Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1252 posts

Uber Geek
+1 received by user: 146

Subscriber

# 208817 28-Feb-2017 19:05
Send private message

Last week I moved a clients email from Paradise to Office365. It all went as planned and three desktops were upgraded from Office2003 as well.

 

It's pretty small, three paid (exchange only) accounts and two shared mailboxes.

 

But today one of the paid accounts has seen a huge amount of bounced emails coming back. I've traced it to believe each of the accounts we were sending to have a forward set and as our SPF records are "-all" the forwarding is failing. My understanding is the original email will still be delivered but the forward wont.

 

The main protagonists are @xtra.co.nz accounts and a government department.

 

I assume I could just change the TXT record to "~all" and softfail the forwarding but before I do is that something we should be doing ? Should we stand fast and insist the other end sort it out ? by giving us the correct email address in the first place ? Not all that easy when dealing with accounts@blah.govt.nz

 

As for the folders. Two people want to access the same paid account on their own desktops. If one was to create a folder in the Inbox can we expect that to be copied to the other desktop in the same way IMAP would be ? And can we have each of those folders list how many unread emails are in them (and for it to sync across each desktop) ?

 

Thanks

 

 

 

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
2529 posts

Uber Geek
+1 received by user: 753

Trusted
Lifetime subscriber

  # 1727909 28-Feb-2017 19:58
Send private message

Two people accessing the same account is fine.  You can either add the account as a separate account in the user's Outlook profile, or grant permission to the mailbox from the admin console.

 

Check your DNS records from within the admin portal.  Once done, please give more details on where the process is falling over.





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams



1252 posts

Uber Geek
+1 received by user: 146

Subscriber

  # 1727911 28-Feb-2017 20:13
Send private message

Thanks @Dynamic,

 

The folders all seem to be working as expected, I'll ask them tomorrow why they think they aren't working.

 

The DNS records are all correct, the SPF TXT record is correct, Office365 states all DNS records it needs are correct.

 

We are sending email from an account with our invoices attached. If they arrive at our clients email address and they have added a forwarder to that address then the "-all" in our SPF record will not allow that email to be forwarded. We then receive an email saying "550 5.7.1 Message rejected (SPF)"

 

On reading about this some more, I can see whilst -all is best practice the reality is ~all should be used to allow our emails to be forwarded on elsewhere. I'm also just reading about how to add DKIM and DMARC. I've added the CNAME records for DKIM and will look at DMARC as well now.

 

I've found a thread elsewhere talking about this last week with @xtra.co.nz addresses and I wonder if it's related to their move in-house at the moment.

 

[e] This is all just security on our custom domain to say we are who we say we are though. It's not going to allow our email to be forwarded by the recipients email servers.


 
 
 
 


22052 posts

Uber Geek
+1 received by user: 4680

Trusted
Subscriber

  # 1727914 28-Feb-2017 20:20
One person supports this post
Send private message

2 reasons for that spf thing

 

 

 

Most common:

 

The SPF thing is because you are sending to people that are incorrectly bouncing instead of forwarding to an xtra address. There are already threads about it. xtra are correctly interpreting your SPF as saying that the person doing the bounce shouldnt be sending emails as you.

 

The place that you are emailing to needs to sort their mail server out to correctly do a forward with the sender as an address they are authorized to send, not bounce it keeping the original sender. Or just directly email their xtra address instead of whatever address is doing the bounce.

 

Other:

 

If you are sending to a mail list that you contract out, and it actually should be sending as your address, in which case you need to add the mail lists servers to your SPF records in addition to the ones for o365.

 

 





Richard rich.ms

2529 posts

Uber Geek
+1 received by user: 753

Trusted
Lifetime subscriber

  # 1727916 28-Feb-2017 20:22
One person supports this post
Send private message

We are sending email from an account with our invoices attached.

 

Do basic non-invoice messages forward without issue?  If yes....

 

What software is generating the invoice, and what server is being used to email out the invoice?

 

I'm wondering whether your SPF record says 'only email for my domain sent from a 365 server is authorised and any other mail server using my domain name must therefor be dodgy'.  And then you are sending emails form MYOB Accountright using smtp.vodafone.co.nz or similar SMTP server.  As that SMTP server is not authorised to send sing your domain name (as specified by your SPF record), messages are being rejected.  If this is the case, you can either:

 

- add that SMTP server into your SPF to authorise it, or

 

- if your client has a Static IP Address, then you can go into the Exchange Admin area of the 365 console and set up a custom receive connector that will accept mail from that Static IP Address an send it on using the 365 servers.  We do this frequently enough to allow photocopiers to scan-to-smtp-server using the 365 SMTP server, or for MYOB Payroll to send pay slips, etc.





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams



1252 posts

Uber Geek
+1 received by user: 146

Subscriber

  # 1727917 28-Feb-2017 20:24
Send private message

 I hang my head in shame for not having searched in the first place.

 

Thread last week on the same issue


2529 posts

Uber Geek
+1 received by user: 753

Trusted
Lifetime subscriber

  # 1727920 28-Feb-2017 20:31
Send private message

 This sort of thing can feel like a minefield.

 

Anything at all to do with an @xtra address seems to automatically increase the hassle a hundredfold.





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams



1252 posts

Uber Geek
+1 received by user: 146

Subscriber

  # 1727922 28-Feb-2017 20:31
Send private message

Dynamic:

 

 

 

What software is generating the invoice, and what server is being used to email out the invoice?

 

I'm wondering whether your SPF record says 'only email for my domain sent from a 365 server is authorised and any other mail server using my domain name must therefor be dodgy'.  And then you are sending emails form MYOB Accountright using smtp.vodafone.co.nz or similar SMTP server.  As that SMTP server is not authorised to send sing your domain name (as specified by your SPF record), messages are being rejected.  If this is the case, you can either:

 

- add that SMTP server into your SPF to authorise it, or

 

 

Now we are onto something. Yes, some email comes directly from Simpro (an online job management tool) so we should dig out their SMTP details and authorise that in O365 as well.

 

Legend ;)

 

Their helpdesk has not always been all that helpful in the past. I wonder if I should just set it to softfail and finish setting up both DKIM and DMARC instead.

 

 


931 posts

Ultimate Geek
+1 received by user: 195

Trusted

  # 1727924 28-Feb-2017 20:36
2 people support this post
Send private message

@martyyn: ... I hang my head in shame for not having searched in the first place.

 

At least you got the search badge now. tongue-out





Please keep this GZ community vibrant by contributing in a constructive & respectful manner.


2529 posts

Uber Geek
+1 received by user: 753

Trusted
Lifetime subscriber

  # 1727925 28-Feb-2017 20:37
Send private message

martyyn: I wonder if I should just set it to softfail and finish setting up both DKIM and DMARC instead.

 

Over to you.  We've never had to do that (as best I remember) and we have a few dozen O365 clients.





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams



1252 posts

Uber Geek
+1 received by user: 146

Subscriber

  # 1727926 28-Feb-2017 20:43
Send private message

Dynamic:

 

Over to you.  We've never had to do that (as best I remember) and we have a few dozen O365 clients.

 

 

It seems to be the overriding suggestion from the other thread.

 

I've found another thread to read so in the meantime, I've set up DKIM and DMARC as they cant hurt. I'll talk to Simpro tomorrow to see if I can get their SMTP information to authenticate in the SPF record and will also see how it goes with the @xtra.co.nz accounts.

 

If they still bounce I'll talk to hio77 to see if he can help in anyway.


345 posts

Ultimate Geek
+1 received by user: 89


  # 1727948 28-Feb-2017 21:21
One person supports this post
Send private message

or just google

 

 

 

https://simprosoftware.mcoutput.com/10775/Content/Service-and-Enterprise/SPF-Record-Setup-for-Emails.htm

 

 

 

never had spf issues with hard -all, as long as you setup all server that send your email in it. 




1252 posts

Uber Geek
+1 received by user: 146

Subscriber

  # 1728144 1-Mar-2017 09:42
Send private message

bagheera: or just google https://simprosoftware.mcoutput.com/10775/Content/Service-and-Enterprise/SPF-Record-Setup-for-Emails.htm 

 

Yep, found and added that but the headers of the email we saw bounce yesterday had a very different record of where it has been sent from. We are testing them both now.

 

bagheera: never had spf issues with hard -all, as long as you setup all server that send your email in it. 

 

That's the plan.

 

I don't usually get myself involved in work like this, but I've learnt so much in the last 24 hours it's been great.


345 posts

Ultimate Geek
+1 received by user: 89


  # 1728231 1-Mar-2017 12:08
Send private message

Look like they treating softfail as a hard. To get thing working, look at the header info of the email and it should have the sending sever in it, add to spf, repeat till you find all their servers or wait for them to tell you



1252 posts

Uber Geek
+1 received by user: 146

Subscriber

  # 1728275 1-Mar-2017 13:04
Send private message

A quick update.

 

The Simpro settings found online made no difference today. I called Simpro who suggested we change to a softfail but I said I would like to include their SMTP server instead so they raised a ticket. Who knows when I will hear back, we've been down this road before and it went nowhere.

 

So in the meantime I've reverted to the O365 default SPF and changed to ~all. But we are still getting delivery failures for @xtra.co.nz accounts. A generic "554 5.7.9 Message not accepted for policy reasons" error.

 

So my question is, without including the Simpro server this will happen anytime we send something from Simpro to a mail server which doesn't like it, even with the softfail.....is that right ?

 

I feel like I'm second guessing everything now.


2529 posts

Uber Geek
+1 received by user: 753

Trusted
Lifetime subscriber

  # 1728349 1-Mar-2017 15:00
Send private message

You do have the option of asking Simpro for the address of the SMTP servers they use and add these into your SPF record to 'authorise' them for your domain.  This should not be new to them.  You might be able to check message headers of previous Simpro invoice emails and find the server name yourself.

 

Again, it can feel a bit like a black art sorting things like this when one end of the equation is out of your control.  Yahoo / Xtra email has given us far worse trouble in the past than any other platform.





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41


Nokia 9 PureView available in New Zealand
Posted 6-May-2019 09:06


Motorola Solutions joins local partners to deliver advanced communications network in New Zealand
Posted 30-Apr-2019 21:50



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.