RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP

• From: "Bryan D. Andrews" <bandrews@xxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 31 May 2005 11:48:13 -0400

Just bringing this one back to the table to see if anyone has seen any
movement on this.

Our problem is that we have more than 1 internal mail server and no
external servers to be the relay. All smtp outbound traffic leaves
through the default IP which the reverse dns does not match our mail
server names and thus we are being blocked by domains requiring this. 

Thanks for any thoughts. 

-----Original Message-----
From: Bryan D. Andrews 
Sent: Tuesday, November 23, 2004 11:28 AM
To: '[ISAserver.org Discussion List]'
Subject: RE: [isalist] RE: SPF problem: was RE: Publishing an Exchange
Server and email still going out through the default IP

Does it not seem a little strange that ISA works like this? Do other
popular firewalls such as CheckPoint behave like this for published
servers?


-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, November 23, 2004 2:30 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SPF problem: was RE: Publishing an Exchange
Server and email still going out through the default IP

http://www.ISAserver.org

But if there is an A or PTR record related to the IP of the external nic
of ISA, and that record shows the domain, then again anything coming out
of it will pass.

BTW, many of us active in the war are spam are not scoring or relying on
SPF PASS. This is because spammers are also setting up SPF records. We
are instead mainly using SPF FAIL.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You

> -----Original Message-----
> From: Steve Moffat [mailto:steve@xxxxxxxxxx]
> Sent: Monday, November 22, 2004 6:11 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: SPF problem: was RE: Publishing an Exchange 
> Server
and email
> still going out through the default IP
> 
> http://www.ISAserver.org
> 
> Just set your spf up to allow from your domain, or IP no issues that 
> way.
> 
> S
> 
> -----Original Message-----
> From: Bryan D. Andrews [mailto:bandrews@xxxxxxxxxxxxxxxxxx]
> Sent: Monday, November 22, 2004 9:29 PM
> To: ISA Mailing List
> Subject: [isalist] SPF problem: was RE: Publishing an Exchange Server 
> and email still going out through the default IP
> 
> http://www.ISAserver.org
> 
> So this has come full circle and I have determined that this could 
> actually cause issues with SPF.
> 
> With our specific setup, we do not have a frontend server out in the 
> dmz to forward mail through (though we probably should). Because of 
> this situation our mail from our exchange server connects out through 
> the same ip that the rest of our network does (the default on the nic 
> of
> ISA) even though the server is published via another ip coming in.
> 
> This means that I have to add the default ip to the spf record which 
> means that my entire network is "cleared via spf" to send emails 
> (which is not the best policy). No doubt many other ISA users have the

> same issue...
> 
> Is there any intention to allow a published server to communicate 
> outward through the same port? This would seem to be a problem moving 
> forward.
> 
> Thanks for any thoughts.
> 
> 
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Monday, September 06, 2004 8:53 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Publishing an Exchange Server and email still 
> going out through the default IP
> 
> http://www.ISAserver.org
> 
> Hi Ray,
> 
> I do the same thing with a Windows SMTP relay. I don't use RBLs though

> for religious reasons ;-)
> 
> Thanks!
> Tom
> 
> -----Original Message-----
> From: Ray [mailto:rdzek@xxxxxxxxxxxxxxx]
> Sent: Monday, September 06, 2004 7:41 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Publishing an Exchange Server and email still 
> going out through the default IP
> 
> http://www.ISAserver.org
> 
> Many folks "frontend" their Exchange servers with a unix/linux 
> sendmail/qmail/exim/postfix server.  The linux box becomes your 
> central email "hub" for the enterprise and all email is properly 
> "masked" to appear to come from a single ip.  It is also a handy place

> to implement things like SpamAssassin, RBL's, and preliminary 
> Anti-Virus and Attachment policy enforcement.
> 
> 
> Ray Dzek
> Network Operations Supervisor
> Specialized Bicycle Components
> 
> -----Original Message-----
> From: Bryan D. Andrews [mailto:bandrews@xxxxxxxxxxxxxxxxxx]
> Sent: Monday, September 06, 2004 10:49 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Publishing an Exchange Server and email still going

> out through the default IP
> 
> 
> http://www.ISAserver.org
> 
> I have posted in the past on this topic and no one seemed to have any 
> ideas...
> 
> Essentially our ip for our exchange server is xxx.xxx.xxx.150 but our 
> default ip for isa is xxx.xxx.xxx.131. All our outgoing mail still 
> appears to be coming from 131.
> 
> Does the newest ISA help with this issue?
> 
> Thanks!
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading 
> Network Software Directory: http://www.serverfiles.com No.1 Exchange 
> Server Resource Site: http://www.msexchange.org Windows Security 
> Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> rdzek@xxxxxxxxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading 
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows 
> Security Resource Site: http://www.windowsecurity.com/ Network 
> Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading 
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows 
> Security Resource Site: http://www.windowsecurity.com/ Network 
> Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> bandrews@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading 
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows 
> Security Resource Site: http://www.windowsecurity.com/ Network 
> Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> isalist@xxxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading 
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows 
> Security Resource Site: http://www.windowsecurity.com/ Network 
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP

1. Home
2. isalist
3. Archive
4. 05-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---