Solved

Email rejected as spam when sent from remote client on LAN-to-LAN VPN

Posted on 2013-01-26
7
302 Views
Last Modified: 2013-02-12
We have an SBS 2011 box (with Exchange) in a central location. A remote office has a LAN to LAN VPN connection. The SBS box location has an ADSL connection, and therefore we have set up a smart host for SMTP sending.

When email is sent (from Outlook, connected to Exchange) from the remote office, it is invariably rejected as spam.

Email is not marked as spam if a software (Windows PPTP) VPN is established directly to the SBS box (regardless of whether the LAN-to-LAN VPN is connected or not).

I believe the issue is something to do with the originating-ip being detected as the remote office IP (which is dynamic) - but would have expected that this should not behave differently in either scenario?
0
Comment
Question by:mercury1ltd
  • 4
  • 3
7 Comments
 
LVL 4

Expert Comment

by:Smighty
ID: 38821906
Please check your Receive-Connectors. I can't pinpoint you exactly to the Option you need (yet), but your Exchange Server seems not to trust the network from which the Mails are coming from.
0
 

Author Comment

by:mercury1ltd
ID: 38821916
Sorry I should clarify that these are outgoing emails - being rejected not by the Exchange server, but (generally) the smtp smart host.
0
 
LVL 4

Expert Comment

by:Smighty
ID: 38821956
In that case, do you happen to have multiple public IPs on one NIC?
Exchange is blind to the IPs and randomly uses all given IP Addresses from the Network Adapter you assigned in your Send Connector.
If you look into the Message Queue you'll probably find reasons why the message is not accepted by the receiving Mail Server or the Smarthost.

Furthermore, Smarthosts do have limits imposed (Message Size, Amount of Messages per x minutes, etc.), maybe you hit one of these?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:mercury1ltd
ID: 38822065
Only one IP I think.

Definately not hit any smart host limits - this is definitely to do with the VPN. Messages sent when connected to the software (windows) VPN directly to the SBS server work 100% of the time. Messages sent when just connected to the hardware VPN are always rejected as SPAM.
0
 

Accepted Solution

by:
mercury1ltd earned 0 total points
ID: 38822882
I have found a resolution for this - it was a DNS problem. On the LAN-to-LAN VPN the DNS lookup was resolved the external IP address of the SBS box - so was going over the internet to the SBS/Exchange server. When on the Windows VPN, the SBS server was providing the DNS lookup and therefore resolved itself.

The solution was to provide the IP of the SBS box as the primary DNS server on the remote network.

Quite why Exchange works like this (when both scenarios have an authenticated Outlook client) I don't know, and would be interested academically if someone could explain, but the original issue is resolved by this DNS change.
0
 
LVL 4

Expert Comment

by:Smighty
ID: 38848546
It is to do with the Receive Connectors. In them you decide how Exchange accepts Messages.
Generally speaking you have a NIC/IP-Range where your Clients are located. For these you accept only Authenticated mail. For other IP-Ranges you can define, that anonymous access is allowed (to work as an SMTP-Server for other Servers who can't authenticate for example).

So your LAN-to-LAN-Route resolved on the external IP-Address for which Exchange-Users is not checked, but Anonymous is (and that is proper).
So when Outlook tries to log on via this Receive Connector, Exchange says: "Anonymous or nothing, everything else is not kosher, and therefore is spam..."

(I hope my explanation is somehow comprehensible... hadn't had coffee yet ;))
0
 

Author Closing Comment

by:mercury1ltd
ID: 38879544
This resolves the question
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question