Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is our IP being spoofed?

Status
Not open for further replies.

pkirill

Technical User
Jun 15, 2002
134
US
I'm an 'inside network guy' and not an expert on the ways of the web so hopefully one of the gurus here can help. We've had trouble sending emails to a particular client. They get returned and the NDR states that "Client host [206.42.141.5] blocked using 88.blacklist.zap". The PROBLEM is that the IP noted in the NDR has nothing to do with us. I've been back and forth with the MS Exchange Host tech folks (who are decidedly not helpful) and they just keep sending me reports of the spam that they are filtering - again, none the email we sent is in those reports and the IP address associated with the sender has nothing to do with our network...

We have a very simple setup where we host our own Exchange, have a Watchguard firewall, and T1 with a single static IP...

So I guess my question is: Can anyone explain any reason or possibility why our IP address (67.62.xxx.xxx) could be blocked? I'm primarily looking for direction on where to go looking for a problem on our end as right now I don't think there is one...

Thanks for any help!
 
Unless our ISP (cavtel) is doing it downstream, we don't use a smarthost.

It would seem that our mail has to be leaving our gateway, going somewhere (ie. the 206.xxx.xxx.xx) and being re-routed along with spam.

I didn't think this could be related to Exchange, but I'll certainly take the advice.

Thanks for the reply!
 
What is the domain name under which the mail is being sent?
 
That domain looks OK at mxtoolbox except that you don't have any SPF records. If you're not using a smarthost on the exchange server, does outgoing mail pass through your barracuda and if so, does it send directly to the recipient or does it use an outgoing smarthost?

Other info that would be better discussed in the Exchange forum would be wether or not there are any other exchange servers and routing groups between them.
 
How do you send your mail? ie, do you use an email relay/filtering service, or send it directly yourself?

that IP address appears to belong to "OrgNOCName: Cogent Communications " - there must be some reason your mail is bouncing off them?

On the other hand - for the mail domains that are failing, do a DNS lookup for their MX records - perhaps *they* have that as their destination address? (Which would be hilarious, if their blacklist filters out their own MX relay....)
 
(Which would be hilarious, if their blacklist filters out their own MX relay....)
Funny you should mention it - it appears to be what is going on. Our mail is following the path in the client's MX record, which is directed to a 'pre-filtering' service and then sent on to the client's end servers. That's where the hiccup is. The IP in question is not the IP of the filtering service - so there's something hinky with the DNS there. The client's end servers are on the Frontbridge network which does it's own filtering and thus the blockage and NDR. It's still an issue as to why/how we get the NDR's...
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top