Solved

Change IP address in header?

Posted on 2010-11-15
15
563 Views
Last Modified: 2012-05-10
I have an Exchange 2003 server. Instead of using a standard 192.168.x or 10.x it was established in the 100.100.100.0/24 range by one of my predecessors.

Lately the 100.100.100 range has been being picked up by a couple blacklists and this is impacting our mail delivery.

 Is there a way to get rid of this without taking exchange off this subnet?
0
Comment
Question by:timbrigham
  • 5
  • 4
  • 4
  • +1
15 Comments
 
LVL 25

Expert Comment

by:Tony Johncock
ID: 34137755
Which version of Exchange?

Are you referring to your SMTP banner? i.e. if you do a telnet 100.100.100.x 25 you get the SMTP banner.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34137785
You got something mixed ip, your 100.100.100.x is your internal range the rbl ( or blacklist server) will never pick it up, they will pick your public ip
0
 
LVL 25

Expert Comment

by:Tony Johncock
ID: 34137866
I just assumed he was referring to the SMTP banner.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 1

Author Comment

by:timbrigham
ID: 34137887
2003 standard edition. I'm referring to the message header sent by Exchange along with every email generated. It would be line 14 in the code block below. It's the only place that shows 100.100.100.1 in my headers.

Delivered-To: testacct@gmail.com
Received: by 10.231.10.201 with SMTP id q9cs133944ibq;
        Mon, 15 Nov 2010 09:01:21 -0800 (PST)
Received: by 10.42.173.66 with SMTP id q2mr4548549icz.172.1289840480461;
        Mon, 15 Nov 2010 09:01:20 -0800 (PST)
Return-Path: <TimB@testdomain.org>
Received: from mail.testdomain.org (mail.testdomain.org [65.X.X.99])
        by mx.google.com with ESMTP id d13si408472ibb.47.2010.11.15.09.01.20;
        Mon, 15 Nov 2010 09:01:20 -0800 (PST)
Received-SPF: pass (google.com: domain of TimB@testdomain.org designates 65.X.X.99 as permitted sender) client-ip=65.X.X.99;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of TimB@testdomain.org designates 65.X.X.99 as permitted sender) smtp.mail=TimB@testdomain.org
X-WSS-ID: 0LBXRA6-02-2I9-02
X-M-MSG: 
Received: from jude.testdomain.org (unknown [100.100.100.1])
	by mail.testdomain.org (Tumbleweed MailGate 3.7.2) with ESMTP id 291126801E6
	for <testacct@gmail.com>; Mon, 15 Nov 2010 11:01:17 -0600 (CST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01CB84E6.B8A1D2E0"
Subject: Test Email
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 15 Nov 2010 11:01:18 -0600
Message-ID: <F63ABCDC7AAEA74B960C6459B3746BFD038422D9@gabriel.testdomain.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Test Email
Thread-Index: AcuE5riYYv0hK1aSQ/atksT7QKbtxw==
From: "Tim Brigham" <TimB@testdomain.org>
To: <testacct@gmail.com>

Open in new window



Akhater, I agree that it is odd but it is from the 100.100 IP. See one of the rejection messages.
<inforcfcanic@cablenet.com.ni>: host mailbackup.cablenet.com.ni[190.184.1.3]
    said: 554 Service unavailable; Client host [mail.testdomain.org] blocked by
    cbl.abuseat.org; Blocked - see
    http://cbl.abuseat.org/lookup.cgi?ip=100.100.100.1 (in reply to end of DATA
    command)

Open in new window

0
 
LVL 25

Assisted Solution

by:Tony Johncock
Tony Johncock earned 166 total points
ID: 34137982
Unfortunately I'm not aware of any way to remove them from Exchange 2003. You can, however, do it on Exchange 2007 or 2010.
0
 
LVL 25

Expert Comment

by:Tony Johncock
ID: 34137986
Oh and apologies for misunderstanding your original question(!)
0
 
LVL 8

Expert Comment

by:rr1968
ID: 34138195
Do you have multiple NIC on the Server?
can you publish the results of the cmd: ipconfig /all
0
 
LVL 1

Author Comment

by:timbrigham
ID: 34138219
Yes, I have dual NICs which are teamed.

Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP Network Team #1
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 100.100.100.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
0
 
LVL 8

Expert Comment

by:rr1968
ID: 34138264
BTW, where is 192.168.x.x?
Also, do you NAT the 100.100.100.1 to an external address in the PIX/ASA?

Also when browsing internet from the server, what is the ip address used? You can get this by going to this website: www.whatismyip.com 
0
 
LVL 8

Expert Comment

by:rr1968
ID: 34138278
you have to browse to whatismyip from the Exchange server
0
 
LVL 1

Author Comment

by:timbrigham
ID: 34138358
rr1968, I have several internal subnets defined in a Cisco 2811.

This includes 192.168.20.0/24 (VLAN 20) 192.168.100.0/24 (VLAN 100) and 100.100.100.0/24 (VLAN1 - legacy). All can communicate with each other as would be expected. The private on the Exchange server is 100.100.100.1. The public IP is 65.X.X.99.
0
 
LVL 8

Accepted Solution

by:
rr1968 earned 334 total points
ID: 34138445
This makes sense.
How are you expecting the Exchange email header to have 192.168.20.x address?
The email header takes the ip address of the top network on the Network Adapter binding order. I believe in your case it is the network team, 100.100.100.1
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34140575
the header will show the internal IP of your server it is normal however the antispam will not check this IP in the RBL it will check your public natted ip

0
 
LVL 1

Author Comment

by:timbrigham
ID: 34158179
Thanks gentlemen. I've been discussing this with my team.
Since there isn't an inbuilt mechanism to do this in either the mailgate device or Exchange 2003 we have been looking at the specifics of how the 100.100.100.1 entry is being added to the headers.

Since it is being added by the the mailgate it should just be a matter of changing the source IP for that traffic.
Assuming that I had a secondary interface at 192.168.100.10 couldn't I just add a static route to 65.X.X.99 on my mail server? That should direct all traffic through the 192.168.100.10 address.
I'm just not sure what in Exchange I would need to do to use this new IP for this traffic, if it is even possible.  
0
 
LVL 8

Assisted Solution

by:rr1968
rr1968 earned 334 total points
ID: 34158229
Change the network binding order:
192.168.x.x (should be on top)
100.100.x.x (should be at the bottom)
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This video discusses moving either the default database or any database to a new volume.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question