct workaround to our DNS TXT record. (But if you or
other have more input it would be welcomed) Since the MAIL From part is
correct, but the top level PRA may come from anywhere on the Internet logged
in via OWA, I added a

spf2.0/pra ?all

txt record.

For others possibily reading this later, that means I have two txt records
on the domain. One for SPF and one for PRA

TXT v=spf1 mx a:mail.solarwinds.net -all
TXT spf2.0/pra ?all

So far, this appears to have fixed the 550 5.7.1 Sender ID (PRA) Not
Permitted. and the email is getting through


"Rich Matheisen [MVP]" wrote:

> BK Rogers <BKRogers@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> >So I've come accross a problem with my setup of my SPF record and users send
> >mail with OWA. When a user logs into our Exchange server via OWA and sends a
> >new message, the SMTP message header includes the IP address the OWA client
> >was sending from....
>
> I just checked a message sent from OWA, and I find only the IP address
> of the Exchange server, not the IP address of the machine running the
> browser.
>
> I sent one from another organization, and one from within our own
> organization, and in neither case does the client appear in the
> "Received:" headers.
>
> Both were sent from Exchange 2003 servers, one organization running
> SP1 and the other running SP2.
>
> >Sample SMTP Header from Exchange server....
> >Received: from 70.247.95.109 ([70.247.95.109]) by solar.tul.solarwinds.net
> >([206.231.6.251]) with Microsoft Exchange Server HTTP-DAV ; <CR> <LF> ..
>
> Could this be the browser you're using that's causing this?
>
> IAC, how many "Received:" headers are in the message? The one above
> surely isn't the one inserted by the receiving server. How many
> "Received:" headers is the SMTP server checking?
>
> >This mail is rejected by the receiving mail server with the error message
> >Response: 550 5.7.1 Sender ID (PRA) Not Permitted
> >
> >The txt record for solarwinds.net is
> >v=spf1 mx a:mail.solarwinds.net -all
> >and our mx record resolves to 206.231.6.251, so that part is OK.
> >
> >So what is causing the PRA not permitted?
>
> That's hard to say since you don't say what the sender's e-mail
> address is (e.g. the "From" header). The PRA isn't about simple IP
> address checking (like SPF), but about whether the e-mail address of
> the sender (taken from the RFC2822 headers -- or the MAIL FROM if the
> sender can't be found in the message).
>
> >Is it the 70.247.95.109 address
> >that was the external IP address where the OWA client was logged in from?
>
> It may be, but that would depend on the checking done by the receiving
> server (e.g. how many "Received:" headers they check).
>
> >Can I fix this without setting my SPF records to +all?
>
> Not all implementations of SenderID are error-free. So, trying to fix
> this at your end may not be the best approach. I _am_ curious about
> the 70.247.95.109 address in the "Received:" header, though.
>
> --
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
> Don't send mail to this address mailto:h.pott@xxxxxxxxxxxxx
> Or to these, either: mailto:h.pott@xxxxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxxxx
>
.

Relevant Pages

  • Re: Setup problem with SenderID and OWA
    ... >Both the Sending and Receiving Mail servers are Exchange 2003 with SP2. ... >Only one Received from header was in the SMTP DATA Portion. ... >Exchange server and watch the exact data being sent. ...
    (microsoft.public.exchange.admin)
  • Re: 2 users not receiving mail
    ... Should cached exchange be enabled for clients? ... My customers server is SBS Standard and has ... Hard Drives and memory, that is the only thing that has ever needed ... had a user that was not receiving mail and another user that was ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange 2003 SMTP Timeouts when sending to Security/Distribution Groups
    ... Most of our users have Exchange accounts, ... Essentially, our server ... > communicates with the receiving server, issues the recipient lists, ...
    (microsoft.public.exchange.connectivity)
  • Am I relaying emails??
    ... Exchange server is configured not to relay. ... If you ARE having difficulty sending and receiving mail ... connection to fail. ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange Disaster Recovery Server
    ... The backup server is setup also in the lab so I ... >>> The Microsoft Exchange Server computer is not available. ... >>> Microsoft Exchange Server Information Store ...
    (microsoft.public.exchange2000.admin)