Solved

Email rejected as spam when sent from remote client on LAN-to-LAN VPN

Posted on 2013-01-26
7
303 Views
Last Modified: 2013-02-12
We have an SBS 2011 box (with Exchange) in a central location. A remote office has a LAN to LAN VPN connection. The SBS box location has an ADSL connection, and therefore we have set up a smart host for SMTP sending.

When email is sent (from Outlook, connected to Exchange) from the remote office, it is invariably rejected as spam.

Email is not marked as spam if a software (Windows PPTP) VPN is established directly to the SBS box (regardless of whether the LAN-to-LAN VPN is connected or not).

I believe the issue is something to do with the originating-ip being detected as the remote office IP (which is dynamic) - but would have expected that this should not behave differently in either scenario?
0
Comment
Question by:mercury1ltd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 4

Expert Comment

by:Smighty
ID: 38821906
Please check your Receive-Connectors. I can't pinpoint you exactly to the Option you need (yet), but your Exchange Server seems not to trust the network from which the Mails are coming from.
0
 

Author Comment

by:mercury1ltd
ID: 38821916
Sorry I should clarify that these are outgoing emails - being rejected not by the Exchange server, but (generally) the smtp smart host.
0
 
LVL 4

Expert Comment

by:Smighty
ID: 38821956
In that case, do you happen to have multiple public IPs on one NIC?
Exchange is blind to the IPs and randomly uses all given IP Addresses from the Network Adapter you assigned in your Send Connector.
If you look into the Message Queue you'll probably find reasons why the message is not accepted by the receiving Mail Server or the Smarthost.

Furthermore, Smarthosts do have limits imposed (Message Size, Amount of Messages per x minutes, etc.), maybe you hit one of these?
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 

Author Comment

by:mercury1ltd
ID: 38822065
Only one IP I think.

Definately not hit any smart host limits - this is definitely to do with the VPN. Messages sent when connected to the software (windows) VPN directly to the SBS server work 100% of the time. Messages sent when just connected to the hardware VPN are always rejected as SPAM.
0
 

Accepted Solution

by:
mercury1ltd earned 0 total points
ID: 38822882
I have found a resolution for this - it was a DNS problem. On the LAN-to-LAN VPN the DNS lookup was resolved the external IP address of the SBS box - so was going over the internet to the SBS/Exchange server. When on the Windows VPN, the SBS server was providing the DNS lookup and therefore resolved itself.

The solution was to provide the IP of the SBS box as the primary DNS server on the remote network.

Quite why Exchange works like this (when both scenarios have an authenticated Outlook client) I don't know, and would be interested academically if someone could explain, but the original issue is resolved by this DNS change.
0
 
LVL 4

Expert Comment

by:Smighty
ID: 38848546
It is to do with the Receive Connectors. In them you decide how Exchange accepts Messages.
Generally speaking you have a NIC/IP-Range where your Clients are located. For these you accept only Authenticated mail. For other IP-Ranges you can define, that anonymous access is allowed (to work as an SMTP-Server for other Servers who can't authenticate for example).

So your LAN-to-LAN-Route resolved on the external IP-Address for which Exchange-Users is not checked, but Anonymous is (and that is proper).
So when Outlook tries to log on via this Receive Connector, Exchange says: "Anonymous or nothing, everything else is not kosher, and therefore is spam..."

(I hope my explanation is somehow comprehensible... hadn't had coffee yet ;))
0
 

Author Closing Comment

by:mercury1ltd
ID: 38879544
This resolves the question
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question