Rejected IP not ours

[Stevemann]

Hello everyone,

I have a user that is sending a long existing contact email as normal through our Exhange server and is having random messages returned. The problem is, the rejected IP adress in the report (206.16.192.253), is NOT our IP adress. I don't understand how this is happening. I've only had the one user report this problem. The report he receives back is below. I've removed some information for privacy reasons:

From: MAILER-DAEMON [mailto:MAILER-DAEMON]

Sent: Monday, December 05, 2005 1:19 PM

To: MBraun[at][ourdomain].com

Subject: Undelivered Mail Returned to Sender

This is the Postfix program at host mail25-ash-R.bigfish.com.

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can delete your own text from the attached returned message.

The Postfix program

<Greg.Hecker[at][contactsdomain].com>: host 12.34.xxx.xxx[12.34.xxx.xxx] said: 550 5.2.1

Mailbox unavailable. Your IP address 206.16.192.253 is blacklisted using

SPAMCOP. Details: Blocked - see

http://www.spamcop.net/bl.shtml?206.16.192.253. (in reply to RCPT TO

command)

===============

Any thoughts as to what is going on? I tried searching, but didn't find any answers. It could be I wasn't wording my search correctly.

Thanks in advance.

Steve

[Telarin]

Do you have your exchange server configured to send email directly using DNS, or is it forwarding through a smarthost? If the later is the case, then it may be that the IP address is that of your ISPs smarthost.

Actually, on further review, an nslookup shows:

Name: mail-ash.bigfish.com

Address: 206.16.192.253

Are you certain that this is not the IP address of your mail server?

If you are, then what is the correct IP for your outgoing mail server?

Is your server perhaps sitting behind a firewall using port forwarding to forward to an internal IP address like 192.168.1.100 and the 206.16.192.253 is the outside IP of your firewall/router?

Edit:

Another posibility is that bigfish.com is the destination server. If this is the case, it could be that this client is using a front-end server that receives the mail and then relays it to a back-end server for delivery to a mailbox. This configuration is not uncommon for large organizations (500+ users), however, if it isn't set up just right, you can end up blocking your own server if you aren't careful. If that is the case, then the problem is completely on the recipients end, and you should notify them at their postmaster address.

Looking at the fact that the server mail25-ash-R.bigfish.com is rejecting from mail-ash.bigfish.com, I would say this is almost certainly the problem.

[Stevemann]

[...]

Edit:

Another posibility is that bigfish.com is the destination server. If this is the case, it could be that this client is using a front-end server that receives the mail and then relays it to a back-end server for delivery to a mailbox. This configuration is not uncommon for large organizations (500+ users), however, if it isn't set up just right, you can end up blocking your own server if you aren't careful. If that is the case, then the problem is completely on the recipients end, and you should notify them at their postmaster address.

Looking at the fact that the server mail25-ash-R.bigfish.com is rejecting from mail-ash.bigfish.com, I would say this is almost certainly the problem.

37226[/snapback]

I think you're on to something there. Our server is indeed behind a firewall/router. However, our external IP is not the offending one listed above (it's not even on the same subnet or anything close), so as you pointed out, it sounds likely that the trouble lies on the recipents end.

I'll follow up with them and pass on the information you've shared.

Thanks for your help,

Steve