Ok so this one is a bit weird. We use a product called Websense for our filtering. It has several layers of checks. The first of which is a connection check. If a reverse DNS check fails for example the connection is denied and all that is logged is the IP and the reason.
If the connection is made then it hits a rule service and logs accordingly, at this point you can whitelist by domain.
I have an exec that is receiving emails from a gmail user when that user sends from his phone. But if the same address sends from his house it is not logged at the rule service. Which tells me it is blocked at the connection level.
So what I need is a way to find out what IP is being stamped on the email being sent from his home. So that I can whitelist that IP at the connection level.
This is really confusing since I though all @gmail.com addresses would originate from a gmail server, but evidently the one sent from his home is doing someting wonky. As such the filter assumes it is a spoofed gmail server, and denies the connection.
How can I find out what the IP was of an email chain forwarded to me. If I can find out what IP his home is sending as I can whitelist it.