IP Whitelist - ORF Forums

IP Whitelist RSS Back to forum

1

I'm using ORF Fusion whith Exchange Server 2010.
Server doesn't have own external address, i'm using Kerio Control and port mapping to publish exchange server at internet.

And that is a problem, any rules doesn't work because:
"Whitelisted by the IP Whitelist: email originated from an Intermediate Host / intranet."

by Yan 2 years ago
2

Hello Yan,

First of all, make sure that all of the enabled ORF tests are assigned to the On Arrival filtering point as well on the Filtering > Tests page in the ORF Administration Tool. In case you have to update the test assignments, save the ORF configuration afterwards to apply the new settings. If this does not help, that means something is removing the delivery path information (i.e., the Received: from lines) from the email headers, thus ORF cannot determine the IP address of the actual sender (Header analysis explained: http://vamsoft.com/r?o-hto-headeranalysis).

The culprit most of the time is an internal SMTP proxy, firewall or an email security appliance that relays emails to the ORF server. You will need to identify the problematic host and modify its settings to preserve the original headers.

Let me know if this has helped.

by Daniel Novak (Vamsoft) 2 years ago
3

@Daniel Novak (Vamsoft): Kerio Control doesn't modify any headers. It doesn't works like realy, it works like Reverse NAT.


So, in headers i see something like that:

Received: from rikkimountin.ru (10.40.2.100) by SUN.capsi.local (10.30.2.11)

or

Received: from x2f253cc.dyn.telefonica.de (10.40.2.100) by SUN.capsi.local (10.30.2.11)



where 10.40.2.100 is internal address of Kerio Control

by Yan 2 years ago
(in reply to this post)

4

Are there any other "Received: from" lines in the message header that contain public IP addresses? If not, you can be absolutely sure that you are not looking at the original message header - unless it is an internal email. Check the IP addresses logged in the first "Received: from" line (from the bottom) in order to find the culprit.

Whichever host or service is responsible for this, its settings must be changed. Removing the "Received: from" lines from the message header is a violation of the RFC standards:

https://tools.ietf.org/html/rfc5321#section-4.4

When an SMTP server receives a message for delivery or further
processing, it MUST insert trace ("time stamp" or "Received")
information at the beginning of the message content,

[...]

An Internet mail program MUST NOT change or delete a Received: line
that was previously added to the message header section. SMTP
servers MUST prepend Received lines to messages; they MUST NOT change
the order of existing lines or insert Received lines in any other location.

by Daniel Novak (Vamsoft) 2 years ago
5

@Daniel Novak (Vamsoft): But i'm using router, not Smtp server. Router doesn't modify any headers.

by Yan 2 years ago
(in reply to this post)

6

@Yan: When you say router, I suppose you are referring to your Kerio Control router. A quick google search shows that it is an all-in-one gateway solution with firewall and anti-virus capabilities, so it might very well temper with the email headers.

by Daniel Novak (Vamsoft) 2 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2