Backup MX Replacing Original Sender IP

Problem reported by Manuel Martins - 1/22/2024 at 2:28 PM

Resolved

Hi,

We are using Smartermail Free latest Build 8776 on a Secondary Server as a Backup MX for my Primary Smartermail Licensed Server (With Cyren AntiSpam and AntiVirus) and I don't know how long this has been happening but we are facing a big problem with emails that come by the Secondary Backup MX Server, those emails are hitting SPAM High because of SPF fails.

When an email is received on the Secondary Backup MX Server after running on the spool it is delivered to the Primary Smartermail Server but the Original Sender IP is replaced by the IP of the Secondary Backup MX Server so when it gets to Spam Checks on the Primary Server the SPF fails because the system is validating the SPF with our IP of the Secondary Backup MX Server not with the Original Sender IP.

We want to make Spam Checks always on the Primary Server (better antispam tools) so in this situations the SPF always Fails.

In my opinion the correct behavier was that the Secondary Backup MX Server should maitain the Original Sender IP when it passes the email to the Primary Server, don't you agree ?

Does anyone use this kind of configuration and is experiencing the same problem ?

Thanks.

14 Replies

Reply to Thread

echoDreamz Replied

1/22/2024 at 2:39 PM

Marked As Resolution

Depending on your SM version, you need to add the IP of your backup MX to the bypass section. For the latest current SM, login as Admin => Settings => Security => Whitelist => New => provide the IP and under "Gateways" select "Bypass IP for spam checks". => Save.

SM will then perform spam checks on the mail server IP that was right before your backup mx (the IP that delivered to your backup mx).

Manuel Martins Replied

1/22/2024 at 2:48 PM

I already had the Backup MX whitelisted but the option "Bypass IP for spam checks" was not selected!

I Will give it a try.

Many Thanks echoDreamz

Manuel Martins Replied

1/22/2024 at 2:54 PM

Hi again echoDreamz

This is not what I want. I want to do the all the SpamChecks on the Primary Server (with better antispam tools)

With the option "Bypass IP for spam checks" the Primary Server does not do any Spam Checks to emails that came from the Backup MX.

In my opinion the correct behavier was that the Secondary Backup MX Server should maitain the Original Sender IP when it passes the email to the Primary Server, don't you agree ?

We use SpamHero on a few domains and SpamHero receives the emails and when they deliver those emails to our Primary Server they maitain the Original Sender IP, SpamHero does not replace the Original Sender IP.

Thanks.

echoDreamz Replied

1/22/2024 at 3:06 PM

SmarterMail running as a backup MX will not replace the original sender either, it simply adds to the "received" chain in the email headers. By telling SM to bypass gateway spam checks, it should ignore your backup MX when doing spam checks and move to the next "received" header in the email.

I dont have a way to test/check this as all of our anti-spam checks are done at our primary gateways, not by SM itself.

Manuel Martins Replied

1/22/2024 at 3:28 PM

On Smartermail Help the definition of Bypass IP for Spam Checks is

Bypass IP for Spam Checks - When using a gateway, this will bypass spam checks for messages passed through the gateway.

My interpretation is that the Server will Not check emails that came from the Gateway.

Unfortunatly the Backup MX Replaces the Original Sender IP when it passes the email to the Primary Server, I analised this behavier on several emails logs.

echoDreamz Replied

1/22/2024 at 3:44 PM

The option may be different now, but there should be a way to bypass the gateway IP when doing spam checks. Maybe someone from ST can chime in.

Note that SM does not replace the IP, it behaves like any other mail server does and adds the IP to the emails received headers, as you should see when viewing the email's raw output, unless something has changed, but this would sort of defeat the purpose of the "received" headers if it replaced them completely.

Manuel Martins Replied

1/22/2024 at 3:53 PM

Here is an exemple :

IP 13.69.103.123 is our Backup MX and the email came from outside our Servers.

[2024.01.12] 12:32:54.098 [15710590] Delivery started for xxxxxx@xxxxxxx.pt at 12:32:54

[2024.01.12] 12:33:36.307 [15710590] Added to SpamCheckQueue (1 queued; 0/30 processing)

[2024.01.12] 12:33:36.307 [15710590] [SpamCheckQueue] Begin Processing.

[2024.01.12] 12:33:36.308 [15710590] Blocked Sender Checks started.

[2024.01.12] 12:33:36.309 [15710590] Blocked Sender Checks completed.

[2024.01.12] 12:33:36.324 [15710590] [Cyren Client] Start Scanning Message. Enabled Services: All, MailFrom: xxxxxx@xxxxxxx.pt, SenderIP: 13.69.103.123, MessagePath: Z:\Spool\SubSpool7\115710590.eml

[2024.01.12] 12:33:37.518 [15710590] [Cyren Client] Done Scanning Message. MessagePath: Z:\Spool\SubSpool7\115710590.eml Results AV: Unknown, AS: Unknown, RefID: str=0001.0A702F26.65A131A1.0044,ss=1,re=0.000,recu=0.000,reip=0.000,vtr=str,vl=0,cl=1,cld=1,fgs=0

[2024.01.12] 12:33:39.827 [15710590] Spam Checks started.

[2024.01.12] 12:33:39.828 [15710590] [CyrenIP Client] Done Scanning IP Address. IP Address: 13.69.103.123 Reputation: NoRisk, Score: 66, IPClass: T2

[2024.01.12] 12:33:42.253 [15710590] Finished running spam checks. Time (non-rbls): 2137ms, Time (URIBL/RBLS): 288ms

[2024.01.12] 12:33:42.258 [15710590] Spam Check results: [_DMARC: 0,skipped - DMARC Disabled], [REVERSE DNS LOOKUP: 0,Passed], [NULL SENDER: 0,passed], [_CYREN: 0,Unknown], [_CYRENIP: 0,NORISK], [_MESSAGESNIFFER: 0,code:0], [_INTERNALSPAMASSASSIN: 3,1:5], [_SPAMASSASSIN: 0:0], [_SPF: 30,Fail], [_DKIM: 0,Pass], [UCEPROTECT LEVEL 1: 0], [SPAMCOP: 0], [UCEPROTECT LEVEL 2: 0], [BACKSCATTER: 0], [SURRIEL: 0], [HOSTKARMA: 0], [BARRACUDA: 0], [TRUNCATE: 0], [SEM - BLACK: 0], [SPAMHAUS: 0], [URIBL BLACK: 0], [SEM-URI: 0]

[2024.01.12] 12:33:42.258 [15710590] Spam Checks completed.

[2024.01.12] 12:33:42.591 [15710590] Removed from SpamCheckQueue (0 queued or processing)

[2024.01.12] 12:33:45.356 [15710590] Added to LocalDeliveryQueue (0 queued; 1/100 processing)

[2024.01.12] 12:33:45.356 [15710590] [LocalDeliveryQueue] Begin Processing.

[2024.01.12] 12:33:45.372 [15710590] Starting local delivery to xxxxxx@xxxxxxx.pt

[2024.01.12] 12:33:45.372 [15710590] Process delivery status notification step from local recipient success. Recipient: [xxxxxx@xxxxxxx.pt], Notify: [failure], Delivered: [False], Forwarded: [False], Deleted: True

[2024.01.12] 12:33:45.373 [15710590] Delivery for xxxxxx@xxxxxxx.pt to xxxxxx@xxxxxxx.pt has completed (Deleted) Filter: Spam (Weight: 38), Action (Global Level): Delete

[2024.01.12] 12:33:45.373 [15710590] End delivery to xxxxxx@xxxxxxx.pt (MessageID: <2054406152.152813.1705062729767.xxxxxx@xxxxxxx.pt>)

[2024.01.12] 12:33:45.373 [15710590] Starting local delivery to xxxxxx@xxxxxxx.pt

[2024.01.12] 12:33:45.375 [15710590] Process delivery status notification step from local recipient success. Recipient: [xxxxxx@xxxxxxx.pt], Notify: [failure], Delivered: [False], Forwarded: [False], Deleted: True

[2024.01.12] 12:33:45.375 [15710590] Delivery for xxxxxx@xxxxxxx.pt to xxxxxx@xxxxxxx.pt has completed (Deleted) Filter: Spam (Weight: 38), Action (Global Level): Delete

[2024.01.12] 12:33:45.375 [15710590] End delivery to xxxxxx@xxxxxxx.pt (MessageID: <2054406152.152813.1705062729767.xxxxxx@xxxxxxx.pt>)

echoDreamz Replied

1/22/2024 at 3:58 PM

Yeah, need to get with SmarterTools (may a ticket), to see which option bypasses the gateway address and mvoes to the next IP in the received headers.

Gabriele Maoret - SERSIS Replied

1/23/2024 at 12:38 AM

This is an interesting thread...

I'm also planning on setting up a couple of SmarterMail FREEs as MX backups, but this same issue has blocked me.

I found this guide: https://portal.smartertools.com/kb/a3549/configure-smartermail-as-a-backup-mx-server.aspx , but unfortunately it is not correct because, as described above, it bypasses all anti-spam checks on the primary server and therefore the anti-spam score is incorrect.

I'm curious to know the solution to this problem, so in my opinion it would be correct for SmarterTools to explain to us how to configure this scenario in the right way.

Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)

Brian Bjerring-Jensen Replied

1/23/2024 at 1:25 AM

It should be like two identical servers with a shared mail repository configured with an MX level failover.

Then it would either transverse the one or the other configured the same way and the spam handling would be the same.

Nathan Replied

1/23/2024 at 5:20 AM

The receiving server sees the IP of the sending server for RBL, URIBL, SPF, etc analysis. In the a case of a gateway/backup MX you have to rely upon it to perform the IP based checks as the 'mailbox server' will see its IP and not the original IP that delivered to the gateway/backup MX.

The only way I can think to permit what the op wants is to either perform an API based delivery between SM backup and primary/mailbox servers and for that to pass the original IP or for SM to add an extra header which is signed that permits the mailbox/server to use that if present for antispam evaluation instead of the IP of the backup mx. Neither feature exists today.

Matt Petty Replied

1/23/2024 at 7:31 AM

Employee Post

You use the Bypass IP feature to skip certain IP's when doing spam checks such as SPF, in the case where a gateway is between you and the true sender of the email. You will still check SPF it just changes the IP the check uses. It does not skip spam checking for that IP.

Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com

Manuel Martins Replied

1/23/2024 at 2:21 PM

Hi again,

I confirm what Matt Petty and echoDreamz said! Many Thanks to both!

The option "Bypass IP for Spam Checks" does the Magic!

The Original Sender IP is Checked on Maibox Server (Primary)

Our Backup MX IP : 13.69.103.123

Original Sender IP: 158.247.18.34

[2024.01.23] 19:34:16.972 [07512848] [Cyren Client] Start Scanning Message. Enabled Services: All, MailFrom: xxxxxx@xxxxxxxx.pt, SenderIP: 13.69.103.123, MessagePath: Z:\Spool\SubSpool5\207512848.eml

[2024.01.23] 19:34:17.537 [07512848] [Cyren Client] Done Scanning Message. MessagePath: Z:\Spool\SubSpool5\207512848.eml Results AV: Unknown, AS: Unknown, RefID: str=0001.0A702F19.65B014B9.002A:SCFSTAT108288121,ss=1,re=-4.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0

[2024.01.23] 19:34:18.664 [07512848] Spam Checks started.

[2024.01.23] 19:34:18.754 [07512848] [CyrenIP Client] Done Scanning IP Address. IP Address: 158.247.18.34 Reputation: NoRisk, Score: 10, IPClass: R3

[2024.01.23] 19:34:23.650 [07512848] Finished running spam checks. Time (non-rbls): 2713ms, Time (URIBL/RBLS): 2271ms

[2024.01.23] 19:34:23.651 [07512848] Spam Check results: [NULL SENDER: 0,passed], [_DMARC: 0,skipped - DMARC Disabled], [REVERSE DNS LOOKUP: 0,Passed], [_CYREN: 0,Unknown], [_CYRENIP: 0,NORISK], [_MESSAGESNIFFER: 0,code:0], [_INTERNALSPAMASSASSIN: 1,1:2], [_SPAMASSASSIN: -1:-2], [_SPF: 0,Pass], [_DKIM: 0,Pass], [BARRACUDA: 0], [SEM - BLACK: 0], [UCEPROTECT LEVEL 1: 5], [BACKSCATTER: 0], [UCEPROTECT LEVEL 2: 10], [HOSTKARMA: 0], [TRUNCATE: 0], [SPAMHAUS: 0], [SPAMCOP: 0], [SURRIEL: 0], [URIBL BLACK: 0], [SEM-URI: 0]

[2024.01.23] 19:34:23.651 [07512848] Spam Checks completed.

Matt Petty Replied

1/23/2024 at 4:17 PM

Employee Post

Glad to hear! I could agree that the naming of that field can be a bit confusing. We've got a long standing task to eventually address the confusion of inbound/outbound servers and gateway settings in general.

Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com

Back to Community Threads

Please leave this box unchecked

14 Replies

Reply to Thread

Tags

Related Knowledge Base Articles