Related IP is my router RSS

1

Hi,

my orf fusion is not filtering emails, all appears whitelisted or pass.

I detected that Related IP is allways my router IP,

Can I do something??

Thanks.

by mfreixa 2 years ago
2

@mfreixa: Hell mfrexia,

I suspect that the IP address of your router is missing from the Intermediate Host List (ORF Administration Tool > Blacklists > Intermediate Hosts), thus ORF thinks that the emails are coming from an intranet host and it whitelists them accordingly.

To determine the source IP address of an email, ORF inspects the “Received:” header fields in the message header, starting from the last recorded host. If the IP address of the examined host is on the Intermediate Host List, it gets skipped and ORF checks the next address. This continues until ORF finds a non-intermediate host address (=the source IP address), which then is used for ORF’s IP-based tests. Setting up the Intermediate Host List correctly is crucial for accurate filtering: It needs to include each delivery hop (SMTP hosts) between your network perimeter and the ORF server.

Please let me know if this has helped to solve the issue.

by Daniel Novak (Vamsoft) 2 years ago
(in reply to this post)

3

@Daniel Novak (Vamsoft): Hello,

we added ip to intermediate hosts but still appearing the same IP in Related IP,

the menu where we added is Administration Tool >Filtering > Intermediate Hosts, not in Blacklist, it does not appears.

Thanks

by mfreixa 2 years ago
(in reply to this post)

4

@mfreixa: Hello mfreixa,

Have you saved the ORF configuration ('Ctrl + S' or File > Save Configuration) to apply the new settings? If so, please make sure that nothing strips the “Received: from” lines from the message header (e.g. firewall, router or another internal SMTP host in the delivery chain), otherwise ORF will not be able to determine the source IP address of the incoming emails and will not function properly.

To verify that the message headers arrive intact, open one of the received emails (that seemingly originated from your router) in Outlook, invoke the Properties dialog from the File menu and check the "Internet headers" field at the bottom of the dialog box. You should see multiple "Received:" headers (with hostname, IP and time-stamp), one for each mail transfer agent that has received and forwarded the message. You may trace back any message to the original sender by reading the Received headers from top to bottom, so there should be at least one external IP address below your router's IP if everything is set up properly.

by Daniel Novak (Vamsoft) 2 years ago
(in reply to this post)

5

Please disable inbound nat on your smtp inbound rule.

by HV 2 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed