Flagged As Spam

I have an Exchange 2010 environment with several clients using Outlook Anywhere. The email headers are showing the clients IP Address from there homes and that is getting rejected by spam filters. I have RDNS setup for my datacenter IP and I have the full FQDN setup on the outbound connector.

Does anyone know how these spam filters are seeing the originating IP address ?

Thanks in advance !
LVL 1
ShubyAsked:
Who is Participating?
 
Berkson WeinConnect With a Mentor Tech FreelancerCommented:
Hi Shuby-
 
Glad that my information helped.

Sounds like the antispam system is being a bit to picky - users from home / dynamic ip's should certainly be able to send mail, though not directly.  As long as they go through a propper server like yours, they shouldn't be scored as spam.  It's good that you're able to turn this "feature" of exchange off.  It's no one's business what IP your home users are using!

Instead of "closing" the question, please accept and award points to the answers that I gave that led you to dig more.

Thanks.
0
 
Berkson WeinTech FreelancerCommented:
Can you show us a redacted set of headers?  Try having a remote user email a google account (which should accept the mail, though it might flag it as spam).
0
 
ShubyAuthor Commented:
Original message headers:
 
Received: from ***HEX.colo.***osting.com ([fe80::1c18:8be2:ffed:1063]) by
 ***HEX.colo.***osting.com ([fe80::1c18:8be2:ffed:1063%11]) with mapi id
 14.01.0218.012; Tue, 1 Mar 2011 10:37:50 -0500
From: John F <redactme@redacted.com>
To: redactme <redactme@redacted.com>
Subject: RE: 2009 tax returns
Thread-Topic: 2009 tax returns
Thread-Index: AcraRMn7+bC+q9nASDyx5IaOeKQImj94I1IgAABCu9A=
Date: Tue, 1 Mar 2011 15:37:48 +0000
Message-ID: <CE94D0EAA027B64CA3D7752C2B24971A3E5C74@***HEX.colo.***osting.com>
References: <002c01cada44$cb784a90$6268dfb0$@net>
 <4011626BA83CAB429CAF682360C3D1AB52153D@mps1.M-P.local>
In-Reply-To: <4011626BA83CAB429CAF682360C3D1AB52153D@mps1.M-P.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [69.XXX.144.8] <------ this is what i don't understand why this IP is coming up.
Content-Type: multipart/mixed;
        boundary="_007_CE94D0EAA027B64CA3D7752C2B24971A3E5C74S7HEXcolos7hostin_"
MIME-Version: 1.0
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Berkson WeinTech FreelancerCommented:
The x-Originating-IP is likely being added by OWA (or outlook anywhere, ex 2010).  However, that shouldn't be causing things to trigger as spam on the recipient end.

Most antispam systems that I've worked with parse the Recieved lines and use that to determine if the message originates from a good smtp server or just one running locally on a pc.

It looks like you sent this to yourself.  Do you have a gmail account that could be used?  That'll show IPv4 addresses instead of the ipv6 that's in the recieved line.

0
 
ShubyAuthor Commented:
I just sent a test email; the server is showing both IP ver 4 & 6 addresses of my mail gateway as Received by.

However it still shows the originating IP address as my local cable line.

I can't turn IP 6 completely off on the nic because it'll wreck the exchange box. Any ideas ?
0
 
ShubyAuthor Commented:
People will appreciate me and love for this. I am going to give weinberk credit because he did mention x-originating-ip.

After doing some research by activating Verbose Logging of the Send Connector, by using Wireshark, and by sending a message manually to the firewall by using Telnet (which worked), I found out that the problem is caused by the "x-originating-ip" header. This header is added since Exchange Server 2010 SP1 and, for some reason, the SecurePoint Firewall, the Mailfilter or whatever is not able to handle it. When inspecting a mail, you will find the header like:

X-MS-TNEF-Correlator:
x-originating-ip: [xxx.xxx.xxx.xxx]
Content-Type: multipart/alternative;
Here's how to disable adding the header (or, to be more precise, how to remove it):

Open the Exchange Management Console
Open "Transport Rules" under "Organization Configuration" -> "Hub Transport"
Add a new Transport Rule and give it a name (such as "Remove x-originating-ip header")
Do not choose any condition (we want to apply the rule to all mails)
Choose "Remove header", and modify the action to match the "x-originating-ip" header
Do not choose any exception (except you want to, of course)
Apply the new rule.
Filed under: Exchange Server, Windows
0
 
ShubyAuthor Commented:
thanks
0
 
Berkson WeinTech FreelancerCommented:
(next time try to select the post or posts that actually helped.  that'll make it easier for someone else looking to get started on the solution)
0
All Courses

From novice to tech pro — start learning today.