Solved

Flagged As Spam

Posted on 2011-03-01
8
1,521 Views
Last Modified: 2013-03-11
I have an Exchange 2010 environment with several clients using Outlook Anywhere. The email headers are showing the clients IP Address from there homes and that is getting rejected by spam filters. I have RDNS setup for my datacenter IP and I have the full FQDN setup on the outbound connector.

Does anyone know how these spam filters are seeing the originating IP address ?

Thanks in advance !
0
Comment
Question by:Shuby
  • 4
  • 4
8 Comments
 
LVL 15

Expert Comment

by:weinberk
ID: 35010301
Can you show us a redacted set of headers?  Try having a remote user email a google account (which should accept the mail, though it might flag it as spam).
0
 
LVL 1

Author Comment

by:Shuby
ID: 35010359
Original message headers:
 
Received: from ***HEX.colo.***osting.com ([fe80::1c18:8be2:ffed:1063]) by
 ***HEX.colo.***osting.com ([fe80::1c18:8be2:ffed:1063%11]) with mapi id
 14.01.0218.012; Tue, 1 Mar 2011 10:37:50 -0500
From: John F <redactme@redacted.com>
To: redactme <redactme@redacted.com>
Subject: RE: 2009 tax returns
Thread-Topic: 2009 tax returns
Thread-Index: AcraRMn7+bC+q9nASDyx5IaOeKQImj94I1IgAABCu9A=
Date: Tue, 1 Mar 2011 15:37:48 +0000
Message-ID: <CE94D0EAA027B64CA3D7752C2B24971A3E5C74@***HEX.colo.***osting.com>
References: <002c01cada44$cb784a90$6268dfb0$@net>
 <4011626BA83CAB429CAF682360C3D1AB52153D@mps1.M-P.local>
In-Reply-To: <4011626BA83CAB429CAF682360C3D1AB52153D@mps1.M-P.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [69.XXX.144.8] <------ this is what i don't understand why this IP is coming up.
Content-Type: multipart/mixed;
        boundary="_007_CE94D0EAA027B64CA3D7752C2B24971A3E5C74S7HEXcolos7hostin_"
MIME-Version: 1.0
0
 
LVL 15

Expert Comment

by:weinberk
ID: 35010786
The x-Originating-IP is likely being added by OWA (or outlook anywhere, ex 2010).  However, that shouldn't be causing things to trigger as spam on the recipient end.

Most antispam systems that I've worked with parse the Recieved lines and use that to determine if the message originates from a good smtp server or just one running locally on a pc.

It looks like you sent this to yourself.  Do you have a gmail account that could be used?  That'll show IPv4 addresses instead of the ipv6 that's in the recieved line.

0
 
LVL 1

Author Comment

by:Shuby
ID: 35020141
I just sent a test email; the server is showing both IP ver 4 & 6 addresses of my mail gateway as Received by.

However it still shows the originating IP address as my local cable line.

I can't turn IP 6 completely off on the nic because it'll wreck the exchange box. Any ideas ?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 1

Author Comment

by:Shuby
ID: 35020363
People will appreciate me and love for this. I am going to give weinberk credit because he did mention x-originating-ip.

After doing some research by activating Verbose Logging of the Send Connector, by using Wireshark, and by sending a message manually to the firewall by using Telnet (which worked), I found out that the problem is caused by the "x-originating-ip" header. This header is added since Exchange Server 2010 SP1 and, for some reason, the SecurePoint Firewall, the Mailfilter or whatever is not able to handle it. When inspecting a mail, you will find the header like:

X-MS-TNEF-Correlator:
x-originating-ip: [xxx.xxx.xxx.xxx]
Content-Type: multipart/alternative;
Here's how to disable adding the header (or, to be more precise, how to remove it):

Open the Exchange Management Console
Open "Transport Rules" under "Organization Configuration" -> "Hub Transport"
Add a new Transport Rule and give it a name (such as "Remove x-originating-ip header")
Do not choose any condition (we want to apply the rule to all mails)
Choose "Remove header", and modify the action to match the "x-originating-ip" header
Do not choose any exception (except you want to, of course)
Apply the new rule.
Filed under: Exchange Server, Windows
0
 
LVL 15

Accepted Solution

by:
weinberk earned 250 total points
ID: 35021334
Hi Shuby-
 
Glad that my information helped.

Sounds like the antispam system is being a bit to picky - users from home / dynamic ip's should certainly be able to send mail, though not directly.  As long as they go through a propper server like yours, they shouldn't be scored as spam.  It's good that you're able to turn this "feature" of exchange off.  It's no one's business what IP your home users are using!

Instead of "closing" the question, please accept and award points to the answers that I gave that led you to dig more.

Thanks.
0
 
LVL 1

Author Closing Comment

by:Shuby
ID: 35031319
thanks
0
 
LVL 15

Expert Comment

by:weinberk
ID: 35031377
(next time try to select the post or posts that actually helped.  that'll make it easier for someone else looking to get started on the solution)
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now