Incoming relay/custom header setup issue

Unanswered Question
Nov 12th, 2009

Currently, we're running Zimbra 5.0.13 behind our Ironport setup (AsyncOS 6.5.2)

We're experiencing issues with our ability to correctly use our outgoing content filters while specifying a custom header under Network > Incoming Relays.

Our subscribers send from a mailstore and then through the Ironports. The subscriber's original IP is lost on the Received: from header (replaced with the mailstore's IP address), so we're using a X-Originating-IP custom header that Zimbra injects.

The problem is that the header is not being recognized as its passed from Zimbra. Zimbra passes it like so:

X-Originating-IP: [1.2.3.4]

If I initiate a SMTP conversation from the mailstore to the Ironport manually, and specify the header and omit the brackets, like so:

X-Originating-IP: 1.2.3.4

our remote IP related outgoing content rules then work as expected.

Unfortunately, the rub is that the Ironport won't allow you to specify a custom header such as "X-Originating-IP: [" since no whitespace is allowed and it just wants the header name and not the extraneous characters that it can't seem to parse.

Any suggestions or workarounds would be appreciated...thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
meyd45_ironport Thu, 11/12/2009 - 18:05

Potential solution:
1. Use edit-header-text in a message filter to strip the brackets.
2. Get the IronPort to re-inject the message to itself

The best way to do 2 will depend on your particular setup. It has the disadvantage of effectively doubling the message load put on the IronPort.

If brackets cast an IP in to a hostname then having the brackets present in X-Originating-IP is wrong. So perhaps take that up with Zimbra...

James

mychrislo_ironport Fri, 11/13/2009 - 05:38

I am not sure if I get the questions myself.

The zimbra is behind the ironport and you are talking about outgoing mails header filter. Why would be related to "Network->incoming relays"...

Incoming relays are typically used in the public listener (and inbound mail from internet).

Would it be just outgoing mail policy sufficient?

Chris

Update: Nov 16th

My apologies, I guess I can't comeup with much ideas. It would be easier if you can just let the users to directly relay the ironport for outgoing, then the mail filter should be easily setup.

e.g. smtp.your.domain change to ironport ip?

Actions

This Discussion