good morning all,
we've been tracing a phantom rDNS record (which we found our ISP was hosting a bad/old rDNS/PTR record. As a result, we started carefully looking at the headers in our emails.
I've hidden most of the actual public ips (for obvious reasons) for the example, but I am hoping someone can help me figure out either:
A) where our misconfiguration is, and how to correct it
B) if this is by design and we just need to update the PTR
Here's our set up. 2 Exchange 2010 Hub/Cas servers in a cas array. The array has inbound and outbound NAT rules on our Sonicwall TZ210 in our datacenter. I can resolve our "mail.domain.com" address properly. We use Proofpoint as our SPAM filter and route all inbound and outbound mail through them.
For reference here's the examples of the IPs we're dealing with.
Wan IP- xx.xxx.xxx.130
Exchange IP- xx.xxx.xxx.133
When we send mail, the headers list:
Received: from mail.domain.com (xx.xxx.xxx.130."ptr record" [xx.xxx.xxx.130] (may be forged))
I've been scratching my head trying to figure out why this lists our WAN ip when we have nat rules in place. It also creates issues for us sending to certain domains, but not all domains.
our send connectors properly list the "mail.domain.com" record and our Filters list both the WAN IP and the Exchange IP as "allowed relays." I already have a call into them to see if it's a mis-configuration on their end, but I figured I'd try this group as well.
Any help would be appreciated. I can also provide any additional info that might be helpful and forgive me if I didn't include it from jump-street.
Thanks in advance!