0

Ok, the particulars... I have a single Exchange 2010 box running Server 2008 Standard R2 We have a POP program go get our email from our Email Hosting provider

I have Anti-Spam enabled on the box and have set up IPBlockList, among other things, to eliminate baddies.

Recently our Email Hosting provider has migrated us to an upgraded platform...this changed our IP among other things. This also apparently broke the Anti-Spam ability to detect the correct IP. if at all.

In the Anti-Spam report, I can't see the IP address of the origin for the email, now the report generated shows no IP address. This used to work fine.

An example of a spam header...

Received: from Exchange (10.10.0.200) by Exchange.Server.local (10.10.0.200) with Microsoft SMTP Server id 14.3.319.2; Fri, 2 Dec 2016 12:54:02 -0500 Received: from 200.100.50.10 by OURDOMAIN with POP3; Fri, 2 Dec 2016 12:54:01 -0500 Delivered-To: recipient@ourcompany.com Received: from Email.Hosting.com by Email.Hosting.com (Dovecot) with LMTP id Uc0OLte0QVgWEQAAblMv4A for ; Fri, 02 Dec 2016 12:52:23 -0500 Return-Path: Envelope-to: recipient@ourcompany.com Delivery-date: Fri, 02 Dec 2016 12:52:23 -0500 Received: from [172.245.211.210] (port=42770 helo=emailaddress.com) by Email.Hosting.com with esmtp (Exim 4.87) (envelope-from ) id 1cCs0V-0001HI-1s for recipient@ourcompany.com; Fri, 02 Dec 2016 12:52:23 -0500 Date: Fri, 2 Dec 2016 12:50:52 -0500

Names and IP's have been changed to protect the innocent. The -InternalSMTPServers have been set to our Exchange box IP and our Email Hosting IP (The first two Recieved: headers). But, the Anti-Spam isn't picking up on the true IP address in the last Received: line (172.245.211.210).

Any suggesstions??

zygntwin
  • 1

1 Answers1

1

This is the expected behaviour.

If you want to use Blacklists like an RBL then you need to have email delivered directly to Exchange. Using a POP3 connector is never going to work. The spam filter doesn't look at the headers, because they can be spoofed/wrong. It is looking at from where the connection is being made. With a POP3 connector that will almost always be a local address. In actual fact using any spam filter with a POP3 connector will result in email being blocked.

Sembee
  • 2,884
  • 1
  • 8
  • 11
  • Strange, as it used to work before. – zygntwin Dec 16 '16 at 19:29
  • I was expecting you to say that, or something along those lines. I am surprised that it worked before for the reasons I have given above. I can only guess that something else was being done (perhaps additional information in the headers) that allowed the messages to be flagged, because with a POP3 connector involved it is impossible for a blacklist lookup to work. – Sembee Dec 17 '16 at 11:41