sender mailserver found on blacklist server

Posted on 2008-11-14
Last Modified: 2012-05-05
I'm using exchange server 2003 + GFI mailessentials 12 for spam filtering.

One of our business client is trying to send us an email which is filtered by GFI as the Sending mail server found on The problem is when I do MX Query to senders domain I get single IP 195.X.X.X which I checked in all blacklist servers, but its clean. but the problem is when I check the email header I see another IP address 81.X.X.X which when I query in blacklist server it is listed in lot of servers. the sender is not a spammer, and his emails gets blocked by our GFI. I also can add him in whitelist but I want to know the reason what really is the problem, as I have seen this with other clients as well.

[Header's keywords]

Our Exchange server domain is:  (just for demonstration)  
sender's domain is:
sender name is: senderusername
Sender's IP: 195.X.X.X
another IP in headers: 81.X.X.X ( dont know where it came from, could be the Outlook's Machine IP? )

Kindly advise me on this situation, what is going on/wrong and what should I do to handle these problems in future.

Thanks a lot.

[Full Headers]

Microsoft Mail Internet Headers Version 2.0
Received: from ([195.X.X.X]) by with Microsoft SMTPSVC(6.0.3790.3959);
       Thu, 30 Oct 2008 13:11:17 +0000
Received: from [81.X.X.X] (port=3138 helo=senderusername)
      by with esmtpa (Exim 4.69)
      (envelope-from <>)
      id 1KvVKZ-0006nB-RR; Thu, 30 Oct 2008 11:04:51 +0000
From: "Sender Full Name" <>
To: "''" <>
Cc: <>
References: <>
Subject: RE: - Sending mail server found on - RE: Mortgage Offer
Date: Thu, 30 Oct 2008 13:10:14 -0000
Message-ID: <91C2A5BA7A4345258FED891BC307D322@senderusername>
MIME-Version: 1.0
Content-Type: multipart/mixed;
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
Thread-Index: Ack1v+PT2kiCzQdaS5qneC953FN6lgAAFNEgANL9GqAAAHpeIABdTXAQAAAhgyAAADfG0AAC/oKw
In-Reply-To: <>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-OriginalArrivalTime: 30 Oct 2008 13:11:17.0833 (UTC) FILETIME=[FE9F6390:01C93A90]

Content-Type: multipart/related;

Content-Type: multipart/alternative;

Content-Type: text/plain;
Content-Transfer-Encoding: 7bit

Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

Content-Type: image/gif;
Content-Transfer-Encoding: base64
Content-ID: <image001.gif@01C93A90.D8683760>

Content-Type: image/gif;
Content-Transfer-Encoding: base64
Content-ID: <image002.gif@01C93A90.D8683760>

Content-Type: image/gif;
Content-Transfer-Encoding: base64
Content-ID: <image003.gif@01C93A90.D8683760>

Content-Type: image/gif;
Content-Transfer-Encoding: base64
Content-ID: <image004.gif@01C93A90.D8683760>

Content-Type: image/gif;
Content-Transfer-Encoding: base64
Content-ID: <image005.gif@01C93A90.D8683760>

Content-Type: application/msword;
      name="abbey acs ref request - ltd co.doc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
      filename="abbey acs ref request - ltd co.doc"


Question by:GuildOfDruids
    LVL 5

    Accepted Solution

    Seems they are relaying their mail via an ISP smtp relay server, from the headers it looks like their IP is on the blacklist and their ISP isn't. Either way they need to apply to the block lists to be removed. It's worth doing a whois on the IP addresses to check who owns them before you whitelist anything.
    LVL 12

    Expert Comment

    The MX record points to the host used to receive mail. Outbound mail can (and in this case does) go through another host, and that's the one that mail recipients check against RBLs.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why spend so long doing email signature updates?

    Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
    In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now