Author Topic: Incorrect SPF failures on all domains  (Read 434 times)

Offline Ossie44

  • Comodo Member
  • **
  • Posts: 30
Incorrect SPF failures on all domains
« on: June 26, 2018, 04:09:06 AM »
For the past 8 hours we have not been receiving emails because Comodo ASG is incorrectly rejecting emails sent to us with an SPF failure.  This has been happening with many different domains that use Comodo for spam filtering.

Typical failure message is "554 This server requires you to send from an IP address specified by the SPF for <domain>"

Anyone else experiencing this issue with ASG?  I'm about to change our MX records to remove Comodo from the equation (again).

Offline Willard-UK

  • Comodo Member
  • **
  • Posts: 42
Re: Incorrect SPF failures on all domains
« Reply #1 on: June 26, 2018, 04:14:29 AM »
What is the sending domain and have you checked the senders SPF, I have had this were the sender has had the sending servers change due to isp or recover systms.

Offline Ossie44

  • Comodo Member
  • **
  • Posts: 30
Re: Incorrect SPF failures on all domains
« Reply #2 on: June 26, 2018, 04:23:18 AM »
The sending domain can be anyone, it doesn't seem to matter.  The following is an example of a rejection message people are receiving when sending to us.  In this example the email address recipient has been changed to XXXXX for privacy, but both domains in this example (sender and recipient) have incoming emails filtered through Comodo ASG.  It has been working find in the same configuration for months and we have not changed anything recently.

  This is the  mail gateway at engclustn2.stage.casg.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<XXXXX[at]itregister.com.au>:
 <from:XXXXX[at]human-performance.com.au to:XXXXXX[at]itregister.com.au> 122.102.97.103 does not like recipient Remote host said: 554 This server requires you to send from an IP address specified by the SPF for human-performance.com.au.
Giving up on 122.102.97.103 qid: 18566-1529999769-150589.



Offline Willard-UK

  • Comodo Member
  • **
  • Posts: 42
Re: Incorrect SPF failures on all domains
« Reply #3 on: June 26, 2018, 04:31:06 AM »
Unless I am missing something I do not see the IP address 122.102.97.103 listed in the spf for human-performance.com.au but I do see the MX records for itregister.com.au.

Is this correct?

Offline Ossie44

  • Comodo Member
  • **
  • Posts: 30
Re: Incorrect SPF failures on all domains
« Reply #4 on: June 26, 2018, 04:35:53 AM »
Correct, the email was sent from a different IP address for human-performance.com.au which is in their SPF, but for some reason Comodo appears to be thinking it is coming from the itregister.com.au IP address, who is the recipient.  It appears to us that ASG is checking the receivers SPF record and trying to match that to the sender...

Offline Willard-UK

  • Comodo Member
  • **
  • Posts: 42
Re: Incorrect SPF failures on all domains
« Reply #5 on: June 26, 2018, 04:39:40 AM »
I seem to recall having a very simlar issue a while back and after Comodo support were informed they found a solution. Have you raised a ticket? If not I would.

Keep us informed about this error, just checked a few of my clients and all seems to be OK atthe momment.

Offline Ossie44

  • Comodo Member
  • **
  • Posts: 30
Re: Incorrect SPF failures on all domains
« Reply #6 on: June 26, 2018, 04:43:26 AM »
Yes I logged a support ticket.  About to remove Comodo ASG from the X records for 25 domains we manage as this is causing us huge issues.

Also forgot to add that human-performance.com.au is set to send via Comodo (i.e. smart hosting).  Plus we do actually have the MX for itregister.com.au listed in their SPF record (which is 122.102.97.103) not that we're using it currently.


Offline Willard-UK

  • Comodo Member
  • **
  • Posts: 42
Re: Incorrect SPF failures on all domains
« Reply #7 on: June 26, 2018, 04:47:36 AM »
From what I saw the human-performance.com.au SPF does refer to the MX records of the domain itregister.com.au but 122.102.97.103 is not an MX record for itregister.com.au maybe think about include instead of just MX

Offline Ossie44

  • Comodo Member
  • **
  • Posts: 30
Re: Incorrect SPF failures on all domains
« Reply #8 on: June 26, 2018, 04:54:42 AM »
As I said human-performance is sending via Comodo anyway so that is irrelevant, plus nothing has been changed and it was working fine for many months like this. 

But I suspect I found the problem:

On a test email I just sent myself from human-performance it showed the sending server was mxsrv2.spamgateway.comodo.com [144.168.192.81].

But we have the SPF record for that domain set to match it's MX records, which are set to mxpool1.spamgateway.comodo.com (144.168.192.80) and mxpool2.spamgateway.comodo.com (144.168.192.80).  Neither of those IP address match the sending server.

Did Comodo change or added a sending server in the past 24 hours that does not match the sending servers?  We were told by Comodo to configure SPF this way...

Offline Willard-UK

  • Comodo Member
  • **
  • Posts: 42
Re: Incorrect SPF failures on all domains
« Reply #9 on: June 26, 2018, 05:05:06 AM »
Remember we use the EU settings but this is now I have my DNS setup for our clients using ASG.

MX records:
mxpool1.spamgateway.comodo.com. 10
mxpool2.spamgateway.comodo.com. 20

SPF records:
"v=spf1 ip4:AAA.AAA.AAA.AAA include:_spf.spamgateway.comodo.com include:servers.mcsv.net ~all"

AAA.AAA.AAA.AAA is edge mail server just incase we turn off smart host

mcsv.net is mailchimp for this user.

I have just noticed that
warn_msg = (2) Host '_spf.spamgateway.comodo.com' not found. | Could not find a valid SPF record | 144.168.192.81
warn_msg = (2) Host '_spf.spamgateway.comodo.com' not found. | Could not find a valid SPF record | 144.168.192.80[144.168.192.80]

Might be there is an issue with comodo.

Offline Ossie44

  • Comodo Member
  • **
  • Posts: 30
Re: Incorrect SPF failures on all domains
« Reply #10 on: June 26, 2018, 06:01:50 AM »
Thanks, maybe I should try adding "include:_spf.spamgateway.comodo.com"?  I think we used to use that but they told us to change it to mxpool1.spamgateway.comodo.com and mxpool2.spamgateway.comodo.com

Yeah I suspect someone changed something at 5PM their time and went home without testing.  This has happened several times over the past 2-3 years.  When they get into the office in a couple of hours time it will probably all magically start working again.  Unfortunately it is now 8PM here so we've been dealing with this for 12 hours.  Really is time we moved all our clients to Office 365 and dumped ASG.

Offline Willard-UK

  • Comodo Member
  • **
  • Posts: 42
Re: Incorrect SPF failures on all domains
« Reply #11 on: June 26, 2018, 06:10:37 AM »
I have just done some more testing and _spf.spamgateway.comodo.com is failing I bet they have changed something.  Please ask them to reply to this thread about the correct SPF records as I think we are start to see failures.

Offline Ossie44

  • Comodo Member
  • **
  • Posts: 30
Re: Incorrect SPF failures on all domains
« Reply #12 on: June 26, 2018, 06:16:56 AM »
Done.  They are responding to me now which is good.

Offline Ossie44

  • Comodo Member
  • **
  • Posts: 30
Re: Incorrect SPF failures on all domains
« Reply #13 on: June 26, 2018, 07:10:04 PM »
This is still not working.  It is my opinion that what has happened is Comodo in the past 48 hours have added additional servers that forward emails to their customers, and those servers are no longer within the SPF range they previously advertised.

Their advice to me is to disable SPF checking on ALL inbound emails.... which fine if all emails are coming from Comodo, but in some cases we have servers receiving emails from both Comodo and direct.

I give up.

Offline Ossie44

  • Comodo Member
  • **
  • Posts: 30
Re: Incorrect SPF failures on all domains
« Reply #14 on: June 26, 2018, 08:27:27 PM »
For those following this thread we have tracked the problem down to emails being passed to us from Comodo via the server engclustn1.stage.casg (104.227.248.206).

We have had to temporarily whitelist this servers IP address to allow emails in

This server is not one of ours, and we can see in the email headers that it is last server in the chain when emails are passed to us from Comodo (see partial sample below).  We have asked Comodo Support to confirm this is one of their servers, otherwise we may be looking at a hack of some kind...


Received: from XXXX.group.local (10.0.0.57) by XXXX.group.local
 (10.0.0.57) with Microsoft SMTP Server (TLS) id 15.1.225.42; Wed, 27 Jun 2018
 10:17:22 +1000
Received: from engclustn2.stage.casg (104.227.248.206) by XXXX.group.local
 (10.0.0.57) with Microsoft SMTP Server (TLS) id 15.1.225.42 via Frontend
 Transport; Wed, 27 Jun 2018 10:17:21 +1000
Received: (korumail 8318 invoked from network); 27 Jun 2018 00:17:16 -0000
Received: from unknown (HELO mxsrv1.spamgateway.comodo.com) (10.200.1.102)
   by 0 with SMTP; 27 Jun 2018 00:17:09 -0000
Received: from mail-me1aus01on0061.outbound.protection.outlook.com ([104.47.116.61] helo=AUS01-ME1-obe.outbound.protection.outlook.com)
   by mxsrv1.spamgateway.comodo.com
<snip>

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek