RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP

• From: "Bryan D. Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 23 Nov 2004 11:27:42 -0500

Does it not seem a little strange that ISA works like this? Do other
popular firewalls such as CheckPoint behave like this for published
servers?


-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Tuesday, November 23, 2004 2:30 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SPF problem: was RE: Publishing an Exchange
Server and email still going out through the default IP

http://www.ISAserver.org

But if there is an A or PTR record related to the IP of the external nic
of
ISA, and that record shows the domain, then again anything coming out of
it
will pass.

BTW, many of us active in the war are spam are not scoring or relying on
SPF
PASS. This is because spammers are also setting up SPF records. We are
instead mainly using SPF FAIL.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You

> -----Original Message-----
> From: Steve Moffat [mailto:steve@xxxxxxxxxx]
> Sent: Monday, November 22, 2004 6:11 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: SPF problem: was RE: Publishing an Exchange
Server
and email
> still going out through the default IP
> 
> http://www.ISAserver.org
> 
> Just set your spf up to allow from your domain, or IP no issues that
> way.
> 
> S
> 
> -----Original Message-----
> From: Bryan D. Andrews [mailto:bandrews@xxxxxxxxxxxxxxxxxx]
> Sent: Monday, November 22, 2004 9:29 PM
> To: ISA Mailing List
> Subject: [isalist] SPF problem: was RE: Publishing an Exchange Server
> and email still going out through the default IP
> 
> http://www.ISAserver.org
> 
> So this has come full circle and I have determined that this could
> actually cause issues with SPF.
> 
> With our specific setup, we do not have a frontend server out in the
dmz
> to forward mail through (though we probably should). Because of this
> situation our mail from our exchange server connects out through the
> same ip that the rest of our network does (the default on the nic of
> ISA) even though the server is published via another ip coming in.
> 
> This means that I have to add the default ip to the spf record which
> means that my entire network is "cleared via spf" to send emails
(which
> is not the best policy). No doubt many other ISA users have the same
> issue...
> 
> Is there any intention to allow a published server to communicate
> outward through the same port? This would seem to be a problem moving
> forward.
> 
> Thanks for any thoughts.
> 
> 
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Monday, September 06, 2004 8:53 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Publishing an Exchange Server and email still
> going out through the default IP
> 
> http://www.ISAserver.org
> 
> Hi Ray,
> 
> I do the same thing with a Windows SMTP relay. I don't use RBLs though
> for religious reasons ;-)
> 
> Thanks!
> Tom
> 
> -----Original Message-----
> From: Ray [mailto:rdzek@xxxxxxxxxxxxxxx]
> Sent: Monday, September 06, 2004 7:41 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Publishing an Exchange Server and email still
> going out through the default IP
> 
> http://www.ISAserver.org
> 
> Many folks "frontend" their Exchange servers with a unix/linux
> sendmail/qmail/exim/postfix server.  The linux box becomes your
central
> email "hub" for the enterprise and all email is properly "masked" to
> appear to come from a single ip.  It is also a handy place to
implement
> things like SpamAssassin, RBL's, and preliminary Anti-Virus and
> Attachment policy enforcement.
> 
> 
> Ray Dzek
> Network Operations Supervisor
> Specialized Bicycle Components
> 
> -----Original Message-----
> From: Bryan D. Andrews [mailto:bandrews@xxxxxxxxxxxxxxxxxx]
> Sent: Monday, September 06, 2004 10:49 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Publishing an Exchange Server and email still going
> out through the default IP
> 
> 
> http://www.ISAserver.org
> 
> I have posted in the past on this topic and no one seemed to have any
> ideas...
> 
> Essentially our ip for our exchange server is xxx.xxx.xxx.150 but our
> default ip for isa is xxx.xxx.xxx.131. All our outgoing mail still
> appears to be coming from 131.
> 
> Does the newest ISA help with this issue?
> 
> Thanks!
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com No.1 Exchange
> Server Resource Site: http://www.msexchange.org Windows Security
> Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> rdzek@xxxxxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network
Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network
Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> bandrews@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network
Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> isalist@xxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP
• » RE: SPF problem: was RE: Publishing an Exchange Server and email still going out through the default IP

1. Home
2. isalist
3. Archive
4. 11-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---