Solved

Change IP address in header?

Posted on 2010-11-15
15
549 Views
Last Modified: 2012-05-10
I have an Exchange 2003 server. Instead of using a standard 192.168.x or 10.x it was established in the 100.100.100.0/24 range by one of my predecessors.

Lately the 100.100.100 range has been being picked up by a couple blacklists and this is impacting our mail delivery.

 Is there a way to get rid of this without taking exchange off this subnet?
0
Comment
Question by:timbrigham
  • 5
  • 4
  • 4
  • +1
15 Comments
 
LVL 25

Expert Comment

by:Tony Johncock
ID: 34137755
Which version of Exchange?

Are you referring to your SMTP banner? i.e. if you do a telnet 100.100.100.x 25 you get the SMTP banner.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34137785
You got something mixed ip, your 100.100.100.x is your internal range the rbl ( or blacklist server) will never pick it up, they will pick your public ip
0
 
LVL 25

Expert Comment

by:Tony Johncock
ID: 34137866
I just assumed he was referring to the SMTP banner.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:timbrigham
ID: 34137887
2003 standard edition. I'm referring to the message header sent by Exchange along with every email generated. It would be line 14 in the code block below. It's the only place that shows 100.100.100.1 in my headers.

Delivered-To: testacct@gmail.com
Received: by 10.231.10.201 with SMTP id q9cs133944ibq;
        Mon, 15 Nov 2010 09:01:21 -0800 (PST)
Received: by 10.42.173.66 with SMTP id q2mr4548549icz.172.1289840480461;
        Mon, 15 Nov 2010 09:01:20 -0800 (PST)
Return-Path: <TimB@testdomain.org>
Received: from mail.testdomain.org (mail.testdomain.org [65.X.X.99])
        by mx.google.com with ESMTP id d13si408472ibb.47.2010.11.15.09.01.20;
        Mon, 15 Nov 2010 09:01:20 -0800 (PST)
Received-SPF: pass (google.com: domain of TimB@testdomain.org designates 65.X.X.99 as permitted sender) client-ip=65.X.X.99;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of TimB@testdomain.org designates 65.X.X.99 as permitted sender) smtp.mail=TimB@testdomain.org
X-WSS-ID: 0LBXRA6-02-2I9-02
X-M-MSG: 
Received: from jude.testdomain.org (unknown [100.100.100.1])
	by mail.testdomain.org (Tumbleweed MailGate 3.7.2) with ESMTP id 291126801E6
	for <testacct@gmail.com>; Mon, 15 Nov 2010 11:01:17 -0600 (CST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01CB84E6.B8A1D2E0"
Subject: Test Email
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 15 Nov 2010 11:01:18 -0600
Message-ID: <F63ABCDC7AAEA74B960C6459B3746BFD038422D9@gabriel.testdomain.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Test Email
Thread-Index: AcuE5riYYv0hK1aSQ/atksT7QKbtxw==
From: "Tim Brigham" <TimB@testdomain.org>
To: <testacct@gmail.com>

Open in new window



Akhater, I agree that it is odd but it is from the 100.100 IP. See one of the rejection messages.
<inforcfcanic@cablenet.com.ni>: host mailbackup.cablenet.com.ni[190.184.1.3]
    said: 554 Service unavailable; Client host [mail.testdomain.org] blocked by
    cbl.abuseat.org; Blocked - see
    http://cbl.abuseat.org/lookup.cgi?ip=100.100.100.1 (in reply to end of DATA
    command)

Open in new window

0
 
LVL 25

Assisted Solution

by:Tony Johncock
Tony Johncock earned 166 total points
ID: 34137982
Unfortunately I'm not aware of any way to remove them from Exchange 2003. You can, however, do it on Exchange 2007 or 2010.
0
 
LVL 25

Expert Comment

by:Tony Johncock
ID: 34137986
Oh and apologies for misunderstanding your original question(!)
0
 
LVL 8

Expert Comment

by:rr1968
ID: 34138195
Do you have multiple NIC on the Server?
can you publish the results of the cmd: ipconfig /all
0
 
LVL 1

Author Comment

by:timbrigham
ID: 34138219
Yes, I have dual NICs which are teamed.

Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP Network Team #1
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 100.100.100.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
0
 
LVL 8

Expert Comment

by:rr1968
ID: 34138264
BTW, where is 192.168.x.x?
Also, do you NAT the 100.100.100.1 to an external address in the PIX/ASA?

Also when browsing internet from the server, what is the ip address used? You can get this by going to this website: www.whatismyip.com 
0
 
LVL 8

Expert Comment

by:rr1968
ID: 34138278
you have to browse to whatismyip from the Exchange server
0
 
LVL 1

Author Comment

by:timbrigham
ID: 34138358
rr1968, I have several internal subnets defined in a Cisco 2811.

This includes 192.168.20.0/24 (VLAN 20) 192.168.100.0/24 (VLAN 100) and 100.100.100.0/24 (VLAN1 - legacy). All can communicate with each other as would be expected. The private on the Exchange server is 100.100.100.1. The public IP is 65.X.X.99.
0
 
LVL 8

Accepted Solution

by:
rr1968 earned 334 total points
ID: 34138445
This makes sense.
How are you expecting the Exchange email header to have 192.168.20.x address?
The email header takes the ip address of the top network on the Network Adapter binding order. I believe in your case it is the network team, 100.100.100.1
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34140575
the header will show the internal IP of your server it is normal however the antispam will not check this IP in the RBL it will check your public natted ip

0
 
LVL 1

Author Comment

by:timbrigham
ID: 34158179
Thanks gentlemen. I've been discussing this with my team.
Since there isn't an inbuilt mechanism to do this in either the mailgate device or Exchange 2003 we have been looking at the specifics of how the 100.100.100.1 entry is being added to the headers.

Since it is being added by the the mailgate it should just be a matter of changing the source IP for that traffic.
Assuming that I had a secondary interface at 192.168.100.10 couldn't I just add a static route to 65.X.X.99 on my mail server? That should direct all traffic through the 192.168.100.10 address.
I'm just not sure what in Exchange I would need to do to use this new IP for this traffic, if it is even possible.  
0
 
LVL 8

Assisted Solution

by:rr1968
rr1968 earned 334 total points
ID: 34158229
Change the network binding order:
192.168.x.x (should be on top)
100.100.x.x (should be at the bottom)
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Find out what you should include to make the best professional email signature for your organization.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question