ลงชื่อเข้าใช้
 
หน้าหลักLibraryเรียนรู้ดาวน์โหลดการแก้ไขปัญหาชุมชนฟอรัม
ทรัพยากรสำหรับผู้เชี่ยวชาญด้าน IT >
Problems with email from Bigfish.com or How can Bigfish get away with using private IP addresses?

คำตอบ Problems with email from Bigfish.com or How can Bigfish get away with using private IP addresses?

  • 17 กุมภาพันธ์ 2554 0:07
     
     
    ลงชื่อเข้าใช้เพื่อโหวต
    0

    We've had sporadic problems with receiving email from our vendors that use Exchange Online (Bigfish).  Every few weeks I'll get a call that we are blocking email from VENDOR A and I always respond that it's not us, but an upstream SMTP host that can't figure out how to find us.

    Well today I finally received the full headers from one of the undeliverable notices that VENDOR A received and noticed something odd:

    ------------------------------------------------------------------------------------------------
    Generating server: bigfish.com
     
    USER@ourdomain.org
    #< #4.4.7 smtp;550 4.4.7 QUEUE.Expired; message expired> #SMTP#
     
    Original message headers:
     
    Received: from mail56-am1-R.bigfish.com (10.3.201.240) by
     AM1EHSOBE002.bigfish.com (10.3.204.22) with Microsoft SMTP Server id
     14.1.225.8; Thu, 27 Jan 2011 17:55:13 +0000
    Received: from mail56-am1 (localhost.localdomain [127.0.0.1])   by
     mail56-am1-R.bigfish.com (Postfix) with ESMTP id C340F1B7010C   for
     USER@ourdomain.org; Thu, 27 Jan 2011 17:55:13 +0000 (UTC)
    Received: from mail56-am1 (localhost.localdomain [127.0.0.1]) by mail56-am1
     (MessageSwitch) id 129615091328720_15110; Thu, 27 Jan 2011 17:55:13 +0000
     (UTC)
    Received: from AM1EHSMHS002.bigfish.com (unknown [10.3.201.247])        by
     mail56-am1.bigfish.com (Postfix) with ESMTP id 02482908051      for
     USER@ourdomain.org; Thu, 27 Jan 2011 17:55:13 +0000 (UTC)
    Received: from SGBZ012603.TlrsMail.VENDORA.local (79.141.34.125) by
     AM1EHSMHS002.bigfish.com (10.3.207.102) with Microsoft SMTP Server (TLS) id
     14.1.225.8; Thu, 27 Jan 2011 17:55:09 +0000
    Received: from sgbd022605.tlrsmail.VENDORA.local (10.32.4.245) by
     SGBZ012603.TlrsMail.VENDORA.local (10.32.11.43) with Microsoft SMTP Server
     (TLS) id 8.1.340.0; Thu, 27 Jan 2011 17:55:08 +0000
    Received: from SGBD012601.tlrsmail.VENDORA.local ([10.32.4.42]) by
     sgbd022605.tlrsmail.VENDORA.local ([10.32.4.245]) with mapi; Thu, 27 Jan 2011
     17:55:07 +0000 
    ------------------------------------------------------------------------------------------------------

    It looks like Bigfish has SMTP hosts using IP addresses from the PRIVATE 10.0.0.0/8 IP block.  Now it just so happens about 6 months ago I had placed a rule on our firewall to block all inbound SMTP traffic from non-US or non-legitimate IPs, which naturally included the three private IP blocks.  I've since added the 10.0.0.0/8 block to the allowed list to see if that fixes the problem.  So it appears I may have been blocking these messages all along ...

    However I'm still a bit confused ...

    Can someone please explain to me how Bigfish can route SMTP traffic over the public internet using hosts with PRIVATE IP addresses?  A basic rule of TCP/IP is that IP traffic from the three private IP blocks CANNOT be routed over the public internet.  So how is Microsoft (apparently) getting away with breaking this basic rule?

    Any comments or feedback is greatly appreciated.  I know it's academic at this point, but I just had to ask someone in the hopes of getting an explaination.

    Thank you for your time.

    Regards,

    Greg Watson
    Network Administrator
    Firstmark Credit Union
    San Antonio, TX

     

ตอบทั้งหมด

  • 17 กุมภาพันธ์ 2554 13:02
     
     คำตอบ
    ลงชื่อเข้าใช้เพื่อโหวต
    1

    Hi Greg, they are just using the Internal IP addresses to route mail between their internal servers.  All that traffic you see in the headers is going through their internal network.  What you don't see in the header is the next hop, where their servers try and connect to yours.  At that hop their server would be communicating with yours over their Public IP which would be routable. If you send a message from your server to an Interenet address and examine the headers I would guess you'd probably see your internal IP's in that header as well.   

    In my mind that this message doesn't tell you too much.  It basically shows it was routed through Bigfish, but when it tried to transfer the message to your server it failed, and there isn't an explanation of why.  I would have have the customer contact FOPE support to see if they can get more details, or I would look at the logs on your server to see if you see a connection attempt...this would be difficult though, since you don't know what IP the message is coming from.

    Chad

    Chad Mosman, MessageOps | www.MessageOps.com
     
  • 24 มิถุนายน 2554 15:57
     
     
    ลงชื่อเข้าใช้เพื่อโหวต
    0

    My university email address is sending messages out to a bunch of randoms, i googled some code in a sending failed email and it brought me here. Is there any way i can stop it from sending them out? People are starting to get ticked off at me. 

    Cheers, |Alfie|

     
  • 1 ตุลาคม 2554 2:49
     
     
    ลงชื่อเข้าใช้เพื่อโหวต
    0
    What you should be looking at is the IP address of 127.0.0.1 listed in the middle of the bounced message as this IP address is showing up in all of these types of messages in online complaints.  When I ping the routers in my MAC, this address shows up and the certificate on my MAC key chain opens as the Department of Defense (600 pages)  This is also the IP address of the hackers who hacked the Iran nuclear facility (See Symantec Stuxnet Dossier p. 11 online)  So Big Fish is the gateway for IP 127.0.0.1 and why is the government hacking computers?  I also have a screen shot of the NSA trapping my signal and locating machine.  I have a similar bounced message in my email.
     
  • 8 พฤศจิกายน 2554 3:05
     
     
    ลงชื่อเข้าใช้เพื่อโหวต
    0
    What you should be looking at is the IP address of 127.0.0.1 listed in the middle of the bounced message as this IP address is showing up in all of these types of messages in online complaints.  When I ping the routers in my MAC, this address shows up and the certificate on my MAC key chain opens as the Department of Defense (600 pages)  This is also the IP address of the hackers who hacked the Iran nuclear facility (See Symantec Stuxnet Dossier p. 11 online)  So Big Fish is the gateway for IP 127.0.0.1 and why is the government hacking computers?  I also have a screen shot of the NSA trapping my signal and locating machine.  I have a similar bounced message in my email.

    lol. Wrong on so many levels.
     
  • 6 มีนาคม 2555 23:24
     
     
    ลงชื่อเข้าใช้เพื่อโหวต
    0

    that's messed up man: 

     
  • 23 พฤษภาคม 2555 10:57
     
     
    ลงชื่อเข้าใช้เพื่อโหวต
    0
    Strange, I was always tought that 127.0.0.1 is a local loop back ip for network card diagnostics.