?
Solved

Flagged As Spam

Posted on 2011-03-01
8
Medium Priority
?
1,581 Views
Last Modified: 2013-03-11
I have an Exchange 2010 environment with several clients using Outlook Anywhere. The email headers are showing the clients IP Address from there homes and that is getting rejected by spam filters. I have RDNS setup for my datacenter IP and I have the full FQDN setup on the outbound connector.

Does anyone know how these spam filters are seeing the originating IP address ?

Thanks in advance !
0
Comment
Question by:Shuby
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 15

Expert Comment

by:Berkson Wein
ID: 35010301
Can you show us a redacted set of headers?  Try having a remote user email a google account (which should accept the mail, though it might flag it as spam).
0
 
LVL 1

Author Comment

by:Shuby
ID: 35010359
Original message headers:
 
Received: from ***HEX.colo.***osting.com ([fe80::1c18:8be2:ffed:1063]) by
 ***HEX.colo.***osting.com ([fe80::1c18:8be2:ffed:1063%11]) with mapi id
 14.01.0218.012; Tue, 1 Mar 2011 10:37:50 -0500
From: John F <redactme@redacted.com>
To: redactme <redactme@redacted.com>
Subject: RE: 2009 tax returns
Thread-Topic: 2009 tax returns
Thread-Index: AcraRMn7+bC+q9nASDyx5IaOeKQImj94I1IgAABCu9A=
Date: Tue, 1 Mar 2011 15:37:48 +0000
Message-ID: <CE94D0EAA027B64CA3D7752C2B24971A3E5C74@***HEX.colo.***osting.com>
References: <002c01cada44$cb784a90$6268dfb0$@net>
 <4011626BA83CAB429CAF682360C3D1AB52153D@mps1.M-P.local>
In-Reply-To: <4011626BA83CAB429CAF682360C3D1AB52153D@mps1.M-P.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [69.XXX.144.8] <------ this is what i don't understand why this IP is coming up.
Content-Type: multipart/mixed;
        boundary="_007_CE94D0EAA027B64CA3D7752C2B24971A3E5C74S7HEXcolos7hostin_"
MIME-Version: 1.0
0
 
LVL 15

Expert Comment

by:Berkson Wein
ID: 35010786
The x-Originating-IP is likely being added by OWA (or outlook anywhere, ex 2010).  However, that shouldn't be causing things to trigger as spam on the recipient end.

Most antispam systems that I've worked with parse the Recieved lines and use that to determine if the message originates from a good smtp server or just one running locally on a pc.

It looks like you sent this to yourself.  Do you have a gmail account that could be used?  That'll show IPv4 addresses instead of the ipv6 that's in the recieved line.

0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 1

Author Comment

by:Shuby
ID: 35020141
I just sent a test email; the server is showing both IP ver 4 & 6 addresses of my mail gateway as Received by.

However it still shows the originating IP address as my local cable line.

I can't turn IP 6 completely off on the nic because it'll wreck the exchange box. Any ideas ?
0
 
LVL 1

Author Comment

by:Shuby
ID: 35020363
People will appreciate me and love for this. I am going to give weinberk credit because he did mention x-originating-ip.

After doing some research by activating Verbose Logging of the Send Connector, by using Wireshark, and by sending a message manually to the firewall by using Telnet (which worked), I found out that the problem is caused by the "x-originating-ip" header. This header is added since Exchange Server 2010 SP1 and, for some reason, the SecurePoint Firewall, the Mailfilter or whatever is not able to handle it. When inspecting a mail, you will find the header like:

X-MS-TNEF-Correlator:
x-originating-ip: [xxx.xxx.xxx.xxx]
Content-Type: multipart/alternative;
Here's how to disable adding the header (or, to be more precise, how to remove it):

Open the Exchange Management Console
Open "Transport Rules" under "Organization Configuration" -> "Hub Transport"
Add a new Transport Rule and give it a name (such as "Remove x-originating-ip header")
Do not choose any condition (we want to apply the rule to all mails)
Choose "Remove header", and modify the action to match the "x-originating-ip" header
Do not choose any exception (except you want to, of course)
Apply the new rule.
Filed under: Exchange Server, Windows
0
 
LVL 15

Accepted Solution

by:
Berkson Wein earned 500 total points
ID: 35021334
Hi Shuby-
 
Glad that my information helped.

Sounds like the antispam system is being a bit to picky - users from home / dynamic ip's should certainly be able to send mail, though not directly.  As long as they go through a propper server like yours, they shouldn't be scored as spam.  It's good that you're able to turn this "feature" of exchange off.  It's no one's business what IP your home users are using!

Instead of "closing" the question, please accept and award points to the answers that I gave that led you to dig more.

Thanks.
0
 
LVL 1

Author Closing Comment

by:Shuby
ID: 35031319
thanks
0
 
LVL 15

Expert Comment

by:Berkson Wein
ID: 35031377
(next time try to select the post or posts that actually helped.  that'll make it easier for someone else looking to get started on the solution)
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Changing a few Outlook Options can help keep you organized!
In this article I discuss my selections of the Top Four free Outlook OST File Viewers available. Open, view and read even damaged OST files by using these tools. They all provide a clear preview of all data such as emails, notes, tasks, calendars, e…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month12 days, 21 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question