User profile for user: AWOAdmin
AWOAdmin Author
User level: Level 1
0 points

Why is a different IP address showing as our email server?

Here's the situation. I administer a Snow Leopard Server that we use for email. It is connected directly to the internet with an external IP address of XX.XXX.XXX.1. We have separate networks here with their own routers that have their own external IP addresses. Let's say XX.XXX.XXX.2 and XX.XXX.XXX.3.


Email has been working fine for months, but this morning we started getting a lot of "Undelivered Mail Returned to Sender" for messages sent to addresses @sbcglobal.net. When I looked in the mail.log I can see a bunch of errors. The strange thing is that they say the email server is XX.XXX.XXX.3 instead of XX.XXX.XXX.1, the actual IP address of the email server. Is this normal? What makes it even weirder is that someone sending an email from the network with the router with the external IP address of XX.XXX.XXX.2 will get an "Undelivered" message and in the message it will state that XX.XXX.XXX.3 is blocked.


How is that happening? The person on that computer/network doesn't even see that other router. How is their email being rejected based on another router's IP address? Not to mention, why is the router's IP address the one that is being rejected instead of the email server's IP address in the first place?


I'm totally confused... 😕 Any help would be greatly appreciated.


Thanks.


-Garner

iMac, Mac OS X (10.6.7)

Posted on Jun 13, 2011 3:42 PM

Reply
3 replies
User profile for user: MrHoffman
MrHoffman
User level: Level 10
146,653 points

Jun 13, 2011 6:29 PM in response to AWOAdmin

Please clear some of the chaff from that description, and from the configuration. I see no obvious relevance here with what you've discussed of your internal network, for instance, which makes me wonder why that information is included. Not with an OS X Server box connected to a public static IP address, that is.


What I read from the core of the description is a host box that's somehow changed its IP address. You will need to figure out how (and why) that's happened.


Do you have network devices out in front of these hosts? (Is there some other interconnection or other relevance of these other networks here? Some networking device that might be present out in front of all these networks?)


Are you operating on any dynamic IP addresses here? (Or is DHCP involved here anywhere?)


If y'all want us to look at the external server configuration, please post your domain, and we'll have a look at that. (If you'd prefer not to post that, then please confirm that the forward and reverse DNS for your mail server and your MX record; ensure these all match.)


Clearing chaff is basic to debugging; you need to figure out what's involved and what's not involved (in the bug or the error or otherwise), and work your way through all that to the trigger and then the resolution. Divide and conquer, or otherwise.

Reply
User profile for user: AWOAdmin
AWOAdmin Author
User level: Level 1
0 points

Jun 14, 2011 9:50 AM in response to MrHoffman

Ok, let me try to clarify. I'm talking about static, public IP addresses here. The email server has one, and the routers do too. Emails are being sent back undelivered from certain sites. Mostly @sbcglobal.net, @att.net, @cox.net, with the IP address of one of the routers rather than the IP address of the email server.


So it's not a host box that has had an IP address change, it is that other email servers are blocking our email based on a router's IP address rather than the email server's IP address. I don't have a hardware firewall or any other type of network device in front of the networks. No changes have been made to the network, the routers, or the email server.


The strangest thing was that someone from network "A" can send an email and get an undeliverable reply that showed the IP address from network "B"s router as the cause. That makes no sense to me.


I have checked with my ISP and the forward and reverse DNS for the server and MX record are good.


I don't want to put my public IP addresses out here for security reasons so I just used XX.XXX.XXX.1 etc. But those represent static, public IP addresses.


Does that help?

Reply
User profile for user: MrHoffman
MrHoffman
User level: Level 10
146,653 points

Jun 14, 2011 12:38 PM in response to AWOAdmin

You state there are routers and networks here, but that there are no devices in front of this box.


I don't know exactly where you're seeing the routers listed, either; that's (usually) transparent.


Check the mail server host settings, including the (likely) static setting, the subnet mask, and the gateway router setting. I might also try a traceroute. Confirm forward and reverse DNS settings for the mail server, including the MX. Assume nothing.


I'd take a deep look at the particular DNS server(s) in use here, as a corruption within one of those can cause seriously bizarre problems. Check the translations for each DNS server you're working with, too. (This via dig and its @dns-server-address syntax, or analogous.)


If you're shy about posting details (and that's entirely your call, of course) and about posting diagnostics and such, then AFAIK there's not much (more) that can be done here (remotely). Check everything again, and then get another pair of eyeballs to look at the configuration.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Why is a different IP address showing as our email server?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up