• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 254
  • Last Modified:

Email being blocked

Ok so this one is a bit weird. We use a product called Websense for our filtering.  It has several layers of checks. The first of which is a connection check. If a reverse DNS check fails for example the connection is denied and all that is logged is the IP and the reason.

If the connection is made then it hits a rule service and logs accordingly, at this point you can whitelist by domain.

I have an exec that is receiving emails from a gmail user when that user sends from his phone. But if the same address sends from his house it is not logged at the rule service. Which tells me it is blocked at the connection level.

So what I need is a way to find out what IP is being stamped on the email being sent from his home. So that I can whitelist that IP at the connection level.

This is  really confusing since I though all @gmail.com addresses would originate from a gmail server, but evidently the one sent from his home is doing someting wonky. As such the filter assumes it is a spoofed gmail server, and denies the connection.

How can I find out what the IP was of an email chain forwarded to me. If I can find out what IP his home is sending as I can whitelist it.
0
bhieb
Asked:
bhieb
  • 2
  • 2
1 Solution
 
SteveCommented:
His connection from home should be in the Websense logs along with the IP and reason it was rejected.
You may have to turn logging on and have him try to resend from home though if it isn't active yet.
0
 
bhiebAuthor Commented:
It is there I'm sure, but so are literally hundreds if not thousands of others per hour. Since no content is logged at connection, I don't have any way to tell which of those hundreds are his. In other words I cannot search by sender address because nothing has been logged yet, since the connection is refused. All I have are time/date and IP, and it just isn't enough.

So can I find it from the email, is it in a header or something?
0
 
SteveCommented:
Have him send you an email to your pesonal account so it doesn't get blocked and track it back from there with the headers.
0
 
PerarduaadastraCommented:
Is it possible that Gmail uses different servers for smartphone email and internet mail? If so, then that would explain the IP address filtering issue.
The mobile phone network is a separate entity to the terrestrial networks that your user's home computer uses, though of course they are interconnected..
0
 
bhiebAuthor Commented:
Pera...That may be the case, but I normally have no issues from other gmail users at home or mobile.

Sodea..I'll reach out to him and try that. Have him send both to my gmail, and trace it that way.

Thanks!
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now