000033879 - RSA Archer Notifications are delayed or not received from a Software as a Service (SaaS) environment, but the Notifications Sent report shows email was sent.

Document created by RSA Customer Support Employee on Aug 29, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033879
Applies ToRSA Product Set: Archer
RSA Version/Condition: All
Platform: Software as a Service (SaaS) environment
IssueRSA Archer Notifications are delayed or not received from a Software as a Service (SaaS) environment, but the Notifications Sent report shows email was sent successfully.
CauseThe preferred FROM address for Notifications is not set to noreply@archer.rsa.com.
The customer's email system is not monitoring the correct MX record or needs to whitelist SaaS mail relays.
ResolutionThe SaaS Operations Team recommends customers set the From address to noreply@archer.rsa.com (the preferred address).  
If customers wish to send from addresses other than noreply@archer.rsa.com, they can request their Email Team monitor the SPF DNS record for archer.rsa.com.  It will always have the IPs that Archer may send mail from.
One way to get that is by using the nslookup command-line utility:
nslookup
set type=txt
archer.rsa.com

Currently, the nslookup returns the following.  The mx means the MX host(s) for the archer.rsa.com zone and ip4 entries of 8.20.181.47, 62.190.59.200, 46.34.69.10 and 209.208.146.47.
"v=spf1 mx ip4:8.20.181.47 ip4:62.190.59.200 ip4:46.34.69.10 ip4:209.208.146.47 ~all"

User-added image


Open a new command line window and run the following commands:
nslookup
set type=mx
archer.rsa.com


Currently, the nslookup returns the following.  The important information from the results is that the MX record is 8.18.102.11.
mailrelay01.archer.rsa.com      internet address = 8.18.102.11


User-added image

Therefore, based on the information above, Archer may send e-mail from:
  • 8.18.102.11
  • 8.20.181.47
  • 62.190.59.200
  • 46.34.69.10
  • 209.208.146.47
NOTE: The IP list can, has, and will change over time...so tying to a static list of IPs is not recommended.

Attachments

    Outcomes