Ok folks. I usually be a lurker on this list but now I do have a weird problem I can't nail down and need some help form the real experts. I'm running a Win2k SP3 network with ISA SP1 (plus latest public QFEs for ISA and Win2k post-SP3). ISA 2000 Enterprise runs in AD integrated as (currently single) array member. The external NIC has 4 IPs assigned, the internal only one. The ISA SMTP Filter is installed but is not running. The machine also has the Win2k SMTP Service installed because we need it to route SMTP traffic between the several external domains to the internal company SMTP servers. Because of that I have created server publishing rules which listen on a particular external IP and forward the request to the ISA internal IP. Socket pooling on the Win2k SMTP is disabled and the SMTP Virtual Server is configured to listen only at the internal IP. The problematic part is that when I look at an SMTP header of a message received on one of the internal SMTP servers I'll see the following: Received: from www.webelists.com ([127.0.0.1]) by mail.cdolive.com with Microsoft SMTPSVC(5.0.2195.4905); Did somebody spot the problem? *ALL* incoming SMTP headers list 127.0.0.1 as sending host IP. This should of course be the real IP of the sending host (in this case 63.170.166.28). So, what did I do wrong? Because of that config issue my DNS RBL mail blocking software doesn't work because it relies on the sending client IP address to do a DNS lookup if the sender is a SPAM'er or open relay. Any idea is appreciated! Thanks!! <Cheers:Siegfried runat="server" />