We have a client that is using GFI MailEssentials for spam filtering on Exchange '03. In general, ME is very effective and has few false positives. However, we're having a problems with false positives with ActiveSync emails that are being sent from local addresses to local addresses. The problem affects both iPhone and Android users.
For example, email@example.com sends an email from his iPhone to firstname.lastname@example.org. The email is received by email@example.com but it is sent to user2's junk mail folder and ME has flagged it as "[HEADER CHECKING] - Domain does not exist". This happens consistently and without fail.
I checked the internet header of the affected emails and they always indicate:
Received: from 10.10.1.128 ([10.10.1.128]) by localserver.<client's local domain>.local ([10.10.1.128])
Unaffected emails indicate the following:
Received: from subdomain.domain.com ([valid live IP]) by remote.<client's internet domain>.com
I added 10.10.1.128 to the whitelist in ME but that had no effect.
Under Header Checking in ME, the only box checked is "verify if sender domain is valid (performs DNS lookup on MIME FROM:)". Unchecking that box stops ActiveSync users' emails from being junk mailed by header checking, but I feel like that's at least slightly compromising the spam filtering ability of ME.
Why would emails sent via ActiveSync incorrectly report their MIME FROM as the server's local IP address instead of the internet FQDN? And more importantly, how do I fix it?