sender mailserver found on blacklist server

I'm using exchange server 2003 + GFI mailessentials 12 for spam filtering.

One of our business client is trying to send us an email which is filtered by GFI as the Sending mail server found on dnsbl.njabl.org. The problem is when I do MX Query to senders domain I get single IP 195.X.X.X which I checked in all blacklist servers, but its clean. but the problem is when I check the email header I see another IP address 81.X.X.X which when I query in blacklist server it is listed in lot of servers. the sender is not a spammer, and his emails gets blocked by our GFI. I also can add him in whitelist but I want to know the reason what really is the problem, as I have seen this with other clients as well.

[Header's keywords]

Our Exchange server domain is: mail.OurMailServer.org  (just for demonstration)  
sender's domain is: senderdomain.com
sender name is: senderusername
Sender's IP: 195.X.X.X
another IP in headers: 81.X.X.X ( dont know where it came from, could be the Outlook's Machine IP? )

Kindly advise me on this situation, what is going on/wrong and what should I do to handle these problems in future.

Thanks a lot.


[Full Headers]

Microsoft Mail Internet Headers Version 2.0
Received: from blue11core.senderdomain.com ([195.X.X.X]) by mail.ourMailServer.org with Microsoft SMTPSVC(6.0.3790.3959);
       Thu, 30 Oct 2008 13:11:17 +0000
Received: from [81.X.X.X] (port=3138 helo=senderusername)
      by blue11core.senderdomain.com with esmtpa (Exim 4.69)
      (envelope-from <senderusername@senderdomain.com>)
      id 1KvVKZ-0006nB-RR; Thu, 30 Oct 2008 11:04:51 +0000
From: "Sender Full Name" <senderusername@senderdomain.com>
To: "''" <@ourMailServer.org>
Cc: <someone@else.com>
References: <5DD5BFD98AEF5B4FBA712AC4EA8ED8469D6499@myhost.ourMailServer.org>
Subject: RE: Receiver@ourMailServer.org - Sending mail server found on dnsbl.njabl.org - RE: Mortgage Offer
Date: Thu, 30 Oct 2008 13:10:14 -0000
Message-ID: <91C2A5BA7A4345258FED891BC307D322@senderusername>
MIME-Version: 1.0
Content-Type: multipart/mixed;
      boundary="----=_NextPart_000_0043_01C93A90.DBE17FA0"
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
Thread-Index: Ack1v+PT2kiCzQdaS5qneC953FN6lgAAFNEgANL9GqAAAHpeIABdTXAQAAAhgyAAADfG0AAC/oKw
In-Reply-To: <5DD5BFD98AEF5B4FBA712AC4EA8ED8469D6499@myhost.ourMailServer.org>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - another.senderdomain.com
X-AntiAbuse: Original Domain - ourMailServer.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - senderdomain.com
X-Source:
X-Source-Args:
X-Source-Dir:
Return-Path: senderusername@senderdomain.com
X-OriginalArrivalTime: 30 Oct 2008 13:11:17.0833 (UTC) FILETIME=[FE9F6390:01C93A90]

------=_NextPart_000_0043_01C93A90.DBE17FA0
Content-Type: multipart/related;
      boundary="----=_NextPart_001_0044_01C93A90.DBE17FA0"

------=_NextPart_001_0044_01C93A90.DBE17FA0
Content-Type: multipart/alternative;
      boundary="----=_NextPart_002_0045_01C93A90.DBE17FA0"

------=_NextPart_002_0045_01C93A90.DBE17FA0
Content-Type: text/plain;
      charset="us-ascii"
Content-Transfer-Encoding: 7bit

------=_NextPart_002_0045_01C93A90.DBE17FA0
Content-Type: text/html;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


------=_NextPart_002_0045_01C93A90.DBE17FA0--
------=_NextPart_001_0044_01C93A90.DBE17FA0
Content-Type: image/gif;
      name="image001.gif"
Content-Transfer-Encoding: base64
Content-ID: <image001.gif@01C93A90.D8683760>

------=_NextPart_001_0044_01C93A90.DBE17FA0
Content-Type: image/gif;
      name="image002.gif"
Content-Transfer-Encoding: base64
Content-ID: <image002.gif@01C93A90.D8683760>

------=_NextPart_001_0044_01C93A90.DBE17FA0
Content-Type: image/gif;
      name="image003.gif"
Content-Transfer-Encoding: base64
Content-ID: <image003.gif@01C93A90.D8683760>

------=_NextPart_001_0044_01C93A90.DBE17FA0
Content-Type: image/gif;
      name="image004.gif"
Content-Transfer-Encoding: base64
Content-ID: <image004.gif@01C93A90.D8683760>

------=_NextPart_001_0044_01C93A90.DBE17FA0
Content-Type: image/gif;
      name="image005.gif"
Content-Transfer-Encoding: base64
Content-ID: <image005.gif@01C93A90.D8683760>


------=_NextPart_001_0044_01C93A90.DBE17FA0--
------=_NextPart_000_0043_01C93A90.DBE17FA0
Content-Type: application/msword;
      name="abbey acs ref request - ltd co.doc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
      filename="abbey acs ref request - ltd co.doc"


------=_NextPart_000_0043_01C93A90.DBE17FA0--

GuildOfDruidsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

simonpainterCommented:
Seems they are relaying their mail via an ISP smtp relay server, from the headers it looks like their IP is on the blacklist and their ISP isn't. Either way they need to apply to the block lists to be removed. It's worth doing a whois on the IP addresses to check who owns them before you whitelist anything.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hugh FraserConsultantCommented:
The MX record points to the host used to receive mail. Outbound mail can (and in this case does) go through another host, and that's the one that mail recipients check against RBLs.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AntiSpam

From novice to tech pro — start learning today.