Solved

Force Exchange 2010 SP3 to use IPv4

Posted on 2013-06-07
5
2,591 Views
Last Modified: 2013-06-10
Hi

We have a pretty standard config on our Exchange Server, static IPv4 address, etc.

We relay all outbound emails through the AntiSpam server.

All of a sudden today everyone was getting Relay Access Denied NDR's, and after speaking with the AntiSpam server provider it seems the reason is because the server is all of a sudden using IPv6 in the headers (which are not in the ACL)

Now this in itself is an inherent problem becuase IPv6 although enabled on the Exchange Server, is not configured.

So I can workaround this issue by adding the IPv6 address into the AntiSpam box as "allowed to relay" but as IPv6 is set to DHCP, it could change?

Ideal solution will be to force it to use IPv4 (but I dont want to remove IPv6 as I have known this to cause issues on Exchange)
0
Comment
Question by:bikerhong
  • 2
  • 2
5 Comments
 
LVL 42

Expert Comment

by:Amit
ID: 39228732
0
 

Author Comment

by:bikerhong
ID: 39228752
I do not want to disable IPv6.

I just want it to stop using IPv6 headers.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39228773
I don't think you can stop IPv6 from appearing in the headers.

Windows uses IPv6 for the internal traffic process. This a really a problem of the antispam server provider. They shouldn't be looking into the headers for content so need to fix their product.

Simon.
0
 

Author Comment

by:bikerhong
ID: 39229162
Thanks Simon.

I'm not sure if I explained myself properly, but basically the AntiSpam box is seeing the source IP of the emails coming from an IPv6 address as opposed to the IPv4.

Due to the fact that the Trusted Hosts setting only containing the IPv4 address the emails are being denied.

On an email sent 3 weeks ago when I know it was all working properly I can see this line in the headers, which I would expect to (Berlin is the host name of the Exchange server and amsterdam is the hostname of the antispam box)

Received: from Berlin.domain.com (berlin.domain.com [192.168.61.40])      by
 amsterdam.domain.com (Postfix) with ESMTP id 8611DACD6C      for
 <someone@somewhere.com>; Fri, 17 May 2013 12:38:29 +0100 (BST)
Received: from BERLIN.domain.com ([fe80::9901:6655:4c36:c990]) by
 Berlin.domain.com ([fe80::9901:6655:4c36:c990%12]) with mapi id 14.03.0123.003;
 Fri, 17 May 2013 12:38:29 +0100

On the NDR headers and messages going out now I only see:

Received: from Berlin.domain.com (unknown [external ip])      by
 antispam.somewhere.com (Postfix) with ESMTP id B3AE727E807      for
 <someone@somewhere>; Fri,  7 Jun 2013 15:16:35 +0100 (BST)
Received: from BERLIN.domain.com ([fe80::9901:6655:4c36:c990]) by
 Berlin.domain.com ([fe80::a12e:e412:4b55:354d%16]) with mapi id 14.03.0123.003;
 Fri, 7 Jun 2013 15:16:34 +0100

From what I can make of it the ipv4 part is missing??
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39231487
The antispam device must support IPv6. Exchange will try and use IPv6 if it can.
You probably have a smart host configured on the server. If that is a host name, change it to an IPv4 IP address, that might help. Otherwise deploy IPv6 - it isn't hard, I have most of my clients using IPv6 internally already.

Simon.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question