1. Store
  2. Apps
  3. Hardware
  4. Support
  5. Solutions

ClearFoundation

Forums
Welcome, Guest
Preserve origin IP with Antispam/Malware Gateway?
(1 viewing) 1 Guest
Go to bottomPage: 1
TOPIC: Preserve origin IP with Antispam/Malware Gateway?
#38753
Preserve origin IP with Antispam/Malware Gateway? 2 Years, 5 Months ago  
I run an in-house Exchange 2010 server that is serving us quite well for everyday usage. Unfortunately our daily spam intake is quite high and I'm using ClearOS to add a first layer to our filtering.

I'd like to continue using the IP Blacklist and SPF Record checks in Exchange but the new ClearOS mail gateway configuration seems to interfere by placing itself as the originating IP. Here's an example from a message that Exchange quarantined by content check:

Code:

Received: from gateway.MYDOMAIN.com (192.168.123.1) by remote.MYDOMAIN.com
 (192.168.123.2) with Microsoft SMTP Server id 14.2.247.3; Wed, 14 Mar 2012
 10:35:20 -0400



This causes a definite issue with the SPF check:

Code:

Received-SPF: SoftFail (MYSERVER.MYDOMAIN.local: domain of transitioning
 info@SPAMDOMAIN.info discourages use of 192.168.123.1 as permitted sender)



I'm not sure how the IP blacklist is being affected as I don't have verbose enough logging enabled to check, but I'm assuming it sees the same origin IP header as the SPF check.

Is this just a consequence of using a mail forwarding gateway or is there a way to have ClearOS retain the true origin IP?
Gene
Fresh Boarder
Posts: 16
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#38761
Re:Preserve origin IP with Antispam/Malware Gateway? 2 Years, 5 Months ago  
It looks like I've found the solution . I added the ClearOS IP under Transport Settings in Exchange as part of the perimeter network. Exchange now seems to look up one level for the origin IP, which I assume means that ClearOS was properly forwarding the whole IP chain in the first place.

This now results in:
Code:

Received-SPF: Pass (MYSERVER.MYDOMAIN.local: domain of
 SPAMMER@SPAMMYDOMAIN.com designates 74.63.213.23 as permitted sender)
 receiver=MYSERVER.MYDOMAIN.local; client-ip=74.63.213.23;
 helo=gateway.MYDOMAIN.com;



Can't really help the HELO response but it isn't really part of the SPF check in the first place.


Hopefully this will serve as useful reference for anyone else using Exchange & ClearOS.
Gene
Fresh Boarder
Posts: 16
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#41582
Re:Preserve origin IP with Antispam/Malware Gateway? 2 Years, 3 Months ago  
Could you be a little more specific as to what you did with regard to adding the ClearOS IP under Transport Settings in Exchange? I'd like to make this change as well.
josh weinstein
Fresh Boarder
Posts: 14
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#41583
Re:Preserve origin IP with Antispam/Malware Gateway? 2 Years, 3 Months ago  
josh weinstein wrote:
Could you be a little more specific as to what you did with regard to adding the ClearOS IP under Transport Settings in Exchange? I'd like to make this change as well.

- Launch the EMC and connect to your Hub Trasnport server(s).
- Organization Configuration -> Hub Transport -> Global Settings (Tab)
- Open Transport Settings
- In the Message Delivery tab, add your ClearOS IP as part of the perimeter IP list
Gene
Fresh Boarder
Posts: 16
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#41584
Re:Preserve origin IP with Antispam/Malware Gateway? 2 Years, 3 Months ago  
Thanks Gene!

Did you have to modify Exchange any other way to have it accept email from the ClearOS once it went through the antispam/antimalware? I posted this post earlier today and I haven't been able to figure out why email wasn't coming through: www.clearfoundation.com/component/option.../func,view/id,41579/
josh weinstein
Fresh Boarder
Posts: 14
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
Go to topPage: 1
  get the latest posts directly to your desktop