Hi, A couple weeks ago I setup a SPF record which seemed to help with some servers receiving email, but it seemed to cause delays with others, especially if there is an attachment. For example, I have some mail being forwarded to an earthlink account and it is delayed, often for an hour or more, since I put the SPF record in place. My SPF record is __________________________________________________________ SPF records are primarily published in DNS as TXT records. The TXT records found for your domain are: v=spf1 ip4:x.x.x.x/32 a mx a:public.resolvable.com ~all<br> SPF records should also be published in DNS as type SPF records. No type SPF records found. Checking to see if there is a valid SPF record. Found v=spf1 record for crsgroup.com: v=spf1 ip4:x.x.x.x/32 a mx a:public.resolvable.com ~all evaluating... SPF record passed validation test with pySPF (Python SPF library)! __________________________________________________________ I have my public address (x.x.x.x/32) specified and also my public externally resolvable DNS. Am I missing something here? Do I need to add something else as well? Thanks, Alan

Hi Have you used and tried mxtoolbox? http://www.mxtoolbox.com/spf.aspx Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog

On Mon, 30 Aug 2010 13:46:15 +0000, Alan Kamrowski II wrote: >A couple weeks ago I setup a SPF record which seemed to help with some servers receiving email, but it seemed to cause delays with others, especially if there is an attachment. For example, I have some mail being forwarded to an earthlink account and it is delayed, often for an hour or more, since I put the SPF record in place. > >My SPF record is > >__________________________________________________________ > >SPF records are primarily published in DNS as TXT records. The TXT records found for your domain are: v=spf1 ip4:x.x.x.x/32 a mx a:public.resolvable.com ~all SPF records should also be published in DNS as type SPF records. No type SPF records found. Checking to see if there is a valid SPF record. Found v=spf1 record for crsgroup.com: v=spf1 ip4:x.x.x.x/32 a mx a:public.resolvable.com ~all evaluating... > >SPF record passed validation test with pySPF (Python SPF library)! > >__________________________________________________________ > >I have my public address (x.x.x.x/32) specified and also my public externally resolvable DNS. Am I missing something here? Do I need to add something else as well? SPF only validates that the IP address is permitted to send e-mail using the domain name. Whether the message contains an attachment shouldn't alter the speed at which the message is delivered. If you check the SMTP send logs do you see any 4xx status messages returned by the receiving server when you send those messages? As for the SPF data, do you really need all the extras in there? If you have only one IP address that sends e-mail then this should be all you need: v=spf1 ip4:x.x.x.x ~all If you want to publish a SPF record for your server, first make sure you know what address is sent in the HELO\EHLO header. Then add a SPF TXT record for that name and just use this: v=spf1 a -all That says that the IP address in the "A" record for the name is the only IP address that's allowed to use that server's name. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi Rich, Where are the SMTP send logs located? The behavior change from no delay to delay happened exactly when I implemented the SPF. I have a single SBS running Exchange 2007 with one public IP address. I do have a entry for my server "sbsexch.mydomain.com" that resolves forward and backward to my public IP address. Would you recommend the IP4 or A method? Thanks for your help, Alan

On Wed, 1 Sep 2010 18:59:11 +0000, Alan Kamrowski II wrote: >Where are the SMTP send logs located? That depends on what release of Exchange you're running. >The behavior change from no delay to delay happened exactly when I implemented the SPF. > > > >I have a single SBS running Exchange 2007 Then the SMTP log files are typically found here: C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs\ProtocolLog >with one public IP address. I do have a entry for my server "sbsexch.mydomain.com" that resolves forward and backward to my public IP address. Would you recommend the IP4 or A method? For the server name TXT record? Either one will work. Using the "a:" will require the receiving server to perfrom an additional DNS lookup of the "A" record for the server name. If you use "ip4:" there's no need for the receiving server to any other DNS query since it already has the IP address of your server. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi Alan, We first need to know where the message stays for a long time. If it happen in your server, (as Rich mentioned, you could check the SMTP log), we could have a further troubleshooting. I don’t think add a SPF record can cause this. If the issue happen in remote server, e.g. it takes a long time to verify your DNS record, it’s another issue, and you may need to contact their administrator for this. Thanks, Elvis

Hi Alan, We first need to know where the message stays for a long time. If it happen in your server, (as Rich mentioned, you could check the SMTP log), we could have a further troubleshooting. I don’t think add a SPF record can cause this. If the issue happen in remote server, e.g. it takes a long time to verify your DNS record, it’s another issue, and you may need to contact their administrator for this. Thanks, Elvis

Hi, The ProtocolLog\SmtpSend directory is empty. How do I enable this? Thanks, Alan

On Fri, 17 Sep 2010 18:21:39 +0000, Alan Kamrowski II wrote: >The ProtocolLog\SmtpSend directory is empty. How do I enable this? If it's just Exchange, there's a drop-down box on each receive connector and send connector. Your choice are "None" and "Verbose". Pick "Verbose. On SBS? Well, who knows. You'll probably have to use some sort of wizard to be sure it all works. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi, Thanks guys, I found it and set it to verbose. Will check it when things get delayed to see what it comes up with. Alan

Hi, The logging has been helpful! I found it was using the wrong name at ehlo and corrected that which seemed to make a big difference. I did have this issue sending to an earthlink address. I have done a search/replace to hide some info. Could this be too big an email for Earthlink? I don't see an error, but yet it doesn't go and it keeps retrying it. One odd thing is that it goes back and forth between SIZE=1067262 and SIZE=1044304 for some reason. Does the log indicate anything? 2010-09-24T07:22:08.744Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,2,192.168.100.251:58493,209.86.93.229:25,<,"220 mx-stork.atl.sa.earthlink.net EL_4_2_10_GMA_39 ESMTP EarthLink SMTP Server Fri, 24 Sep 2010 03:22:08 -0400 (EDT)", 2010-09-24T07:22:08.744Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,3,192.168.100.251:58493,209.86.93.229:25,>,EHLO MYSERVER.MYDOMAIN.COM, 2010-09-24T07:22:08.826Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,4,192.168.100.251:58493,209.86.93.229:25,<,"250-mx-stork.atl.sa.earthlink.net Hello MYSERVER.MYDOMAIN.COM [MY.PUB.IP.ADDR], pleased to meet you", 2010-09-24T07:22:09.099Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,5,192.168.100.251:58493,209.86.93.229:25,<,250-8BITMIME, 2010-09-24T07:22:09.099Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,6,192.168.100.251:58493,209.86.93.229:25,<,250-SIZE 14680064, 2010-09-24T07:22:09.099Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,7,192.168.100.251:58493,209.86.93.229:25,<,250 HELP, 2010-09-24T07:22:09.100Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,8,192.168.100.251:58493,209.86.93.229:25,*,751,sending message 2010-09-24T07:22:09.100Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,9,192.168.100.251:58493,209.86.93.229:25,>,MAIL FROM:<myemail@myserver.com> SIZE=1067262, 2010-09-24T07:22:09.181Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,10,192.168.100.251:58493,209.86.93.229:25,<,250 <myemail@myserver.com> SIZE=1067262... Sender ok, 2010-09-24T07:22:09.181Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,11,192.168.100.251:58493,209.86.93.229:25,>,RCPT TO:<myemail@earthlink.net>, 2010-09-24T07:22:09.273Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,12,192.168.100.251:58493,209.86.93.229:25,<,250 <myemail@earthlink.net>... Recipient ok, 2010-09-24T07:22:09.289Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,13,192.168.100.251:58493,209.86.93.229:25,>,DATA, 2010-09-24T07:22:09.370Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,14,192.168.100.251:58493,209.86.93.229:25,<,"354 Enter mail, end with ""."" on a line by itself", 2010-09-24T07:22:39.847Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,15,192.168.100.251:47729,209.86.93.228:25,-,,Remote 2010-09-24T07:22:39.848Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,0,,209.86.93.226:25,*,,attempting to connect 2010-09-24T07:22:39.930Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,1,192.168.100.251:58500,209.86.93.226:25,+,, 2010-09-24T07:22:40.012Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,2,192.168.100.251:58500,209.86.93.226:25,<,"220 mx-dipper.atl.sa.earthlink.net EL_4_2_10_GMA_39 ESMTP EarthLink SMTP Server Fri, 24 Sep 2010 03:22:39 -0400 (EDT)", 2010-09-24T07:22:40.013Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,3,192.168.100.251:58500,209.86.93.226:25,>,EHLO MYSERVER.MYDOMAIN.COM, 2010-09-24T07:22:40.095Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,4,192.168.100.251:58500,209.86.93.226:25,<,"250-mx-dipper.atl.sa.earthlink.net Hello MYSERVER.MYDOMAIN.COM [MY.PUB.IP.ADDR], pleased to meet you", 2010-09-24T07:22:40.368Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,5,192.168.100.251:58500,209.86.93.226:25,<,250-8BITMIME, 2010-09-24T07:22:40.368Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,6,192.168.100.251:58500,209.86.93.226:25,<,250-SIZE 14680064, 2010-09-24T07:22:40.368Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,7,192.168.100.251:58500,209.86.93.226:25,<,250 HELP, 2010-09-24T07:22:40.368Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,8,192.168.100.251:58500,209.86.93.226:25,*,679,sending message 2010-09-24T07:22:40.368Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,9,192.168.100.251:58500,209.86.93.226:25,>,MAIL FROM:<myemail@myserver.com> SIZE=1044304, 2010-09-24T07:22:40.450Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,10,192.168.100.251:58500,209.86.93.226:25,<,250 <myemail@myserver.com> SIZE=1044304... Sender ok, 2010-09-24T07:22:40.450Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,11,192.168.100.251:58500,209.86.93.226:25,>,RCPT TO:<runyonii@earthlink.com>, 2010-09-24T07:22:40.544Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,12,192.168.100.251:58500,209.86.93.226:25,<,250 <runyonii@earthlink.com>... Recipient ok, 2010-09-24T07:22:40.566Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,13,192.168.100.251:58500,209.86.93.226:25,>,DATA, 2010-09-24T07:22:40.647Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,14,192.168.100.251:58500,209.86.93.226:25,<,"354 Enter mail, end with ""."" on a line by itself", 2010-09-24T07:31:51.482Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,15,192.168.100.251:58493,209.86.93.229:25,-,,Remote 2010-09-24T07:31:51.482Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,0,,209.86.93.228:25,*,,attempting to connect 2010-09-24T07:31:51.566Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,1,192.168.100.251:58729,209.86.93.228:25,+,, Thanks, Alan

On Fri, 24 Sep 2010 12:16:10 +0000, Alan Kamrowski II wrote: >Hi, > >The logging has been helpful! I found it was using the wrong name at ehlo and corrected that which seemed to make a big difference. > >I did have this issue sending to an earthlink address. I have done a search/replace to hide some info. Could this be too big an email for Earthlink? I don't see an error, but yet it doesn't go and it keeps retrying it. One odd thing is that it goes back and forth between SIZE=1067262 and SIZE=1044304 for some reason. Does the log indicate anything? 2010-09-24T07:22:08.744Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,2,192.168.100.251:58493,209.86.93.229:25,<,"220 mx-stork.atl.sa.earthlink.net EL_4_2_10_GMA_39 ESMTP EarthLink SMTP Server Fri, 24 Sep 2010 03:22:08 -0400 (EDT)", > >2010-09-24T07:22:08.744Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,3,192.168.100.251:58493,209.86.93.229:25,>,EHLO MYSERVER.MYDOMAIN.COM, 2010-09-24T07:22:08.826Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,4,192.168.100.251:58493,209.86.93.229:25,<,"250-mx-stork.atl.sa.earthlink.net Hello MYSERVER.MYDOMAIN.COM [MY.PUB.IP.ADDR], pleased to meet you", 2010-09-24T07:22:09.099Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,5,192.168.100.251:58493,209.86.93.229:25,<,250-8BITMIME, 2010-09-24T07:22:09.099Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,6,192.168.100.251:58493,209.86.93.229:25,<,250-SIZE 14680064, 2010-09-24T07:22:09.099Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,7,192.168.100.251:58493,209.86.93.229:25,<,250 HELP, 2010-09-24T07:22:09.100Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,8,192.168.100.251:58493,209.86.93.229:25,*,751,sending message 2010-09-24T07:22:09.100Z,Windows SBS Internet Send >MYSERVER,08CD29B73C18610E,9,192.168.100.251:58493,209.86.93.229:25,>,MAIL FROM:<myemail@myserver.com> SIZE=1067262, 2010-09-24T07:22:09.181Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,10,192.168.100.251:58493,209.86.93.229:25,<,250 <myemail@myserver.com> SIZE=1067262... Sender ok, 2010-09-24T07:22:09.181Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,11,192.168.100.251:58493,209.86.93.229:25,>,RCPT TO:<myemail@earthlink.net>, 2010-09-24T07:22:09.273Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,12,192.168.100.251:58493,209.86.93.229:25,<,250 <myemail@earthlink.net>... Recipient ok, 2010-09-24T07:22:09.289Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,13,192.168.100.251:58493,209.86.93.229:25,>,DATA, 2010-09-24T07:22:09.370Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,14,192.168.100.251:58493,209.86.93.229:25,<,"354 Enter mail, end with ""."" on a line by itself", 2010-09-24T07:22:39.847Z,Windows SBS Internet Send >MYSERVER,08CD29B73C18610F,15,192.168.100.251:47729,209.86.93.228:25,-,,Remote 2010-09-24T07:22:39.848Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,0,,209.86.93.226:25,*,,attempting to connect 2010-09-24T07:22:39.930Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,1,192.168.100.251:58500,209.86.93.226:25,+,, 2010-09-24T07:22:40.012Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,2,192.168.100.251:58500,209.86.93.226:25,<,"220 mx-dipper.atl.sa.earthlink.net EL_4_2_10_GMA_39 ESMTP EarthLink SMTP Server Fri, 24 Sep 2010 03:22:39 -0400 (EDT)", 2010-09-24T07:22:40.013Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,3,192.168.100.251:58500,209.86.93.226:25,>,EHLO MYSERVER.MYDOMAIN.COM, 2010-09-24T07:22:40.095Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,4,192.168.100.251:58500,209.86.93.226:25,<,"250-mx-dipper.atl.sa.earthlink.net Hello MYSERVER.MYDOMAIN.COM [MY.PUB.IP.ADDR], pleased to meet you", 2010-09-24T07:22:40.368Z,Windows SBS Internet Send >MYSERVER,08CD29B73C18610F,5,192.168.100.251:58500,209.86.93.226:25,<,250-8BITMIME, 2010-09-24T07:22:40.368Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,6,192.168.100.251:58500,209.86.93.226:25,<,250-SIZE 14680064, 2010-09-24T07:22:40.368Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,7,192.168.100.251:58500,209.86.93.226:25,<,250 HELP, 2010-09-24T07:22:40.368Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,8,192.168.100.251:58500,209.86.93.226:25,*,679,sending message 2010-09-24T07:22:40.368Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,9,192.168.100.251:58500,209.86.93.226:25,>,MAIL FROM:<myemail@myserver.com> SIZE=1044304, 2010-09-24T07:22:40.450Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,10,192.168.100.251:58500,209.86.93.226:25,<,250 <myemail@myserver.com> SIZE=1044304... Sender ok, 2010-09-24T07:22:40.450Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,11,192.168.100.251:58500,209.86.93.226:25,>,RCPT TO:<runyonii@earthlink.com>, >2010-09-24T07:22:40.544Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,12,192.168.100.251:58500,209.86.93.226:25,<,250 <runyonii@earthlink.com>... Recipient ok, 2010-09-24T07:22:40.566Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,13,192.168.100.251:58500,209.86.93.226:25,>,DATA, 2010-09-24T07:22:40.647Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610F,14,192.168.100.251:58500,209.86.93.226:25,<,"354 Enter mail, end with ""."" on a line by itself", 2010-09-24T07:31:51.482Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,15,192.168.100.251:58493,209.86.93.229:25,-,,Remote 2010-09-24T07:31:51.482Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,0,,209.86.93.228:25,*,,attempting to connect 2010-09-24T07:31:51.566Z,Windows SBS Internet Send MYSERVER,08CD29B73C18610E,1,192.168.100.251:58729,209.86.93.228:25,+,, Your server never sends a RSET or QUIT which usually indicates a dropped connection (unless you omitted those lines from the log). --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP