Sender ID Filtering vs. SBS Fax Server
|
Prev: ISA 2004 cisco SSL vpn client
Next: Join a domain
From: spm on 11 Jul 2006 09:44 SBS2003 SP1, Exchange 2003 SP2... I have the SBS fax server to forward incoming faxes via email to a designated user. This works OK, but every time it does so, however, an event id 7519 is logged to the event log, with text like the following: <snip> The originating IP address of message with ID <000101c6a4dc$1370d580$0102a8c0(a)domain.local> could not be determined based on its Received headers. </snip> This is generated by the Sender ID Filter, and SBS Help & Support has the following explanation: <snip> This event indicates that Sender ID filtering is not able to correctly process a message. This error may occur if one of your servers is issuing non-standard receive headers. This error may also occur if you have not correctly configured the list of internal servers. </snip> Now, the local IP address(es) of the SBS server are specified in Exchange's "Perimiter IP List and Internal IP Range Configuration", as are all local IP subnet ranges. Also, I can see nothing wrong with the message headers generated by SBS and its fax server. Here's one example (IP addresses and domain names have been munged by me): <snip> Microsoft Mail Internet Headers Version 2.0 Received: from servername ([1.2.3.4] RDNS failed) by mail.domain.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 11 Jul 2006 12:20:58 +0100 thread-index: Acak3BNnbu+LXKmRStK0A4VMgjjpCw== Thread-Topic: Fax server SERVERNAME received a new fax from Via Fax. From: <SBSFaxService(a)domain.com> To: <user(a)domain.com> Subject: Fax server SERVERNAME received a new fax from Via Fax. Date: Tue, 11 Jul 2006 12:20:55 +0100 Message-ID: <000101c6a4dc$1370d580$0102a8c0(a)domain.local> MIME-Version: 1.0 Content-Type: multipart/mixed; charset=utf-8; boundary="----=_NextPart_000_0002_01C6A4E4.754AC150" Content-Transfer-Encoding: base64 X-Mailer: Microsoft CDO for Exchange 2000 Content-Class: urn:content-classes:message Importance: normal Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2663 Return-Path: SBSFaxService(a)domain.com X-OriginalArrivalTime: 11 Jul 2006 11:20:58.0037 (UTC) FILETIME=[15192E50:01C6A4DC] </snip> Can someone please explain why this event is generated, and how I can eliminate it? Thanks. -- Regards, Steve.
From: chace zhang on 12 Jul 2006 07:26 Hi Steve, Thank you for posting here. According to your description, I understand you encountered following event id 7519 during fax server deliver incoming fax to a designated user. If I'm off base, please feel free to let me know. Since these emails from a system e-mail address that configured the from e-mail address to SBSFaxServices(a)domain.local during inbound fax routing configuration. These message do not deliver through MAPI or DAV. Although it's listed in the Perimiter IP List and Internal IP Range Configuration. It is going to be run against it, and will fail as it is an internal IP and there are no SPF records. It's by design. Thanks for your understanding and cooperation. Here I would like to provide you other useful info on Sender ID Filter. Sender ID filtering for addressing the problem of domain spoofing and phishing schemes by verifying the domain name from which the e-mail is sent. Sender ID has been integrated with the other anti-spam features that can be enabled on the General tab of the SMTP Virtual Server properties dialog box. This extends Exchange System Manager (ESM) and provides a single point for anti-spam features. Also, Sender ID can be implemented on the Exchange server that is located behind the perimeter, and work with any gateway server, for example, Sendmail. To enable Sender ID filtering, you can simply follow the steps below. Step 1: Specify the action taken by Sender ID filtering 1. In Exchange System Manager, expand Global Settings, right click Message Delivery, click Properties. 2. In Sender ID Filtering tab, specify the action taken by Sender ID filtering. 3. Click OK to save the setting. Step 2: Enable Sender ID filtering in SMTP Virtual Server. 1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager. 2. Expand Servers, expand ServerName, and then expand Protocols. 3. Expand SMTP, right-click Default SMTP Virtual Server, and then click Properties. 4. Click the General tab, and then click Advanced. 5. In the Address list, click the IP address where you want to apply the sender filter, and then click Edit. 6. Click to select the Apply Sender ID Filter check box, click OK, and then click OK. 7. Restart SMTP Virtual Server to take the change effective. Norm, next let me provide the detailed explanation regarding how Sender ID Filtering works. Domain administrators publish Sender of Policy Framework (SPF) records in the Domain Name System (DNS) which identify authorized outbound e-mail servers. Receiving e-mail systems verify whether messages originate from properly authorized outbound e-mail servers. The following steps illustrate the verification process. 1. The sender transmits an e-mail message to the receiver. 2. The receiver's inbound mail server receives the mail. 3. The inbound server checks which domain claims to have sent the message, and checks the DNS for the SPF record of that domain. The inbound server determines if the sending e-mail server's IP address matches any of the IP addresses that are published in the SPF record. 4. If the IP addresses match, the mail is authenticated and delivered to the receiver. If the addresses do not match, the mail fails authentication and is not delivered. More info here: http://www.microsoft.com/mscorp/safety/technologies/senderid/technology.mspx As you can see, this pre-condition for Sender ID Filtering is the Sender Domain publishes Sender of Policy Framework (SPF) records in the public DNS Server. If the sender domain doesn't have SPF record when spammer use of this sender domain name to send a fake mail, the default behavior is that the mail will bypass Sender ID Filtering. As you can see, this Sender ID Framework is a protocol which needs support by domains with mail server through Internet. If you are an e-mail sender, you simply need to create an SPF record and add it to the DNS records of your domain by the web link below, which will prevent spammer from using your domain name to send mail. Sender ID Framework SPF Record Wizard http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx Based on our experience, some people (such as e-mail administrators) may want to see the SenderID result for messages sitting in their mailbox. This can be used for troubleshooting or testing purposes or perhaps for building client side rules that take SenderID check into account. It turns out with a few simple steps this becomes possible. When the Exchange 2003 SP2 evaluates the SenderID status of the message, the result is added to the message as a mailmsg property and persists from Exchange Server to Exchange Server inside the X-EXCH50 blob. When the message arrives to the mailbox server, Sender ID status is converted to a server side MAPI property. http://blogs.technet.com/exchange/archive/2005/10/13/412487.aspx Hope this helps. Have a nice day! Best Regards, Chace Zhang (MSFT) Microsoft CSS Online Newsgroup Support Get Secure! - www.microsoft.com/security ===================================================== This newsgroup only focuses on SBS technical issues. If you have issues regarding other Microsoft products, you'd better post in the corresponding newsgroups so that they can be resolved in an efficient and timely manner. You can locate the newsgroup here: http://www.microsoft.com/communities/newsgroups/en-us/default.aspx When opening a new thread via the web interface, we recommend you check the "Notify me of replies" box to receive e-mail notifications when there are any updates in your thread. When responding to posts via your newsreader, please "Reply to Group" so that others may learn and benefit from your issue. Microsoft engineers can only focus on one issue per thread. Although we provide other information for your reference, we recommend you post different incidents in different threads to keep the thread clean. In doing so, it will ensure your issues are resolved in a timely manner. For urgent issues, you may want to contact Microsoft CSS directly. Please check http://support.microsoft.com for regional support phone numbers. Any input or comments in this thread are highly appreciated. ===================================================== This posting is provided "AS IS" with no warranties, a
From: spm on 12 Jul 2006 09:55 Chace, Thanks for the explanations of Sender ID, most of which I am already familiar with. However, you write the following... > Since these emails from a system e-mail address that configured the > from e-mail address to SBSFaxServices(a)domain.local during inbound fax > routing configuration. These message do not deliver through MAPI or > DAV. Although it's listed in the Perimiter IP List and Internal IP > Range Configuration. It is going to be run against it, and will fail > as it is an internal IP and there are no SPF records. It's by design. This, I don't get. So although the internal IP which the message originates from is in the "Perimiter IP List and Internal IP Range Configuration", this is ignored because the message doesn't originate via MAPI or DAV? Mmm. So, ALL internal emails generated will cause a 7519 error event? Why are other apps we have which send emails internally (using SMTP to the exchange server) able to do so without generating a 7519 error? This doesn't add up. -- Regards, Steve.
From: chace zhang on 14 Jul 2006 06:42 Hi, Thanks for your response. I had a deep discussing with other engineer. We should make sure fax settings are all in default status. Open Server Management on your SBS box. Locate Fax(local), and right click it and point to Properties. On Receipts tab, make sure Click "Enable message boxes as receipts" "Enable SMTP e-mail receipts delivery" and Use these SMTP settings for Route Though E-Mail incoming routing method. Thanks for your time on this issue. I look forward to your update. Have a nice day! Best Regards, Chace Zhang (MSFT) Microsoft CSS Online Newsgroup Support Get Secure! - www.microsoft.com/security ===================================================== This newsgroup only focuses on SBS technical issues. If you have issues regarding other Microsoft products, you'd better post in the corresponding newsgroups so that they can be resolved in an efficient and timely manner. You can locate the newsgroup here: http://www.microsoft.com/communities/newsgroups/en-us/default.aspx When opening a new thread via the web interface, we recommend you check the "Notify me of replies" box to receive e-mail notifications when there are any updates in your thread. When responding to posts via your newsreader, please "Reply to Group" so that others may learn and benefit from your issue. Microsoft engineers can only focus on one issue per thread. Although we provide other information for your reference, we recommend you post different incidents in different threads to keep the thread clean. In doing so, it will ensure your issues are resolved in a timely manner. For urgent issues, you may want to contact Microsoft CSS directly. Please check http://support.microsoft.com for regional support phone numbers. Any input or comments in this thread are highly appreciated. ===================================================== This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- | From: "spm" <nospam(a)coco.dot.co.dot.uk> | Subject: Re: Sender ID Filtering vs. SBS Fax Server | References: <xn0eolmkjbvgt4000(a)news.microsoft.com> <oBfCOYapGHA.4188(a)TK2MSFTNGXA01.phx.gbl> | Organization: CoCo Systems Ltd. | User-Agent: XanaNews/1.18.1.3 | Message-ID: <xn0eon1fa78ccv000(a)news.microsoft.com> | X-Ref: news.microsoft.com ~XNS:00000087 | MIME-Version: 1.0 | Content-Type: text/plain; charset=iso-8859-1 | Newsgroups: microsoft.public.windows.server.sbs | Date: Wed, 12 Jul 2006 06:55:45 -0700 | NNTP-Posting-Host: cocohome.co.uk 80.229.190.27 | Lines: 1 | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:280805 | X-Tomcat-NG: microsoft.public.windows.server.sbs | | Chace, | | Thanks for the explanations of Sender ID, most of which I am already | familiar with. However, you write the following... | | > Since these emails from a system e-mail address that configured the | > from e-mail address to SBSFaxServices(a)domain.local during inbound fax | > routing configuration. These message do not deliver through MAPI or | > DAV. Although it's listed in the Perimiter IP List and Internal IP | > Range Configuration. It is going to be run against it, and will fail | > as it is an internal IP and there are no SPF records. It's by design. | | This, I don't get. So although the internal IP which the message | originates from is in the "Perimiter IP List and Internal IP Range | Configuration", this is ignored because the message doesn't originate | via MAPI or DAV? Mmm. So, ALL internal emails generated will cause a | 7519 error event? Why are other apps we have which send emails | internally (using SMTP to the exchange server) able to do so without | generating a 7519 error? This doesn't add up. | | -- | Regards, | Steve. |
From: spm on 14 Jul 2006 08:04
chace zhang wrote: > On Receipts tab, make sure Click "Enable message boxes as receipts" > "Enable SMTP e-mail receipts delivery" and Use these SMTP settings > for Route Though E-Mail incoming routing method. Yes, I do have those settings. Also, the 'From' email address is SBSFaxService(a)domain.com and anonymous access to the SMTP server is used. -- Regards, Steve. |