none
SMTP server - Incorrect IP address stamped on outgoing email

    Question

  • I have a computer with 2 static IP addresses on the NIC card.

    On this computer, I am running Windows 2008 Server R2.

    Each IP address is used for two different, unrelated businesses/websites.

    In the set up of each virtual SMTP server, I specify which IP address to use, so that a reverse lookup will show that the outgoing emails match the domain with the IP address.

    However, ALL emails are being stamped with the lowest IP address listed in the GUI for the NIC.

    The following fixes do not work:

    DisableSocketPooling changed doesn't work

    My DNS and PTR records are set up correctly.

    In short, something is stamping or inserting the incorrect IP address.

    Please help!

    Thanks

    Friday, November 20, 2015 4:11 PM

Answers

  • Hi,

    "Won't all emails for both companies show a hop in the email header from mail.hostingcompany.com, i.e. the common OWA?"

    Yes, you will see a hop in the email headers for mail.hostingcompany.com. This is perfectly acceptable as many companies use a 3rd party to relay emails such as Trend, Message Labs, Office 365 etc and you'll see these SMTP servers listed in their message headers. 

    Exchange 2007 and higher doesn't use the SMTP virtual servers to send email. It uses the Exchange Transport Service instead. How do you have your outbound mail flow configured?

    Exchange will send email to the internet using the Send Connector which is configured with a source transport server. That source transport server selects a network adapter to use for each destination IP that it sends email to. 

    The Microsoft SMTP service (IIS 6.0) will listen on a particular IP that you specify but again the server will select a network adapter to use for each destination IP that it sends email to. 

    In both cases, Exchange and the Microsoft SMTP service select the network adapter using the same method. This is by looking at the routing table which you can view by running the command below:

    route print

    Here you'll see the default route (destination: 0.0.0.0, Netmask: 0.0.0.0), the gateway, interface and the metric. The server will select the route with the lowest metric. As you have two NICs but only one has a default gateway then you'll only see a single default route. If you have two default gateways then you'll see two routes. If you see two routes and they have the same metric then the server will use both routes equally to send email for each domain. If the metrics are different then all email for all domains will be sent using the lower metric and the network adapter which is configured with the lower metric. You cannot configure different source email domains to use different sending IPs if you're sending using this method. 

    If you want to use different IPs then I would suggest that you two separate servers in different domains and Exchange organizations so that each business has their own Exchange server.

    As your concern is that your shared IP is blacklisted then consider sending outbound email through a spam filter which will block outbound spam email and prevent you being blacklisted. 

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    • Marked as answer by smac693 Monday, November 30, 2015 4:03 PM
    Monday, November 30, 2015 12:49 PM

All replies

  • Hi,

    How do you have your networking set up on the server? Do you have a different network adapter for each IP or do you have a single network adapter with two IPs? Also, are these IPs on the same subnet? 

    It will all depend on the route metric to the recipient email server. Basically, when the server needs to send an email out, it will look up the MX records then select a route based on the destination network. If the network is the internet then it will use the default gateway. You need to configure the metric for the route so that the correct network adapter or IP is selected.

    If this doesn't provide enough information for you to resolve the issue, please let me know what your routing table looks like and let me know what IP you want to send email from and what network you need to send email to (e.g. the internet). To output the routing table, run this command: route print

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Friday, November 20, 2015 5:03 PM
  • Exchange doesn't dual home happily at all. There is almost nothing you can do to stop this behaviour.
    It doesn't look at the IP address of the NIC, there is no connection at all. It just makes a link to the outside world.

    You shouldn't have other web sites on and Exchange server, so my primary advise would be to get rid of them and have Exchange doing just Exchange.

    If you must (Against a lot of security best practises) then go to a single NIC, single IP address and use host headers.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    Friday, November 20, 2015 7:49 PM
  • This forum is for Exchange development questions. Please post mail flow questions to the mail flow forum on TechNet. I'll move this for you.
    Monday, November 23, 2015 4:45 PM
  • Hi Mark,

    Non-networked computer.

    Single NIC

    Multiple IPs (two for now)

    Same subnet

    Same metric

    Sending email to the internet

    So, to rehash:

    I have two, unrelated businesses.  I want to email a newsletter to each group of customers.  

    2 observations:

    1.  If this is never going to work per Simon's suggestion below, I am baffled as to why Microsoft's Virtual SMTP server would allow me to assign an IP address, but then stamp the incorrect IP address.

    2. What program is stamping the incorrect IP address and what table/file/record is it retrieving this from?

    3.  Could  I modify the table?

    I've tried changing the hosts file, the lmhosts file, and using the netsh add command.  Nothing works.

    Thanks

    Friday, November 27, 2015 9:40 PM
  • Hi Simon,

    I don't think using host headers will work (I may have tried that in the past).

    Even if I use host headers, the single IP address is still the one that is stamped into the email header record.

    What program is stamping that address?

    Where is it pulling the data from, ie. what table/file/etc.?

    There MUST be a program that is doing that.

    Thanks

    Friday, November 27, 2015 9:50 PM
  • Hi,

    You have two options here. The best one is to configure Exchange and all websites to use a single IP address and the other option is to continue using two IP addresses. 

    Using 1 IP address

    You have two websites that use port 80 on the same server. You can do this using the same IP by configuring the bindings on both web sites in IIS to use the same IP but then specify a host header. Both websites, e.g. www.contoso.com and www.litwareinc.com will need to resolve to the same public IP (the only public IP of the server). When IIS receives a request for www.contoso.com on port 80, it'll forward it to the correct website because it looks at the website host headers. The same will happen for www.litwareinc.com. Assuming you're using the same OWA settings for both businesses and are not customizing the page for either, you can use the same OWA virtual directory. Create a third website in IIS and create an OWA virtual directory on this then configure the bindings with a host header of mail.contoso.com and mail.litwareinc.com. This way connections for these addresses will be directed to the correct website. This sorts out IIS. More about host headers is here: https://technet.microsoft.com/en-gb/library/cc753195%28v=ws.10%29.aspx. The article says: "To host more than one Web site on a Web server, you can assign a unique IP address to each Web site, designate a non-standard TCP port number for a Web site, or use host headers. Of the three methods, it is more common to use host headers than to assign unique IP addresses to Web sites or to use non-standard TCP port numbers". This is what Simon mentioned earlier.  

    Once done, we move onto outbound SMTP. You can have both businesses sending from the same IP address. There is no problem with this and in fact many 3rd party cloud mail filter providers do the same. Your reverse DNS settings need to be such that the FQDN on the send connector matches the PTR record for that public IP. You also need an A record that matches the FQDN and the public IP. The FQDN can be any name you want as long at the PTR and A record match so you can call it something like mail.hostingcompany.com. More information about reverse DNS is here: http://markgossa.blogspot.com/2015/09/exchange-2007-2013-reverse-dns.html. As for your SPF record, you can create the same SPF record for both domains as they will be sending from the same IP. More information about SPF records is here: http://markgossa.blogspot.com/2015/08/understanding-spf-records-part-1.html.

    Now we move onto inbound SMTP. You can set up both domains to use the MX record mail.hostingcompany.com which resolves to your Exchange public IP. Having both businesses using the same IP is not a problem.

    Using all the above information, you can configure your two websites, and OWA, inbound and outbound email for both companies using a single IP address on Exchange. Neither company will know that they are using the same server unless they actively look up the MX records for the other company but they will need to find out what company it is another way (other than DNS/Exchange etc).

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Friday, November 27, 2015 10:43 PM
  • Hi Mark,

    You wrote: "Your reverse DNS settings need to be such that the FQDN on the send connector matches the PTR record for that public IP. You also need an A record that matches the FQDN and the public IP. The FQDN can be any name you want as long at the PTR and A record match so you can call it something like mail.hostingcompany.com. "

    Won't all emails for both companies show a hop in the email header from mail.hostingcompany.com, i.e. the common OWA?

    The risk here is that if hostingcompany.com becomes blacklisted for some reason, ALL of my businesses which use that domain would become blocked.

    Otherwise I think your solution would work.  But I'd rather keep the business separate.

    I assign IP addresses to each virtual server using the Microsoft GUI.

    When I send a newsletter, I can see the folders becoming populated for each business.  There are emails in c:\companyA\queue and in c:\companyB\queue with proper header records - a reverse DNS check would show the domains and IPs match.

    However, when the emails are finally transmitted to the recipient's SMTP server, another email header entry is created with the correct domain but an incorrect IP address, which is always the first one in the GUI for the NIC.

    Why?

    What program is creating this entry?

    What file/table is this program accessing?

    Could I modify the file to prevent this behavior?

    For what reason would someone want the wrong IP address after having gone through the entire exercise of setting up a website and a virtual SMTP server using Microsoft's GUI which allows you to assign an IP address?

    Here is an example of my header record:

    Received: from 127.0.0.1  (EHLO mta.MyCorrectDomain.com) (incorrect IP address)
      by mta1232.mail.ne1.yahoo.com with SMTP; Fri, 27 Nov 2015 19:17:43 +0000
    Received: from MyCorrectDomain.com ([correct IP address]) by mta.MyCorrectDomain.com with Microsoft SMTPSVC(7.5.7600.16601);
    Fri, 27 Nov 2015 13:17:41 -0600

    The incorrect IP address in bold is the first one on my NIC card.  

    Thanks

    Saturday, November 28, 2015 7:53 PM
  • Hi,

    "Won't all emails for both companies show a hop in the email header from mail.hostingcompany.com, i.e. the common OWA?"

    Yes, you will see a hop in the email headers for mail.hostingcompany.com. This is perfectly acceptable as many companies use a 3rd party to relay emails such as Trend, Message Labs, Office 365 etc and you'll see these SMTP servers listed in their message headers. 

    Exchange 2007 and higher doesn't use the SMTP virtual servers to send email. It uses the Exchange Transport Service instead. How do you have your outbound mail flow configured?

    Exchange will send email to the internet using the Send Connector which is configured with a source transport server. That source transport server selects a network adapter to use for each destination IP that it sends email to. 

    The Microsoft SMTP service (IIS 6.0) will listen on a particular IP that you specify but again the server will select a network adapter to use for each destination IP that it sends email to. 

    In both cases, Exchange and the Microsoft SMTP service select the network adapter using the same method. This is by looking at the routing table which you can view by running the command below:

    route print

    Here you'll see the default route (destination: 0.0.0.0, Netmask: 0.0.0.0), the gateway, interface and the metric. The server will select the route with the lowest metric. As you have two NICs but only one has a default gateway then you'll only see a single default route. If you have two default gateways then you'll see two routes. If you see two routes and they have the same metric then the server will use both routes equally to send email for each domain. If the metrics are different then all email for all domains will be sent using the lower metric and the network adapter which is configured with the lower metric. You cannot configure different source email domains to use different sending IPs if you're sending using this method. 

    If you want to use different IPs then I would suggest that you two separate servers in different domains and Exchange organizations so that each business has their own Exchange server.

    As your concern is that your shared IP is blacklisted then consider sending outbound email through a spam filter which will block outbound spam email and prevent you being blacklisted. 

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    • Marked as answer by smac693 Monday, November 30, 2015 4:03 PM
    Monday, November 30, 2015 12:49 PM
  • Hi Mark,

    Thanks for the help.

    I noticed something strange in my route table:

    The interface is the same for all of the IP addresses I entered into the GUI for the NIC - it's the first IP listed.

    I will try to edit the route table and change the interface and analyze the results.

    Thanks

    Monday, November 30, 2015 4:02 PM