Change IP address in header?

I have an Exchange 2003 server. Instead of using a standard 192.168.x or 10.x it was established in the range by one of my predecessors.

Lately the 100.100.100 range has been being picked up by a couple blacklists and this is impacting our mail delivery.

 Is there a way to get rid of this without taking exchange off this subnet?
Who is Participating?
rr1968Connect With a Mentor Commented:
This makes sense.
How are you expecting the Exchange email header to have 192.168.20.x address?
The email header takes the ip address of the top network on the Network Adapter binding order. I believe in your case it is the network team,
Tony JLead Technical ArchitectCommented:
Which version of Exchange?

Are you referring to your SMTP banner? i.e. if you do a telnet 100.100.100.x 25 you get the SMTP banner.
You got something mixed ip, your 100.100.100.x is your internal range the rbl ( or blacklist server) will never pick it up, they will pick your public ip
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tony JLead Technical ArchitectCommented:
I just assumed he was referring to the SMTP banner.
timbrighamAuthor Commented:
2003 standard edition. I'm referring to the message header sent by Exchange along with every email generated. It would be line 14 in the code block below. It's the only place that shows in my headers.

Received: by with SMTP id q9cs133944ibq;
        Mon, 15 Nov 2010 09:01:21 -0800 (PST)
Received: by with SMTP id q2mr4548549icz.172.1289840480461;
        Mon, 15 Nov 2010 09:01:20 -0800 (PST)
Return-Path: <>
Received: from ( [65.X.X.99])
        by with ESMTP id d13si408472ibb.47.2010.;
        Mon, 15 Nov 2010 09:01:20 -0800 (PST)
Received-SPF: pass ( domain of designates 65.X.X.99 as permitted sender) client-ip=65.X.X.99;
Authentication-Results:; spf=pass ( domain of designates 65.X.X.99 as permitted sender)
X-WSS-ID: 0LBXRA6-02-2I9-02
Received: from (unknown [])
	by (Tumbleweed MailGate 3.7.2) with ESMTP id 291126801E6
	for <>; Mon, 15 Nov 2010 11:01:17 -0600 (CST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
Subject: Test Email
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 15 Nov 2010 11:01:18 -0600
Message-ID: <>
Thread-Topic: Test Email
Thread-Index: AcuE5riYYv0hK1aSQ/atksT7QKbtxw==
From: "Tim Brigham" <>
To: <>

Open in new window

Akhater, I agree that it is odd but it is from the 100.100 IP. See one of the rejection messages.
<>: host[]
    said: 554 Service unavailable; Client host [] blocked by; Blocked - see (in reply to end of DATA

Open in new window

Tony JConnect With a Mentor Lead Technical ArchitectCommented:
Unfortunately I'm not aware of any way to remove them from Exchange 2003. You can, however, do it on Exchange 2007 or 2010.
Tony JLead Technical ArchitectCommented:
Oh and apologies for misunderstanding your original question(!)
Do you have multiple NIC on the Server?
can you publish the results of the cmd: ipconfig /all
timbrighamAuthor Commented:
Yes, I have dual NICs which are teamed.

Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP Network Team #1
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
BTW, where is 192.168.x.x?
Also, do you NAT the to an external address in the PIX/ASA?

Also when browsing internet from the server, what is the ip address used? You can get this by going to this website: 
you have to browse to whatismyip from the Exchange server
timbrighamAuthor Commented:
rr1968, I have several internal subnets defined in a Cisco 2811.

This includes (VLAN 20) (VLAN 100) and (VLAN1 - legacy). All can communicate with each other as would be expected. The private on the Exchange server is The public IP is 65.X.X.99.
the header will show the internal IP of your server it is normal however the antispam will not check this IP in the RBL it will check your public natted ip

timbrighamAuthor Commented:
Thanks gentlemen. I've been discussing this with my team.
Since there isn't an inbuilt mechanism to do this in either the mailgate device or Exchange 2003 we have been looking at the specifics of how the entry is being added to the headers.

Since it is being added by the the mailgate it should just be a matter of changing the source IP for that traffic.
Assuming that I had a secondary interface at couldn't I just add a static route to 65.X.X.99 on my mail server? That should direct all traffic through the address.
I'm just not sure what in Exchange I would need to do to use this new IP for this traffic, if it is even possible.  
rr1968Connect With a Mentor Commented:
Change the network binding order:
192.168.x.x (should be on top)
100.100.x.x (should be at the bottom)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.