Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Flagged As Spam

Posted on 2011-03-01
8
Medium Priority
?
1,602 Views
Last Modified: 2013-03-11
I have an Exchange 2010 environment with several clients using Outlook Anywhere. The email headers are showing the clients IP Address from there homes and that is getting rejected by spam filters. I have RDNS setup for my datacenter IP and I have the full FQDN setup on the outbound connector.

Does anyone know how these spam filters are seeing the originating IP address ?

Thanks in advance !
0
Comment
Question by:Shuby
  • 4
  • 4
8 Comments
 
LVL 15

Expert Comment

by:Berkson Wein
ID: 35010301
Can you show us a redacted set of headers?  Try having a remote user email a google account (which should accept the mail, though it might flag it as spam).
0
 
LVL 1

Author Comment

by:Shuby
ID: 35010359
Original message headers:
 
Received: from ***HEX.colo.***osting.com ([fe80::1c18:8be2:ffed:1063]) by
 ***HEX.colo.***osting.com ([fe80::1c18:8be2:ffed:1063%11]) with mapi id
 14.01.0218.012; Tue, 1 Mar 2011 10:37:50 -0500
From: John F <redactme@redacted.com>
To: redactme <redactme@redacted.com>
Subject: RE: 2009 tax returns
Thread-Topic: 2009 tax returns
Thread-Index: AcraRMn7+bC+q9nASDyx5IaOeKQImj94I1IgAABCu9A=
Date: Tue, 1 Mar 2011 15:37:48 +0000
Message-ID: <CE94D0EAA027B64CA3D7752C2B24971A3E5C74@***HEX.colo.***osting.com>
References: <002c01cada44$cb784a90$6268dfb0$@net>
 <4011626BA83CAB429CAF682360C3D1AB52153D@mps1.M-P.local>
In-Reply-To: <4011626BA83CAB429CAF682360C3D1AB52153D@mps1.M-P.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [69.XXX.144.8] <------ this is what i don't understand why this IP is coming up.
Content-Type: multipart/mixed;
        boundary="_007_CE94D0EAA027B64CA3D7752C2B24971A3E5C74S7HEXcolos7hostin_"
MIME-Version: 1.0
0
 
LVL 15

Expert Comment

by:Berkson Wein
ID: 35010786
The x-Originating-IP is likely being added by OWA (or outlook anywhere, ex 2010).  However, that shouldn't be causing things to trigger as spam on the recipient end.

Most antispam systems that I've worked with parse the Recieved lines and use that to determine if the message originates from a good smtp server or just one running locally on a pc.

It looks like you sent this to yourself.  Do you have a gmail account that could be used?  That'll show IPv4 addresses instead of the ipv6 that's in the recieved line.

0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
LVL 1

Author Comment

by:Shuby
ID: 35020141
I just sent a test email; the server is showing both IP ver 4 & 6 addresses of my mail gateway as Received by.

However it still shows the originating IP address as my local cable line.

I can't turn IP 6 completely off on the nic because it'll wreck the exchange box. Any ideas ?
0
 
LVL 1

Author Comment

by:Shuby
ID: 35020363
People will appreciate me and love for this. I am going to give weinberk credit because he did mention x-originating-ip.

After doing some research by activating Verbose Logging of the Send Connector, by using Wireshark, and by sending a message manually to the firewall by using Telnet (which worked), I found out that the problem is caused by the "x-originating-ip" header. This header is added since Exchange Server 2010 SP1 and, for some reason, the SecurePoint Firewall, the Mailfilter or whatever is not able to handle it. When inspecting a mail, you will find the header like:

X-MS-TNEF-Correlator:
x-originating-ip: [xxx.xxx.xxx.xxx]
Content-Type: multipart/alternative;
Here's how to disable adding the header (or, to be more precise, how to remove it):

Open the Exchange Management Console
Open "Transport Rules" under "Organization Configuration" -> "Hub Transport"
Add a new Transport Rule and give it a name (such as "Remove x-originating-ip header")
Do not choose any condition (we want to apply the rule to all mails)
Choose "Remove header", and modify the action to match the "x-originating-ip" header
Do not choose any exception (except you want to, of course)
Apply the new rule.
Filed under: Exchange Server, Windows
0
 
LVL 15

Accepted Solution

by:
Berkson Wein earned 500 total points
ID: 35021334
Hi Shuby-
 
Glad that my information helped.

Sounds like the antispam system is being a bit to picky - users from home / dynamic ip's should certainly be able to send mail, though not directly.  As long as they go through a propper server like yours, they shouldn't be scored as spam.  It's good that you're able to turn this "feature" of exchange off.  It's no one's business what IP your home users are using!

Instead of "closing" the question, please accept and award points to the answers that I gave that led you to dig more.

Thanks.
0
 
LVL 1

Author Closing Comment

by:Shuby
ID: 35031319
thanks
0
 
LVL 15

Expert Comment

by:Berkson Wein
ID: 35031377
(next time try to select the post or posts that actually helped.  that'll make it easier for someone else looking to get started on the solution)
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
MS Outlook undoubtedly is the most widely used email client.Its user-friendliness, cost effectiveness, and availability with Microsoft Office Suite make it the most popular email application.  Its compatibility with Microsoft applications like Exch…
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses
Course of the Month20 days, 19 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question