Comments on: A Solution to the Static NAT and the SMTP Reverse Lookup Problem

by: Jack

Tue, 16 Dec 2008 19:36:55 +0000

Hi Tom,

We have only one email server. When we send an email, it has a source IP of x.x.x.117. The problem is that the MX record is to x.x.x.118. This is a major problem because of Spam enginees. The Spam engines will see a difference in IP address and think it is Spam. There are third party solutions out there that will do this for us, for a price. Is there ANY way to do this in the ISA configuration?

by: Andrew

Tue, 01 Jul 2008 14:40:54 +0000

Same problem with EE here and mail servers. For now we’ve hardcoded our outgoing mailserver to use only one array member, so the outgoing IP is consistent. Kind of defeats the failover protection of having the array, but its what we’re stuck with right now.

by: Andre van den Berg

Tue, 08 Apr 2008 12:03:28 +0000

Helo Tom,

Pierre has right with ISA EE with two servers and NLB. We have also ISA 2006 EE with two servers and NLB.

One time the mail is send from xxx.xxx.xxx.66 and other time xxx.xxx.xxx.67

by: Thomas Shinder

Wed, 30 May 2007 00:17:38 +0000

Hi Lance,

That’s correct, but it doesn’t matter. These solutions only check for the last hop address, so as long as you use a smart host, it doesn’t matter how many public IP addresses you have.

HTH,
Tom

by: Lance Prager

Tue, 29 May 2007 23:45:32 +0000

Unfortunately, without actually changing the IP for outbound mail, abuse checking services will not work with this solution.

They check the sending ip which is registered. Reverse DNS is not often used anymore in spam prevention scenaraios, instead most engines rely on RBL services and that means IP

So, without Static NAT you can really only use one outbound public IP address regardless of the number of static public IP’s you have.

by: Pierre Dufresne

Fri, 26 Jan 2007 21:16:26 +0000

It works OK with one ISA server.
If you have a pair of ISA EE 2004 servers load balanced with NLB, you will never know which ISA server is used to relay the mail and you are stuck with the same original problem.

by: Thomas Shinder

Tue, 12 Dec 2006 23:20:35 +0000

Hi Henrik,

Is does solve the problem because rDNS lookups just check the last hop. They don’t try to resolve the MX domain name of the source email message.

HTH,
Tom

by: Henrik Zawischa

Tue, 12 Dec 2006 13:45:46 +0000

Hi, Tom,

this does not really solve the problem. Why? Because what we want is two different names and addresses for two different domains. So that the mail-flow is seperated completely. Your approach brings it all back to one relay - the source of all mails will be one IP.

We think that this lack of static NAT is a major shortcoming in ISA Server. There is no workaround.

Henrik

by: Mike Wooldridge

Wed, 22 Nov 2006 17:42:37 +0000

Hi Tom, i just read this article “A Solution to the Static NAT and the SMTP Reverse Lookup Problem” and understand the concept but wonder how this might help with another scenario that happens while hosting mail for clients, if all email is sent out via the same ip and a client’s smtp instance gets spammed, even with all the necessary blocks in place, then the IP number sending email gets on a black list and finally no one can send email. What are your thoughts. Thank you.