Solved

MailEssentials blocking local ActiveSync emails; how to fix MIME FROM address?

Posted on 2014-12-04
4
390 Views
Last Modified: 2014-12-10
We have a client that is using GFI MailEssentials for spam filtering on Exchange '03.  In general, ME is very effective and has few false positives.  However, we're having a problems with false positives with ActiveSync emails that are being sent from local addresses to local addresses.  The problem affects both iPhone and Android users.

For example, user1@company.com sends an email from his iPhone to user2@company.com.  The email is received by user2@company.com but it is sent to user2's junk mail folder and ME has flagged it as "[HEADER CHECKING] - Domain does not exist".  This happens consistently and without fail.  

I checked the internet header of the affected emails and they always indicate:
Received: from 10.10.1.128 ([10.10.1.128]) by localserver.<client's local domain>.local ([10.10.1.128])

Unaffected emails indicate the following:
Received: from subdomain.domain.com ([valid live IP]) by remote.<client's internet domain>.com

I added 10.10.1.128 to the whitelist in ME but that had no effect.  

Under Header Checking in ME, the only box checked is "verify if sender domain is valid (performs DNS lookup on MIME FROM:)".  Unchecking that box stops ActiveSync users' emails from being junk mailed by header checking, but I feel like that's at least slightly compromising the spam filtering ability of ME.  

Why would emails sent via ActiveSync incorrectly report their MIME FROM as the server's local IP address instead of the internet FQDN?  And more importantly, how do I fix it?
0
Comment
Question by:SINC_dmack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40481912
There is only one answer - and that is to upgrade.

ActiveSync on Exchange 2003 is a version 1 implementation and is full of things like this. You cannot change the configuration. ActiveSync makes a call in to the OWA virtual directory for the data, which is why you have the transfer listed in the way that it is - making a call to the localhost. SBS 2003 even has to make a change to the OWA configuration for it to work correctly.

Exchange 2003 is well past its sell by date for ActiveSync, many of the more recent ActiveSync clients do not work properly with it.

To sum up, you cannot change the behaviour of ActiveSync. Either upgrade or remove the filtering option you have identified in the third party product to allow the message to go through.

Simon.
0
 

Author Comment

by:SINC_dmack
ID: 40481960
Thanks, Simon.  I kind of figured as much.  I'm also having issues with remote Outlook clients being able to connect (even though Outlook Anywhere passes diagnostics on testexchangeconnectivity.com) and I can't get Autodiscover to work either, but I've "sort of" been able to work around those issues.

I've suggested to the client that they should definitely budget for upgrading sooner rather than later--hopefully they'll take that to heart.

I'll leave this question open for a few days in case someone else has a Hail Mary response--if not, I'll give you the points.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40481967
There is no Autodiscover on Exchange 2003. That is Exchange 2007 and higher only.

Simon.
0
 

Author Comment

by:SINC_dmack
ID: 40483795
You know, I thought it was rather odd that there was no Autodiscover folder under the default website in IIS.  I checked two other Windows '03 / Exchange '03 servers and they were both missing it as well--now I know why!
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
In-place Upgrading Dirsync to Azure AD Connect
This video discusses moving either the default database or any database to a new volume.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question