SBRS and non-routable IP's

Unanswered Question
Nov 21st, 2007

Question we've got a server with a NAT'ed IP address (10.168.x.x). whcih sends to IronPort. It appears the IP has a SRBS of 5.7, but it some of the mail has been blocked/throtled.

My question is how are non-routable IP's addressed in Sender base? Do they have a static score or does it vary? (I've temporarily whitlisted the IP to be safe).

Thanks,
Seth

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
verylongbloke_i... Thu, 11/22/2007 - 14:01

Non routable Ip addresses should not get a rep score as they would not be responsible for delivering mail onto the internet.

As suxh they should receive a score of 'none' as a result - which allows you choose an action with this lack of score in the appropriate HAT policy (which would be a throttle policy typically).


Can only assume that as it was natt'ed it took the firewall ext-nic address or something to get an external IP that *does* have a reputation.

Mark [CSE]_ironport Thu, 11/22/2007 - 15:46

Hi that shouldn't be. For internal LAN there is not SBRS.

If so please open a case with support, as this looks like a defect.

Regards,

Mark

Torsten_ironport Fri, 11/23/2007 - 08:50

Quick question: did you set up your Ironport with only one listener or several?

In the latter case, would it be possible that you set up the internal one as a "public" listener in the options, thus enabling different default settings and enabling SBRS for this listener that way?

SBRS replying with a value for 10.x.x.x networks is a totally different matter of course - one that should also be investigated.

Torsten

Torsten_ironport Fri, 11/23/2007 - 08:50

Quick question: did you set up your Ironport with only one listener or several?

In the latter case, would it be possible that you set up the internal one as a "public" listener in the options, thus enabling different default settings and enabling SBRS for this listener that way?

SBRS replying with a value for 10.x.x.x networks is a totally different matter of course - one that should also be investigated.

Torsten

meyd45_ironport Mon, 11/26/2007 - 16:05

There was a spate of 10.0.0.0 addresses with SBRS a couple of months ago.
They should have a value of None and show up as being rfc1918 addresses in the mail_logs

James

Seth Miller Mon, 11/26/2007 - 18:13

It does have an external IP tagged on by the router, but that is after it pass by the IronPort box (I did a search and there is no traffic listed from the external IP... only the internal 10.x.x.x address).

Today the 10.168.x.x adress is showing up with a reputation score of 3.9 wich isn't bad, but if it keeps changing... I've whitelisted the address to be safe.

I also found the reason some messages were being rejected from this server was due to "too many attempted messages". The interesting thing was the reports showed this as messages "Stopped by Reputation Filtering" which I guess is the best catagory, but not exactly an accurate description. It took me awhile to find out why some messages wern't being delivered.

Thanks everyone for the response!

-S

Actions

This Discussion