Solved

Flagged As Spam

Posted on 2011-03-01
8
1,533 Views
Last Modified: 2013-03-11
I have an Exchange 2010 environment with several clients using Outlook Anywhere. The email headers are showing the clients IP Address from there homes and that is getting rejected by spam filters. I have RDNS setup for my datacenter IP and I have the full FQDN setup on the outbound connector.

Does anyone know how these spam filters are seeing the originating IP address ?

Thanks in advance !
0
Comment
Question by:Shuby
  • 4
  • 4
8 Comments
 
LVL 15

Expert Comment

by:weinberk
ID: 35010301
Can you show us a redacted set of headers?  Try having a remote user email a google account (which should accept the mail, though it might flag it as spam).
0
 
LVL 1

Author Comment

by:Shuby
ID: 35010359
Original message headers:
 
Received: from ***HEX.colo.***osting.com ([fe80::1c18:8be2:ffed:1063]) by
 ***HEX.colo.***osting.com ([fe80::1c18:8be2:ffed:1063%11]) with mapi id
 14.01.0218.012; Tue, 1 Mar 2011 10:37:50 -0500
From: John F <redactme@redacted.com>
To: redactme <redactme@redacted.com>
Subject: RE: 2009 tax returns
Thread-Topic: 2009 tax returns
Thread-Index: AcraRMn7+bC+q9nASDyx5IaOeKQImj94I1IgAABCu9A=
Date: Tue, 1 Mar 2011 15:37:48 +0000
Message-ID: <CE94D0EAA027B64CA3D7752C2B24971A3E5C74@***HEX.colo.***osting.com>
References: <002c01cada44$cb784a90$6268dfb0$@net>
 <4011626BA83CAB429CAF682360C3D1AB52153D@mps1.M-P.local>
In-Reply-To: <4011626BA83CAB429CAF682360C3D1AB52153D@mps1.M-P.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [69.XXX.144.8] <------ this is what i don't understand why this IP is coming up.
Content-Type: multipart/mixed;
        boundary="_007_CE94D0EAA027B64CA3D7752C2B24971A3E5C74S7HEXcolos7hostin_"
MIME-Version: 1.0
0
 
LVL 15

Expert Comment

by:weinberk
ID: 35010786
The x-Originating-IP is likely being added by OWA (or outlook anywhere, ex 2010).  However, that shouldn't be causing things to trigger as spam on the recipient end.

Most antispam systems that I've worked with parse the Recieved lines and use that to determine if the message originates from a good smtp server or just one running locally on a pc.

It looks like you sent this to yourself.  Do you have a gmail account that could be used?  That'll show IPv4 addresses instead of the ipv6 that's in the recieved line.

0
 
LVL 1

Author Comment

by:Shuby
ID: 35020141
I just sent a test email; the server is showing both IP ver 4 & 6 addresses of my mail gateway as Received by.

However it still shows the originating IP address as my local cable line.

I can't turn IP 6 completely off on the nic because it'll wreck the exchange box. Any ideas ?
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 1

Author Comment

by:Shuby
ID: 35020363
People will appreciate me and love for this. I am going to give weinberk credit because he did mention x-originating-ip.

After doing some research by activating Verbose Logging of the Send Connector, by using Wireshark, and by sending a message manually to the firewall by using Telnet (which worked), I found out that the problem is caused by the "x-originating-ip" header. This header is added since Exchange Server 2010 SP1 and, for some reason, the SecurePoint Firewall, the Mailfilter or whatever is not able to handle it. When inspecting a mail, you will find the header like:

X-MS-TNEF-Correlator:
x-originating-ip: [xxx.xxx.xxx.xxx]
Content-Type: multipart/alternative;
Here's how to disable adding the header (or, to be more precise, how to remove it):

Open the Exchange Management Console
Open "Transport Rules" under "Organization Configuration" -> "Hub Transport"
Add a new Transport Rule and give it a name (such as "Remove x-originating-ip header")
Do not choose any condition (we want to apply the rule to all mails)
Choose "Remove header", and modify the action to match the "x-originating-ip" header
Do not choose any exception (except you want to, of course)
Apply the new rule.
Filed under: Exchange Server, Windows
0
 
LVL 15

Accepted Solution

by:
weinberk earned 250 total points
ID: 35021334
Hi Shuby-
 
Glad that my information helped.

Sounds like the antispam system is being a bit to picky - users from home / dynamic ip's should certainly be able to send mail, though not directly.  As long as they go through a propper server like yours, they shouldn't be scored as spam.  It's good that you're able to turn this "feature" of exchange off.  It's no one's business what IP your home users are using!

Instead of "closing" the question, please accept and award points to the answers that I gave that led you to dig more.

Thanks.
0
 
LVL 1

Author Closing Comment

by:Shuby
ID: 35031319
thanks
0
 
LVL 15

Expert Comment

by:weinberk
ID: 35031377
(next time try to select the post or posts that actually helped.  that'll make it easier for someone else looking to get started on the solution)
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now