If configuring the
MX/MTAs to include a custom header containing the sending IP address is not an
option, you can configure the incoming relays feature to attempt to determine
the sending IP address by examining the “Received:” headers in the message.
Using the “Received:” header will only work if the number of network “hops”
will always be constant for an IP address. In other words, the machine at the
first hop (10.2.3.5 in
Figure - Mail
Relayed by MX/MTA — Advanced) should always be the same number of hops away
from the edge of your network. If incoming mail can take different paths
(resulting in a different number of hops, as described in
Figure - Mail
Relayed by MX/MTA — Variable Number of Hops) to the machine connecting to
your Cisco appliance, you must use a custom header (see
Custom Header).
Specify a parsing
character or string and the number of network hops (or Received: headers) back
to look. A hop is basically the message traveling from one machine to another
(being received by the Cisco appliance does not count as a hop. See
Configuring Logs to Specify Which Headers Are Usedfor
more information). AsyncOS looks for the first IP address following the first
occurrence of the parsing character or string in the Received: header
corresponding to the number of specified hops. For example, if you specify two
hops, the second Received: header, working backward from the Cisco appliance is
parsed. If neither the parsing character nor a valid IP address is found, the
Cisco appliance uses the real IP address of the connecting machine.
For the following
example mail headers, if you specify an opening square bracket ( [ ) and two
hops, the IP address of the external machine is 7.8.9.1. However, if you
specify an closing parenthesis ( ) ) as the parsing character, a valid IP
address will not be found. In this case, the Incoming Relays feature is treated
as disabled, and the IP of the connecting machine is used (10.2.3.5).
In the example in
Figure - Mail
Relayed by MX/MTA — Advanced the incoming relays are:
- Path A — 10.2.3.5 (with 2
hops when using received headers) and
- Path B — 10.2.6.1 (with 2
hops when using received headers)
The following table
shows example email headers for a message as it moves through several hops on
its way to the Cisco appliance as in
Figure - Mail
Relayed by MX/MTA — Advanced. This example shows extraneous headers
(ignored by your Cisco appliance) which are present once the message has
arrived in the recipient’s inbox. The number of hops to specify would be two.
Table 1 A Series of
Received: Headers (Path A Example 1)
1
|
Microsoft Mail Internet Headers Version 2.0
Received: from smemail.rand.org ([10.2.2.7]) by smmail5.customerdoamin.org with
Microsoft SMTPSVC(5.0.2195.6713);
Received: from ironport.customerdomain.org ([10.2.3.6]) by
smemail.customerdoamin.org with Microsoft SMTPSVC(5.0.2195.6713);
|
2
|
Received: from mta.customerdomain.org ([10.2.3.5]) by ironport.customerdomain.org
with ESMTP; 21 Sep 2005 13:46:07 -0700
|
3
|
Received: from mx.customerdomain.org (mx.customerdomain.org) [10.2.3.4]) by
mta.customerdomain.org (8.12.11/8.12.11) with ESMTP id j8LKkWu1008155 for
<joefoo@customerdomain.org>
|
4
|
Received: from sending-machine.spamham.com (sending-machine.spamham.com [7.8.9.1])
by mx.customerdomain.org (Postfix) with ESMTP id 4F3DA15AC22 for
<joefoo@customerdomain.org>
|
5
|
Received: from linux1.thespammer.com (HELO linux1.thespammer.com) ([10.1.1.89])
by sending-machine.spamham.com with ESMTP;
Received: from exchange1.thespammer.com ([10.1.1.111]) by linux1.thespammer.com
with Microsoft SMTPSVC(6.0.3790.1830);
Subject: Would like a bigger paycheck?
Date: Wed, 21 Sep 2005 13:46:07 -0700
From: "A. Sender" <asend@otherdomain.com>
To: <joefoo@customerdomain.org>
|
Notes for the above
table:
- The Cisco appliance ignores
these headers.
- The Cisco appliance receives
the message (not counted as a hop).
- First hop (and incoming
relay).
- Second hop. This is the
sending MTA. The IP address is 7.8.9.1.
- The Cisco appliance ignores
these Microsoft Exchange headers.
The following table
shows the headers for the same email message, without the extraneous headers
Table 2 A Series of
Received: Headers (Path A Example 2)
1
|
Received: from mta.customerdomain.org ([10.2.3.5]) by ironport.customerdomain.org
with ESMTP; 21 Sep 2005 13:46:07 -0700
|
2
|
Received: from mx.customerdomain.org (mx.customerdomain.org) [10.2.3.4]) by
mta.customerdomain.org (8.12.11/8.12.11) with ESMTP id j8LKkWu1008155 for
<joefoo@customerdomain.org>;
|
3
|
Received: from sending-machine.spamham.com (sending-machine.spamham.com [7.8.9.1])
by mx.customerdomain.org (Postfix) with ESMTP id 4F3DA15AC22 for
<joefoo@customerdomain.org>;
|
The following figure
shows the incoming relay for path A (above) as configured in the Add Relay page
in the GUI:
Figure 7. A Configured
Incoming Relay with Received Header