Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- McAfee Support Community
- :
- Enterprise Support
- :
- Email and Web Security
- :
- Email Security for Exchange/Domino
- :
- SPF false negative (detected as softfail) - blocke...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-11-2018
08:41 AM
SPF false negative (detected as softfail) - blocked, but header is SPF-Pass
Please see the header from an email that clearly states the SPF - PASS, however these emails are being flagged as SPF Soft Fail and blocked by MSME 8.6.171.1 - WHY?
Received: from server.domain.local (***.***.***.***) by server.domain.local (***.***.***.***) with Microsoft SMTP Server (TLS) id 15.1.225.42; Tue, 11 Dec 2018 11:47:39 +0000 Received: from esa10.hc189626.iphmx.com (216.71.154.109) by server.domain.local (***.***.***.***) with Microsoft SMTP Server (TLS) id 15.1.225.42 via Frontend Transport; Tue, 11 Dec 2018 11:47:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=someonesdomain.com; i=@someonesdomain.com; q=dns/txt; s=ces; t=1544528859; x=1576064859; h=from:to:cc:subject:date:message-id:mime-version; bh=Kuw7Tw+VIvozOD/bhNrQYxU86NP1U1KIBU43vd3T+ls=; b=FhUF0WaSoSZl6wcGY29f5EldmohuWBbTgz57/MSx314LT9ogdHBvmtPw t81MKe9xkZemCtfsnicKOjpO+X/P4MwYD8YpHDSqLuCjBB8xPPVwlXJrm fE/9vR+qDTe036YYHR50CylWcnfhmV0rR5deka1y+xFwWK+yO1OILVeqI I=; X-IronPort-AV: E=Sophos;i="5.56,342,1539644400"; d="jpg'145?scan'145,208,217,145";a="24201069" X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from unknown (HELO interceptor2.na.ngrid.net) ([129.33.202.197]) by esa10.hc189626.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 11 Dec 2018 11:47:35 +0000 Received: from outlook-int.someonesdomain.com ([10.234.240.81]) by interceptor2.na.ngrid.net (RSA Interceptor) for <R.Strode@ourdomain.co.uk>; Tue, 11 Dec 2018 06:47:47 -0500 Received: from NAM05-CO1-obe.outbound.protection.outlook.com (10.234.240.176) by outlook-int.someonesdomain.com (10.234.240.81) with Microsoft SMTP Server (TLS) id 14.3.399.0; Tue, 11 Dec 2018 06:47:22 -0500 Received: from SN6PR01MB5134.prod.exchangelabs.com (52.135.109.83) by SN6PR01MB4734.prod.exchangelabs.com (52.135.124.225) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1404.17; Tue, 11 Dec 2018 11:47:20 +0000 Received: from SN6PR01MB5134.prod.exchangelabs.com ([fe80::44c4:314b:b2b4:dc08]) by SN6PR01MB5134.prod.exchangelabs.com ([fe80::44c4:314b:b2b4:dc08%4]) with mapi id 15.20.1404.026; Tue, 11 Dec 2018 11:47:19 +0000 From: "Fox, Chris" <Chris.Fox@someonesdomain.com> To: "R.Strode@ourdomain.co.uk" <R.Strode@ourdomain.co.uk> CC: "Quigg, Darren" <Darren.Quigg@someonesdomain.com> Subject: Test Send \ National Grid, Ambergate Thread-Topic: Test Send \ National Grid, Ambergate Thread-Index: AdSRR0NUwM4PRpC1S8ikC9/KZTE7bA== Date: Tue, 11 Dec 2018 11:47:19 +0000 Message-ID: <SN6PR01MB51349E5EE04105C164C5F1A88FA60@SN6PR01MB5134.prod.exchangelabs.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [62.189.218.115] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;SN6PR01MB4734;6:lSYC84EZCrqAgx0+TR6XdhfOtvh0WwS9l1oaNfb2Hj32nzbmUORnAuM1lC2Cmob7dKHdnzOvv2TkDk8jEmEL02atUG9IfBlr2QgB8m6GBHb+fSOId3CV3fuI/Rm9efIuSUyK3L+wV5ERu3eMQipWUaZa3Ki6WJTqApiucvyBcGOu0fB51Amlg1MBxeZ1+f1BSn8p7aI5NFjpEvgJnP431hQmlJFdGWW3vMInoX6GThvVeEnjM0qEs3OxvvsP8fTqoFafH2ymfTBVk3526dmQFNyVlj0QIBavVQPXJRxGKKeLGlbxC2uR9zZg+6nTXmdQK2jOa74INilBCKLmF4UhR6BbO4Vda7hWhts228O3owO6ctJTY3Ui/02GRt5fIzZHuY06FFVhz0HakZ6tpy1DGpQRiZL0TbpUb+wg7cK4lD9/UgETzAce/3/062ZWG4L6sd5g8ROMM12dy4l1a/RaMw==;5:7g9BpDeSWHzhKceU255oaWAIf9UrpGgcKMGxewaE8WJ/UPXlR8NsUaS4Iii7RwgmZ4kMa+0+KezEvsK/nYIBmNghXsLfWK64CNyEqo/YfFV6O44e5pRcxIkcb0pdgQz4nPy6ZUHSypmid7rJDz6IXxGkR/yFWKskazaMqfAQ0TQ=;7:VgTOQv1xMUAKQuoG4T7z0fjv7FmgnPGNDJL3ESZ0VijOzh0juIKKByUqjwnua0wJwjY9EV6bH7Y7vCUAkYF6q61QKTJqlTG3wqs6VmlerMNrD0db9JsjWl5uPniIUOdljUvlFDtc95Fz0J03T+xgSw== x-ms-exchange-antispam-srfa-diagnostics: SOS;SOR; x-ms-office365-filtering-correlation-id: d00c1741-df71-4046-2a07-08d65f5e681b x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390098)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(49563074)(7193020);SRVR:SN6PR01MB4734; x-ms-traffictypediagnostic: SN6PR01MB4734: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Chris.Fox@someonesdomain.com; x-microsoft-antispam-prvs: <SN6PR01MB4734087354563EA8023C2B5A8FA60@SN6PR01MB4734.prod.exchangelabs.com> x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(3230017)(999002)(102415395)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231472)(944501520)(4983020)(52105112)(148016)(149066)(150057)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(201708071742011)(7699051)(76991095);SRVR:SN6PR01MB4734;BCL:0;PCL:0;RULEID:;SRVR:SN6PR01MB4734; x-forefront-prvs: 08831F51DC x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(346002)(376002)(396003)(39860400002)(366004)(136003)(189003)(199004)(97736004)(9686003)(53936002)(5640700003)(81156014)(81166006)(2906002)(2351001)(8936002)(7736002)(106356001)(606006)(74316002)(5660300001)(861006)(72206003)(6436002)(71190400001)(71200400001)(55016002)(86362001)(99936001)(8676002)(25786009)(966005)(478600001)(316002)(102836004)(68736007)(66066001)(2501003)(107886003)(486006)(5024004)(66574011)(6916009)(33656002)(6506007)(186003)(236005)(14444005)(4326008)(54896002)(3846002)(6116002)(10126004)(790700001)(256004)(14454004)(733005)(105586002)(6306002)(7696005)(99286004)(54556002)(26005)(476003);DIR:OUT;SFP:1101;SCL:1;SRVR:SN6PR01MB4734;H:SN6PR01MB5134.prod.exchangelabs.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; x-microsoft-antispam-message-info: ZY7kpxcU4RagG9RlOvuo2E4Gysc3CMLspNYW3xGHr8VUJrlLUxUsF/ScHKHY9HA8xtmJti9tYKhIgSwfESqhbIhFCE1q1JIiq5mWuoZMvaqV5fUCL729cZRSJPwqAL4sFF7QoMzuMcryqKqXnsDZPwRgeMGQynO5ntuPw1Sea+PNxnCI1Z4s2UHc8w6QM7CtK5pJL9fWmQvPx1utiBTe6NyJuuARdm8928tVieJnbHKHojZYiERjbYHA0itXRsJj5barjDGp8E0+YefhlKoQ5kvj/2s1r8eHQektpvtPfECKOeyuF7JOtQyd83YJl6oM spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/related; boundary="_004_SN6PR01MB51349E5EE04105C164C5F1A88FA60SN6PR01MB5134prod_"; type="multipart/alternative" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: d00c1741-df71-4046-2a07-08d65f5e681b X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Dec 2018 11:47:19.6548 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f98a6a53-25f3-4212-901c-c7787fcd3495 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR01MB4734 Return-Path: Chris.Fox@someonesdomain.com X-MS-Exchange-Organization-OriginalArrivalTime: 11 Dec 2018 11:47:38.6988 (UTC) X-MS-Exchange-Forest-ArrivalHubServer: server.domain.local X-MS-Exchange-Organization-Network-Message-Id: 62df02c0-725d-44b5-02a2-08d65f5e73bc X-MS-Exchange-Organization-OriginalClientIPAddress: 216.71.154.109 X-MS-Exchange-Organization-OriginalServerIPAddress: ***.***.***.*** X-MS-Exchange-Organization-Cross-Premises-Headers-Processed: server.domain.local X-MS-Exchange-Organization-OrderedPrecisionLatencyInProgress: LSRV=server.domain.local:TOTAL-FE=0.593|SMR=0.599(SMRPI=0.008(SMRPI-FrontendProxyAgent=0.008));2018-12-11T11:47:39.292Z X-MS-Exchange-Organization-AuthSource: server.domain.local X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-Exchange-Organization-FromEntityHeader: Internet X-MS-Exchange-Organization-PRD: someonesdomain.com X-MS-Exchange-Organization-SenderIdResult: Pass Received-SPF: Pass (server.domain.local: domain of Chris.Fox@someonesdomain.com designates 216.71.154.109 as permitted sender) receiver=server.domain.local; client-ip=216.71.154.109; helo=esa10.hc189626.iphmx.com;
1 Reply
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-17-2019
03:43 AM
Re: SPF false negative (detected as softfail) - blocked, but header is SPF-Pass
possible addtional information that could be causeing the problem as Mcafee doesnt understand how to read and spf entry with code to construct and arbitrary hostname for a DNS query.
this is the mx record from the domain in question where we are receving the email but is being detected as spf:softfail incorrectly.
v=spf1 include:spf-c.usa.striata.com include:email.opower.com include:spf.protection.outlook.com include:servers.mcsv.net exists:%{i}.spf.hc189626.iphmx.com ~all
NOTE: last entry "exists:", its valid when checking on mxtoolbox, but im wondering if mcafee doesnt understand?
More McAfee Tools to Help You
- Visit: Business Service Portal
- More: Search Knowledge Articles
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
