Solved

Change IP address in header?

Posted on 2010-11-15
15
533 Views
Last Modified: 2012-05-10
I have an Exchange 2003 server. Instead of using a standard 192.168.x or 10.x it was established in the 100.100.100.0/24 range by one of my predecessors.

Lately the 100.100.100 range has been being picked up by a couple blacklists and this is impacting our mail delivery.

 Is there a way to get rid of this without taking exchange off this subnet?
0
Comment
Question by:timbrigham
  • 5
  • 4
  • 4
  • +1
15 Comments
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
Which version of Exchange?

Are you referring to your SMTP banner? i.e. if you do a telnet 100.100.100.x 25 you get the SMTP banner.
0
 
LVL 49

Expert Comment

by:Akhater
Comment Utility
You got something mixed ip, your 100.100.100.x is your internal range the rbl ( or blacklist server) will never pick it up, they will pick your public ip
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
I just assumed he was referring to the SMTP banner.
0
 
LVL 1

Author Comment

by:timbrigham
Comment Utility
2003 standard edition. I'm referring to the message header sent by Exchange along with every email generated. It would be line 14 in the code block below. It's the only place that shows 100.100.100.1 in my headers.

Delivered-To: testacct@gmail.com
Received: by 10.231.10.201 with SMTP id q9cs133944ibq;
        Mon, 15 Nov 2010 09:01:21 -0800 (PST)
Received: by 10.42.173.66 with SMTP id q2mr4548549icz.172.1289840480461;
        Mon, 15 Nov 2010 09:01:20 -0800 (PST)
Return-Path: <TimB@testdomain.org>
Received: from mail.testdomain.org (mail.testdomain.org [65.X.X.99])
        by mx.google.com with ESMTP id d13si408472ibb.47.2010.11.15.09.01.20;
        Mon, 15 Nov 2010 09:01:20 -0800 (PST)
Received-SPF: pass (google.com: domain of TimB@testdomain.org designates 65.X.X.99 as permitted sender) client-ip=65.X.X.99;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of TimB@testdomain.org designates 65.X.X.99 as permitted sender) smtp.mail=TimB@testdomain.org
X-WSS-ID: 0LBXRA6-02-2I9-02
X-M-MSG: 
Received: from jude.testdomain.org (unknown [100.100.100.1])
	by mail.testdomain.org (Tumbleweed MailGate 3.7.2) with ESMTP id 291126801E6
	for <testacct@gmail.com>; Mon, 15 Nov 2010 11:01:17 -0600 (CST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01CB84E6.B8A1D2E0"
Subject: Test Email
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 15 Nov 2010 11:01:18 -0600
Message-ID: <F63ABCDC7AAEA74B960C6459B3746BFD038422D9@gabriel.testdomain.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Test Email
Thread-Index: AcuE5riYYv0hK1aSQ/atksT7QKbtxw==
From: "Tim Brigham" <TimB@testdomain.org>
To: <testacct@gmail.com>

Open in new window



Akhater, I agree that it is odd but it is from the 100.100 IP. See one of the rejection messages.
<inforcfcanic@cablenet.com.ni>: host mailbackup.cablenet.com.ni[190.184.1.3]
    said: 554 Service unavailable; Client host [mail.testdomain.org] blocked by
    cbl.abuseat.org; Blocked - see
    http://cbl.abuseat.org/lookup.cgi?ip=100.100.100.1 (in reply to end of DATA
    command)

Open in new window

0
 
LVL 25

Assisted Solution

by:Tony1044
Tony1044 earned 166 total points
Comment Utility
Unfortunately I'm not aware of any way to remove them from Exchange 2003. You can, however, do it on Exchange 2007 or 2010.
0
 
LVL 25

Expert Comment

by:Tony1044
Comment Utility
Oh and apologies for misunderstanding your original question(!)
0
 
LVL 8

Expert Comment

by:rr1968
Comment Utility
Do you have multiple NIC on the Server?
can you publish the results of the cmd: ipconfig /all
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 1

Author Comment

by:timbrigham
Comment Utility
Yes, I have dual NICs which are teamed.

Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP Network Team #1
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 100.100.100.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
0
 
LVL 8

Expert Comment

by:rr1968
Comment Utility
BTW, where is 192.168.x.x?
Also, do you NAT the 100.100.100.1 to an external address in the PIX/ASA?

Also when browsing internet from the server, what is the ip address used? You can get this by going to this website: www.whatismyip.com
0
 
LVL 8

Expert Comment

by:rr1968
Comment Utility
you have to browse to whatismyip from the Exchange server
0
 
LVL 1

Author Comment

by:timbrigham
Comment Utility
rr1968, I have several internal subnets defined in a Cisco 2811.

This includes 192.168.20.0/24 (VLAN 20) 192.168.100.0/24 (VLAN 100) and 100.100.100.0/24 (VLAN1 - legacy). All can communicate with each other as would be expected. The private on the Exchange server is 100.100.100.1. The public IP is 65.X.X.99.
0
 
LVL 8

Accepted Solution

by:
rr1968 earned 334 total points
Comment Utility
This makes sense.
How are you expecting the Exchange email header to have 192.168.20.x address?
The email header takes the ip address of the top network on the Network Adapter binding order. I believe in your case it is the network team, 100.100.100.1
0
 
LVL 49

Expert Comment

by:Akhater
Comment Utility
the header will show the internal IP of your server it is normal however the antispam will not check this IP in the RBL it will check your public natted ip

0
 
LVL 1

Author Comment

by:timbrigham
Comment Utility
Thanks gentlemen. I've been discussing this with my team.
Since there isn't an inbuilt mechanism to do this in either the mailgate device or Exchange 2003 we have been looking at the specifics of how the 100.100.100.1 entry is being added to the headers.

Since it is being added by the the mailgate it should just be a matter of changing the source IP for that traffic.
Assuming that I had a secondary interface at 192.168.100.10 couldn't I just add a static route to 65.X.X.99 on my mail server? That should direct all traffic through the 192.168.100.10 address.
I'm just not sure what in Exchange I would need to do to use this new IP for this traffic, if it is even possible.  
0
 
LVL 8

Assisted Solution

by:rr1968
rr1968 earned 334 total points
Comment Utility
Change the network binding order:
192.168.x.x (should be on top)
100.100.x.x (should be at the bottom)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now