Remove Dynamic IP From Received Header

I have the same problem: exim shows my dynamic IP and a few recipients are blocking my mail.

I would like to learn how to set exim to not show my particular dynamic IP in the headers?

I also would like to know if that exim behavior is normal or a result of some misconfiguration of my server.

 

Some of our clients are experiencing a similar issue. Any ideas?

 

I don't have an easy answer for you, but modifying your exim to mask the IP address of the sender [or to remove that whole received line] is not the way to go.

9 times out of 10 the recipient mailsystem is using a Barracuda Spam Firewall with "deep scanning" enabled. That means that the recipient mail system not only checks the last received line for an IP to check against RBLS, but it checks the IP addresses in other Received lines. Any admin of a Barracuda Spam Firewall that does this should be smacked. Sure, it can cut down on spam a _very_little_bit_, but the recipient mailsystem would have a lot of false positive spam taggings / rejections based upon this.

For any place that is blocking your emails because of this, you should simply ask them to whitelist your mailserver's IP address of they are going to be so anal and foolish to run deep scanning.

NOTE: The Barracuda Spam Firewall is certainly not the only mail system capable of deep scanning, but it is _by_far_ the most popular one doing this. An unwitting admin-in-training gets a new Barracuda Firewall, starts getting click-happy with all of the options to fight spam, and suddenly they are blocking all kinds of legitimate mail because they are using deep scanning.

Don't get me wrong - I love Barracuda Spam Firewalls. I operate a couple myself. But I'd never ever consider enabling deep scanning on them.

Mike

 

Mike,

I confirm that the problems I am experiencing are related to recipients using Barracuda central. You went direct to the point.

In the first moment I thought our problem was due to some misconfiguration in our server.

The answer you provided was greatly appreciated.

Thanks for the help

 

You're welcome, Hilario. If you are like me, you don't have the time or the staff to contact all companies running deep scanning to ask them to whitelist you [or to turn deep scanning off], but if you must get mail delivered to those recipients you are probably going to have to contact them.

As far as exim [and any good mail server], it is default behavior to show the IP addresses that the mail has passed through in the various Recieved lines, from beginning to end. It's normal and proper.

Barracuda should have a huge alert that pops up in their configuration to tell the Barracuda admin that turning on deep scanning IS going to reject legitimate mail

Mike

 

A lot of my customers have the same problem with barracuda and some of them found a solution that works for them.

They have configured their email account with gmail so they change the MX to work with gmail servers and the error disappears and I wonder How this could be done?

I mean, why the same user that was using my server but was blocked by barracuda because of the ISP IP is not blocked when he changes the MX using the same ISP IP?

 

Same problem here...

 

Same problem here...

 

Tristan, if you're going to put this out as a "solution", why don't you actually confirm what you're saying is true first? Otherwise, someone like me is going to come along and show how you're totally wrong on this. I've even been flagged by the deep header scan when clients use cPanel's webmail. For example, here's a bounced header from last month:

host [cpanel5.netwisp.com] blocked using Barracuda Reputation;
BarracudaCentral.org - Technical Insight for Security Pros

------ This is a copy of the message, including all the headers. ------

Return-path: <user@domain.com>
Received: from localhost ([127.0.0.1] helo=cpanel5.netwisp.com)
by cpanel5.netwisp.com with esmtpa (Exim 4.69)
(envelope-from <user@domain.com>)
id 1Q4Lpd-0001SP-QK; Mon, 28 Mar 2011 18:26:45 -0500
Received: from 194.146.217.49 ([194.146.217.49])
(SquirrelMail authenticated user user@domain.com)
by cpanel5.netwisp.com with HTTP;
Tue, 29 Mar 2011 01:26:45 +0200

As you can see, even though they used a webmail client, it was still refused by the deep header scan because it included their IP address in the header. Simply using webmail may not resolve the problem because both Squirrelmail and Horde will include the sender's IP address. Roundcube does not and is safe to use.

Hal

 

Same problem here...