Solved

Force Exchange 2010 SP3 to use IPv4

Posted on 2013-06-07
5
2,662 Views
Last Modified: 2013-06-10
Hi

We have a pretty standard config on our Exchange Server, static IPv4 address, etc.

We relay all outbound emails through the AntiSpam server.

All of a sudden today everyone was getting Relay Access Denied NDR's, and after speaking with the AntiSpam server provider it seems the reason is because the server is all of a sudden using IPv6 in the headers (which are not in the ACL)

Now this in itself is an inherent problem becuase IPv6 although enabled on the Exchange Server, is not configured.

So I can workaround this issue by adding the IPv6 address into the AntiSpam box as "allowed to relay" but as IPv6 is set to DHCP, it could change?

Ideal solution will be to force it to use IPv4 (but I dont want to remove IPv6 as I have known this to cause issues on Exchange)
0
Comment
Question by:bikerhong
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 43

Expert Comment

by:Amit
ID: 39228732
0
 

Author Comment

by:bikerhong
ID: 39228752
I do not want to disable IPv6.

I just want it to stop using IPv6 headers.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39228773
I don't think you can stop IPv6 from appearing in the headers.

Windows uses IPv6 for the internal traffic process. This a really a problem of the antispam server provider. They shouldn't be looking into the headers for content so need to fix their product.

Simon.
0
 

Author Comment

by:bikerhong
ID: 39229162
Thanks Simon.

I'm not sure if I explained myself properly, but basically the AntiSpam box is seeing the source IP of the emails coming from an IPv6 address as opposed to the IPv4.

Due to the fact that the Trusted Hosts setting only containing the IPv4 address the emails are being denied.

On an email sent 3 weeks ago when I know it was all working properly I can see this line in the headers, which I would expect to (Berlin is the host name of the Exchange server and amsterdam is the hostname of the antispam box)

Received: from Berlin.domain.com (berlin.domain.com [192.168.61.40])      by
 amsterdam.domain.com (Postfix) with ESMTP id 8611DACD6C      for
 <someone@somewhere.com>; Fri, 17 May 2013 12:38:29 +0100 (BST)
Received: from BERLIN.domain.com ([fe80::9901:6655:4c36:c990]) by
 Berlin.domain.com ([fe80::9901:6655:4c36:c990%12]) with mapi id 14.03.0123.003;
 Fri, 17 May 2013 12:38:29 +0100

On the NDR headers and messages going out now I only see:

Received: from Berlin.domain.com (unknown [external ip])      by
 antispam.somewhere.com (Postfix) with ESMTP id B3AE727E807      for
 <someone@somewhere>; Fri,  7 Jun 2013 15:16:35 +0100 (BST)
Received: from BERLIN.domain.com ([fe80::9901:6655:4c36:c990]) by
 Berlin.domain.com ([fe80::a12e:e412:4b55:354d%16]) with mapi id 14.03.0123.003;
 Fri, 7 Jun 2013 15:16:34 +0100

From what I can make of it the ipv4 part is missing??
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39231487
The antispam device must support IPv6. Exchange will try and use IPv6 if it can.
You probably have a smart host configured on the server. If that is a host name, change it to an IPv4 IP address, that might help. Otherwise deploy IPv6 - it isn't hard, I have most of my clients using IPv6 internally already.

Simon.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question