I have posted this question on the Declude Junkmail board for those familiar with that. We have a program from Declude called Hijack that tracks the from IP address of all out-going e-mail. What this product does is keeps track of the number of e-mail from a IP address, and if it exceeds a configured number, will hold them per the rule, thus eliminating large amount of out-going e-mail which would almost always be considered bulk e-mail, or junkmail. Here is my problem: The mail server is in the DMZ of a tri-homed ISA. The internal network uses NAT on the Internal Interface of the ISA. The mail server, of which Declude is on, sees all mail coming from the Internal network as coming from the IP of the DMZ interface on the ISA. Therefore, all e-mail sent from the internal through the mail server gets lumped together. Is there a way to pass the IP of the internal to the mail server for the tracking purpose? I am worried that this also might apply to client e-mail being sent from the client (via the Internet by way of the external interface of the ISA) to the mail server for processing. Any thoughts or comments? John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA 92835 714-578-7999, ext. 104 jtolmachoff@xxxxxxxxxxxxxxxx www.reliancesoft.com