Community Forum

Gene
Gene
Offline
Resolved
0 votes
I run an in-house Exchange 2010 server that is serving us quite well for everyday usage. Unfortunately our daily spam intake is quite high and I'm using ClearOS to add a first layer to our filtering.

I'd like to continue using the IP Blacklist and SPF Record checks in Exchange but the new ClearOS mail gateway configuration seems to interfere by placing itself as the originating IP. Here's an example from a message that Exchange quarantined by content check:

Received: from gateway.MYDOMAIN.com (192.168.123.1) by remote.MYDOMAIN.com
(192.168.123.2) with Microsoft SMTP Server id 14.2.247.3; Wed, 14 Mar 2012
10:35:20 -0400


This causes a definite issue with the SPF check:

Received-SPF: SoftFail (MYSERVER.MYDOMAIN.local: domain of transitioning
info@SPAMDOMAIN.info discourages use of 192.168.123.1 as permitted sender)


I'm not sure how the IP blacklist is being affected as I don't have verbose enough logging enabled to check, but I'm assuming it sees the same origin IP header as the SPF check.

Is this just a consequence of using a mail forwarding gateway or is there a way to have ClearOS retain the true origin IP?
In Mail
Wednesday, March 14 2012, 02:45 PM
Share this post:
Responses (4)
  • Accepted Answer

    Friday, May 18 2012, 06:48 PM - #Permalink
    Resolved
    0 votes
    Thanks Gene!

    Did you have to modify Exchange any other way to have it accept email from the ClearOS once it went through the antispam/antimalware? I posted this post earlier today and I haven't been able to figure out why email wasn't coming through: http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,41579/
    The reply is currently minimized Show
  • Accepted Answer

    Gene
    Gene
    Offline
    Friday, May 18 2012, 06:15 PM - #Permalink
    Resolved
    0 votes
    josh weinstein wrote:
    Could you be a little more specific as to what you did with regard to adding the ClearOS IP under Transport Settings in Exchange? I'd like to make this change as well.


    - Launch the EMC and connect to your Hub Trasnport server(s).
    - Organization Configuration -> Hub Transport -> Global Settings (Tab)
    - Open Transport Settings
    - In the Message Delivery tab, add your ClearOS IP as part of the perimeter IP list
    The reply is currently minimized Show
  • Accepted Answer

    Friday, May 18 2012, 05:57 PM - #Permalink
    Resolved
    0 votes
    Could you be a little more specific as to what you did with regard to adding the ClearOS IP under Transport Settings in Exchange? I'd like to make this change as well.
    The reply is currently minimized Show
  • Accepted Answer

    Gene
    Gene
    Offline
    Wednesday, March 14 2012, 04:31 PM - #Permalink
    Resolved
    0 votes
    It looks like I've found the solution :cheer: . I added the ClearOS IP under Transport Settings in Exchange as part of the perimeter network. Exchange now seems to look up one level for the origin IP, which I assume means that ClearOS was properly forwarding the whole IP chain in the first place.

    This now results in:
    Received-SPF: Pass (MYSERVER.MYDOMAIN.local: domain of
    SPAMMER@SPAMMYDOMAIN.com designates 74.63.213.23 as permitted sender)
    receiver=MYSERVER.MYDOMAIN.local; client-ip=74.63.213.23;
    helo=gateway.MYDOMAIN.com;


    Can't really help the HELO response but it isn't really part of the SPF check in the first place.


    Hopefully this will serve as useful reference for anyone else using Exchange & ClearOS.
    The reply is currently minimized Show
Your Reply