@sp_tcset
To be honest, you are making a problem of something that is "indifferent", in the sense that SOFTFAIL and HARDFAIL are (more or less) the same in your case.
There have been many miscommunications, leading to some confusing questions and answers.
The main "miscommunication" is that your mail gets parsed for spf records on the "host.inteinet.net" server, which is completely different from the "olewebs.com" server.
In fact, your mail gets passed around some servers, with mail ending up on the "host.inteinet.net" server.
Sure, the "host.inteinet.net" server is the origin of the mail being send, but it is also the receiving mail server.
All the above sounds a little bit strange and can be deemed very exceptional, but it can be the case: platforms running with multiple VPS and a central mail server, i.e. a sort of relay.
The before mentioned platform setup is really bad, amongst others for the fact that the (open) relay can be used (i.e. used or hacked) as a spam server.
You noticed already that some significant mail spoofing took place, well, there is your answer and root cause of the problem.
The SPF records do not really alter anything:
- you can change spf anyway you want, but if there is indeed a relay (i.e. central mail server) present, then the spf settings of that mail server prevail and dominate,
- you cannot tackle spam by altering spf, if there is indeed a relay (i.e. a central mail server) present, since that relay is very likely to be the compromised mail server,
and it must be clear by now that you really should change something about the setup of YOUR mail servers and, if possible, the PLATFORM setup (i.e. no relay).
In short, check the presence of a relay server first.
If you ask me, there is a factual relay server OR a setting that makes specific mail servers function as a relay server.
After all, you send from "olewebs.com" (87.106.220.6) to "tcset.com" (82.165.193.105), a domain running on s16268349.onlinehome-server.info (82.165.193.105).
In a normal world, the "host.inteinet.net" server should not be present in the mail sending process, but it is, implying that some (mail or other) server is interfering in the process.
However, there is
another "miscommunication" that should be taken into account.
You try to send from
[email protected] to
[email protected] and this results in the hint that a mail server is interfering, as such hinting the presence of a dangerous relay.
In general, you should always try to duplicate errors and/or verify results by:
a) sending mail from some general mailbox (gmail for instance) to
[email protected] AND sending a separate mail from some general mail (gmail for instance) to
[email protected]: this allows you to determine on which business end (tcset.com or olewebs.com) the "SOFTFAIL error" is caused (i.e. isolation of WHERE the issue occurs),
b) reply to the messages send to the general mailbox (for instance, if using gmail, reply to the gmail address and check the "original message" in gmail),
c) send mail from
[email protected] to
[email protected]: this allows you to determine WHAT causes the "SOFTFAIL error".
If you ask me, action a AND c will not yield any issue at all, but action b will probably result in output containing lines with "SOFTFAIL" and "host.inteinet.net".
If the before mentioned result occurs again, then there is an relay.
This relay can be closed or open, but it is very likely that it is open, given the spoofed mail that you have spoken of.
It is very likely that you cannot change anything outside your VPS, so be aware that you can also prevent mail spamming & spoofing by using other tools, such as
- Domain Keys,
- DMARC records (just Google it, Google has a simple explanation and on this forum there is also a couple of threads with respect to DMARC)
and even consider to get a VPS elsewhere: your domain/server reputation can be already compromised, potentially resulting in an ineffective (blacklisted) mail server.
Hope the above helps...
Regards....
Facebook
Twitter
