Emails originating from wrong public IP

Hello,

Recently my company has purchased a Zix email encryption gateway. We have added the A, MX and PTR records successfully (Verified with mxtoolbox). To switch between Exchange and Zix simply requires changing the send connector.

Before changing the send connector; Headers correctly show the origination IP - .44 (Our exchange server)
After changing the send connector; Header incorrectly show the originating IP - .2 (Our Sonicwall)

Email flows fine - But because the originating IP in the header is showing our Sonicwall (.2) and not Zix (.88) our emails bounce back from Barracuda and McAfee secured domains.

I've recently changed the send connector back to not use Zix until I can figure out how to correct the header information on emails going through the Zix gateway.

Could someone tell me - In order to change the originating IP in the email header is there a change needed to be made to Exchange or the Sonicwall - And how to do so would be very helpful.

Public IPs end in:
Firewall -               .2
Exchange 2010 -   .44
Zix Gateway -        .88


Thanks!
RISLAAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mcammidgeCommented:
Few things to check. Did the send connector use a smart host prior to the change? If so the NAT on the sonic wall might be configured with that smarthost destination so that it only NATs the server .44 when traffic is going to that old smarthost, if thats the case edit the NAT rule with the new smarthost.

Or did you create a new send connector?

Mark
0
RISLAAuthor Commented:
Thanks for the reply!

Prior to the change, "Use DNS MX records to route mail automatically" was checked off.

We edited the send connector to instead use "Route mail through the following smart hosts:" and added the new IP (.88)
0
mcammidgeCommented:
The .88 ip is that a cloud server or in your network?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

RISLAAuthor Commented:
It's in my network.
0
mcammidgeCommented:
So the email leaves your network via the .88 box. If you goto whatismyip.com on exchange and the .88 can you confirm what ip shows on each?
0
RISLAAuthor Commented:
Exchange is showing .44

Zix is a UNIX based system.
- I set the private IP on initial setup, and then set up a NAT: 192.x.x.88 ==> 98.x.x.88

The IP can be confirmed because without the NAT,    The public IP doesn't respond to ping.
0
mcammidgeCommented:
Can you paste your NAT rules (taking out some of the IP as you did above for security)
0
RISLAAuthor Commented:
0
RISLAAuthor Commented:
Zix has an identical rule. Just different IP
0
mcammidgeCommented:
Thats your incoming nat. You need a rule to translate your outgoing. As your .88 server is sending email now youll need to NAT that to use .44 when destination port is 25. Please check there is probably a rule already making traffic source from 192.x.x.44 translated source 98.x.x.44 that is making your exchange use this on outbound connections
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RISLAAuthor Commented:
mcammidge, I think you just saved my life.

I'm so used to only NATing inbound I looked right past it.

Waiting on confirmation that we're no longer being blocked, but sent myself a test message and the header read .88

I will mark this question as soon as I get confirmation. THANK YOU!
0
mcammidgeCommented:
No problem. NAT can be a pain! Hope all goes well

Mark
0
RISLAAuthor Commented:
Mcammidge stuck with me until the end. Huge help, definitely wouldn't have seen the NAT was inverted without him.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.