Solved

Emails originating from wrong public IP

Posted on 2014-07-27
13
544 Views
Last Modified: 2014-07-28
Hello,

Recently my company has purchased a Zix email encryption gateway. We have added the A, MX and PTR records successfully (Verified with mxtoolbox). To switch between Exchange and Zix simply requires changing the send connector.

Before changing the send connector; Headers correctly show the origination IP - .44 (Our exchange server)
After changing the send connector; Header incorrectly show the originating IP - .2 (Our Sonicwall)

Email flows fine - But because the originating IP in the header is showing our Sonicwall (.2) and not Zix (.88) our emails bounce back from Barracuda and McAfee secured domains.

I've recently changed the send connector back to not use Zix until I can figure out how to correct the header information on emails going through the Zix gateway.

Could someone tell me - In order to change the originating IP in the email header is there a change needed to be made to Exchange or the Sonicwall - And how to do so would be very helpful.

Public IPs end in:
Firewall -               .2
Exchange 2010 -   .44
Zix Gateway -        .88


Thanks!
0
Comment
Question by:RISLA
  • 7
  • 6
13 Comments
 
LVL 1

Expert Comment

by:mcammidge
ID: 40223635
Few things to check. Did the send connector use a smart host prior to the change? If so the NAT on the sonic wall might be configured with that smarthost destination so that it only NATs the server .44 when traffic is going to that old smarthost, if thats the case edit the NAT rule with the new smarthost.

Or did you create a new send connector?

Mark
0
 

Author Comment

by:RISLA
ID: 40223959
Thanks for the reply!

Prior to the change, "Use DNS MX records to route mail automatically" was checked off.

We edited the send connector to instead use "Route mail through the following smart hosts:" and added the new IP (.88)
0
 
LVL 1

Expert Comment

by:mcammidge
ID: 40224013
The .88 ip is that a cloud server or in your network?
0
 

Author Comment

by:RISLA
ID: 40224017
It's in my network.
0
 
LVL 1

Expert Comment

by:mcammidge
ID: 40224025
So the email leaves your network via the .88 box. If you goto whatismyip.com on exchange and the .88 can you confirm what ip shows on each?
0
 

Author Comment

by:RISLA
ID: 40224045
Exchange is showing .44

Zix is a UNIX based system.
- I set the private IP on initial setup, and then set up a NAT: 192.x.x.88 ==> 98.x.x.88

The IP can be confirmed because without the NAT,    The public IP doesn't respond to ping.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 1

Expert Comment

by:mcammidge
ID: 40224235
Can you paste your NAT rules (taking out some of the IP as you did above for security)
0
 

Author Comment

by:RISLA
ID: 40224308
0
 

Author Comment

by:RISLA
ID: 40224309
Zix has an identical rule. Just different IP
0
 
LVL 1

Accepted Solution

by:
mcammidge earned 500 total points
ID: 40224453
Thats your incoming nat. You need a rule to translate your outgoing. As your .88 server is sending email now youll need to NAT that to use .44 when destination port is 25. Please check there is probably a rule already making traffic source from 192.x.x.44 translated source 98.x.x.44 that is making your exchange use this on outbound connections
0
 

Author Comment

by:RISLA
ID: 40224679
mcammidge, I think you just saved my life.

I'm so used to only NATing inbound I looked right past it.

Waiting on confirmation that we're no longer being blocked, but sent myself a test message and the header read .88

I will mark this question as soon as I get confirmation. THANK YOU!
0
 
LVL 1

Expert Comment

by:mcammidge
ID: 40224681
No problem. NAT can be a pain! Hope all goes well

Mark
0
 

Author Closing Comment

by:RISLA
ID: 40225246
Mcammidge stuck with me until the end. Huge help, definitely wouldn't have seen the NAT was inverted without him.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now