?
Solved

Change IP address in header?

Posted on 2010-11-15
15
Medium Priority
?
572 Views
Last Modified: 2012-05-10
I have an Exchange 2003 server. Instead of using a standard 192.168.x or 10.x it was established in the 100.100.100.0/24 range by one of my predecessors.

Lately the 100.100.100 range has been being picked up by a couple blacklists and this is impacting our mail delivery.

 Is there a way to get rid of this without taking exchange off this subnet?
0
Comment
Question by:timbrigham
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 4
  • +1
15 Comments
 
LVL 26

Expert Comment

by:Tony J
ID: 34137755
Which version of Exchange?

Are you referring to your SMTP banner? i.e. if you do a telnet 100.100.100.x 25 you get the SMTP banner.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34137785
You got something mixed ip, your 100.100.100.x is your internal range the rbl ( or blacklist server) will never pick it up, they will pick your public ip
0
 
LVL 26

Expert Comment

by:Tony J
ID: 34137866
I just assumed he was referring to the SMTP banner.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 1

Author Comment

by:timbrigham
ID: 34137887
2003 standard edition. I'm referring to the message header sent by Exchange along with every email generated. It would be line 14 in the code block below. It's the only place that shows 100.100.100.1 in my headers.

Delivered-To: testacct@gmail.com
Received: by 10.231.10.201 with SMTP id q9cs133944ibq;
        Mon, 15 Nov 2010 09:01:21 -0800 (PST)
Received: by 10.42.173.66 with SMTP id q2mr4548549icz.172.1289840480461;
        Mon, 15 Nov 2010 09:01:20 -0800 (PST)
Return-Path: <TimB@testdomain.org>
Received: from mail.testdomain.org (mail.testdomain.org [65.X.X.99])
        by mx.google.com with ESMTP id d13si408472ibb.47.2010.11.15.09.01.20;
        Mon, 15 Nov 2010 09:01:20 -0800 (PST)
Received-SPF: pass (google.com: domain of TimB@testdomain.org designates 65.X.X.99 as permitted sender) client-ip=65.X.X.99;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of TimB@testdomain.org designates 65.X.X.99 as permitted sender) smtp.mail=TimB@testdomain.org
X-WSS-ID: 0LBXRA6-02-2I9-02
X-M-MSG: 
Received: from jude.testdomain.org (unknown [100.100.100.1])
	by mail.testdomain.org (Tumbleweed MailGate 3.7.2) with ESMTP id 291126801E6
	for <testacct@gmail.com>; Mon, 15 Nov 2010 11:01:17 -0600 (CST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01CB84E6.B8A1D2E0"
Subject: Test Email
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 15 Nov 2010 11:01:18 -0600
Message-ID: <F63ABCDC7AAEA74B960C6459B3746BFD038422D9@gabriel.testdomain.org>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Test Email
Thread-Index: AcuE5riYYv0hK1aSQ/atksT7QKbtxw==
From: "Tim Brigham" <TimB@testdomain.org>
To: <testacct@gmail.com>

Open in new window



Akhater, I agree that it is odd but it is from the 100.100 IP. See one of the rejection messages.
<inforcfcanic@cablenet.com.ni>: host mailbackup.cablenet.com.ni[190.184.1.3]
    said: 554 Service unavailable; Client host [mail.testdomain.org] blocked by
    cbl.abuseat.org; Blocked - see
    http://cbl.abuseat.org/lookup.cgi?ip=100.100.100.1 (in reply to end of DATA
    command)

Open in new window

0
 
LVL 26

Assisted Solution

by:Tony J
Tony J earned 664 total points
ID: 34137982
Unfortunately I'm not aware of any way to remove them from Exchange 2003. You can, however, do it on Exchange 2007 or 2010.
0
 
LVL 26

Expert Comment

by:Tony J
ID: 34137986
Oh and apologies for misunderstanding your original question(!)
0
 
LVL 8

Expert Comment

by:rr1968
ID: 34138195
Do you have multiple NIC on the Server?
can you publish the results of the cmd: ipconfig /all
0
 
LVL 1

Author Comment

by:timbrigham
ID: 34138219
Yes, I have dual NICs which are teamed.

Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP Network Team #1
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 100.100.100.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
0
 
LVL 8

Expert Comment

by:rr1968
ID: 34138264
BTW, where is 192.168.x.x?
Also, do you NAT the 100.100.100.1 to an external address in the PIX/ASA?

Also when browsing internet from the server, what is the ip address used? You can get this by going to this website: www.whatismyip.com 
0
 
LVL 8

Expert Comment

by:rr1968
ID: 34138278
you have to browse to whatismyip from the Exchange server
0
 
LVL 1

Author Comment

by:timbrigham
ID: 34138358
rr1968, I have several internal subnets defined in a Cisco 2811.

This includes 192.168.20.0/24 (VLAN 20) 192.168.100.0/24 (VLAN 100) and 100.100.100.0/24 (VLAN1 - legacy). All can communicate with each other as would be expected. The private on the Exchange server is 100.100.100.1. The public IP is 65.X.X.99.
0
 
LVL 8

Accepted Solution

by:
rr1968 earned 1336 total points
ID: 34138445
This makes sense.
How are you expecting the Exchange email header to have 192.168.20.x address?
The email header takes the ip address of the top network on the Network Adapter binding order. I believe in your case it is the network team, 100.100.100.1
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34140575
the header will show the internal IP of your server it is normal however the antispam will not check this IP in the RBL it will check your public natted ip

0
 
LVL 1

Author Comment

by:timbrigham
ID: 34158179
Thanks gentlemen. I've been discussing this with my team.
Since there isn't an inbuilt mechanism to do this in either the mailgate device or Exchange 2003 we have been looking at the specifics of how the 100.100.100.1 entry is being added to the headers.

Since it is being added by the the mailgate it should just be a matter of changing the source IP for that traffic.
Assuming that I had a secondary interface at 192.168.100.10 couldn't I just add a static route to 65.X.X.99 on my mail server? That should direct all traffic through the 192.168.100.10 address.
I'm just not sure what in Exchange I would need to do to use this new IP for this traffic, if it is even possible.  
0
 
LVL 8

Assisted Solution

by:rr1968
rr1968 earned 1336 total points
ID: 34158229
Change the network binding order:
192.168.x.x (should be on top)
100.100.x.x (should be at the bottom)
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data‚Ķ
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question