Solved

Email rejected as spam when sent from remote client on LAN-to-LAN VPN

Posted on 2013-01-26
7
298 Views
Last Modified: 2013-02-12
We have an SBS 2011 box (with Exchange) in a central location. A remote office has a LAN to LAN VPN connection. The SBS box location has an ADSL connection, and therefore we have set up a smart host for SMTP sending.

When email is sent (from Outlook, connected to Exchange) from the remote office, it is invariably rejected as spam.

Email is not marked as spam if a software (Windows PPTP) VPN is established directly to the SBS box (regardless of whether the LAN-to-LAN VPN is connected or not).

I believe the issue is something to do with the originating-ip being detected as the remote office IP (which is dynamic) - but would have expected that this should not behave differently in either scenario?
0
Comment
Question by:mercury1ltd
  • 4
  • 3
7 Comments
 
LVL 4

Expert Comment

by:Smighty
ID: 38821906
Please check your Receive-Connectors. I can't pinpoint you exactly to the Option you need (yet), but your Exchange Server seems not to trust the network from which the Mails are coming from.
0
 

Author Comment

by:mercury1ltd
ID: 38821916
Sorry I should clarify that these are outgoing emails - being rejected not by the Exchange server, but (generally) the smtp smart host.
0
 
LVL 4

Expert Comment

by:Smighty
ID: 38821956
In that case, do you happen to have multiple public IPs on one NIC?
Exchange is blind to the IPs and randomly uses all given IP Addresses from the Network Adapter you assigned in your Send Connector.
If you look into the Message Queue you'll probably find reasons why the message is not accepted by the receiving Mail Server or the Smarthost.

Furthermore, Smarthosts do have limits imposed (Message Size, Amount of Messages per x minutes, etc.), maybe you hit one of these?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:mercury1ltd
ID: 38822065
Only one IP I think.

Definately not hit any smart host limits - this is definitely to do with the VPN. Messages sent when connected to the software (windows) VPN directly to the SBS server work 100% of the time. Messages sent when just connected to the hardware VPN are always rejected as SPAM.
0
 

Accepted Solution

by:
mercury1ltd earned 0 total points
ID: 38822882
I have found a resolution for this - it was a DNS problem. On the LAN-to-LAN VPN the DNS lookup was resolved the external IP address of the SBS box - so was going over the internet to the SBS/Exchange server. When on the Windows VPN, the SBS server was providing the DNS lookup and therefore resolved itself.

The solution was to provide the IP of the SBS box as the primary DNS server on the remote network.

Quite why Exchange works like this (when both scenarios have an authenticated Outlook client) I don't know, and would be interested academically if someone could explain, but the original issue is resolved by this DNS change.
0
 
LVL 4

Expert Comment

by:Smighty
ID: 38848546
It is to do with the Receive Connectors. In them you decide how Exchange accepts Messages.
Generally speaking you have a NIC/IP-Range where your Clients are located. For these you accept only Authenticated mail. For other IP-Ranges you can define, that anonymous access is allowed (to work as an SMTP-Server for other Servers who can't authenticate for example).

So your LAN-to-LAN-Route resolved on the external IP-Address for which Exchange-Users is not checked, but Anonymous is (and that is proper).
So when Outlook tries to log on via this Receive Connector, Exchange says: "Anonymous or nothing, everything else is not kosher, and therefore is spam..."

(I hope my explanation is somehow comprehensible... hadn't had coffee yet ;))
0
 

Author Closing Comment

by:mercury1ltd
ID: 38879544
This resolves the question
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Automapping, a wonderful feature with Exchange 2010 (SP2 onwards I believe), allows additional/Shared mailboxes that a user has access to be automatically mapped on Outlook client, simplifying the process by adding them while Outlook launches. Ho…
Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now