Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » How do I hide client IP addresses? (Client IP's are visible and affecting spam ratings)
  •  
jfitzell

Messages: 60
Karma: 0
Send a private message to this user
My mail server is accessed via the internet and allows relay for encrypted, authenticated users (my users are almost all remote).

Unfortunately Kerio isn't hiding the "client IP address" when sending emails. Some mail servers see the originating IP address as being a public IP that shouldn't be sending emails and then seem to drop the mails. (or atleast, that's what I think is happening... it's not affecting users behind private IP's, only those on public IP's and I can see in the server log that the mail was delivered successfully but then it never reaches the destination.

I have tried enabling the "hide local IP" setting, however this doesn't seem to do anything (the server's IP seems hidden whether this is enabled or not and the client's IP isn't hidden in either case).

What can I do?

[Updated on: Tue, 11 August 2009 11:53]

  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
This has been discussed in another thread at length:

http://forums.kerio.com/index.php?t=msg&goto=62076

Short summary: You can't hide the IP address of the sender machine.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
jfitzell

Messages: 60
Karma: 0
Send a private message to this user
Thanks, my searching hadn't found that.

I'll log a feature request (I realise it's not Kerio being dodgy, but the reality is that it's a problem and most mail servers hide the client IP to prevent the problem).
  •  
denis bider

Messages: 7
Karma: 0
Send a private message to this user
I am experiencing this same issue. I take good care of my mail server, I make my clients use secure protocols, but then...

... our emails get bounced because the sending client IP - not the Kerio mailserver - is on a Barracuda blacklist!

The sending client IP, obviously, is some random IP address from some random hotel or home DSL. The client IP may indeed have been a source of spam from someone else in the past.

But what's important is, my clients use secure protocols to connect to the mailserver, and our outgoing email is not spam. Yet it is being blocked as such.

Give us an option to hide the sending client's IP address!

Not providing this option on the basis of some misguided reading of the RFCs is negligent, interferes with our business, and forces me to write my own SMTP server, which I don't want to have to take the time to do!
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Is the Barracuda blocking list possible to use if you aren't a Barracuda customer, i.e. using one of their appliances? If not, you should contact Barracuda and explain the utter stupidity of them deep parsing message headers ...
  •  
denis bider

Messages: 7
Karma: 0
Send a private message to this user
Barracuda is the only service that's friendly enough to explain why they are blocking.

Our legitimate emails are otherwise constantly being blocked by other software which simply moves them to the junk mail folder and send no reply.

This needs to be fixed in Kerio, not by the entire rest of the world.

When there are so many anti-spam solutions out there, and they are blocking our emails based on the sending client's IP address, it is utter stupidity for Kerio to not have a feature to hide that (irrelevant) IP address.
  •  
jfitzell

Messages: 60
Karma: 0
Send a private message to this user
Hi Denis,

When I raised this issue with Kerio Support I was told, after some investigation, that they'd raise it as a feature request.

Unfortunately, since Kerio provide no release time table or feature lists prior to release (unlike other professional organisations) we really have no idea when or if they will fix the problem Sad

Cheers,
James
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
denis bider wrote on Sat, 03 October 2009 01:18

Our legitimate emails are otherwise constantly being blocked by other software which simply moves them to the junk mail folder and send no reply.


In that case, there are headers to be looked at since the message was stored somwehere. Is this particular filtering only because of the client IP?

If a message is moved to the junk mail folder somewhere, it means the message was accepted and stored. This, there's no reason to report anything back to the sender. The DNSBLs and the spam filters aren't involved in how the client sorts the message at the destination.

denis bider wrote on Sat, 03 October 2009 01:18
This needs to be fixed in Kerio, not by the entire rest of the world.


Technically I disagree since "the rest of the world" are the ones who are doing things the wrong way, but I see your point.

denis bider wrote on Sat, 03 October 2009 01:18
When there are so many anti-spam solutions out there, and they are blocking our emails based on the sending client's IP address, it is utter stupidity for Kerio to not have a feature to hide that (irrelevant) IP address.


That is obvious, but I would be reluctant to spend precious developer time implementing a safety device like this if I were Kerio. All it does is work around other mail admins' cluelessness.

I administer half a dozen different mail servers (KMS, , Exchnge, Exim and qmail) which sends a five figured number of mails out every day. None of them hides the client IP. The number of blocks (5.5.x return codes) I see every day are usually around 50, and they are always because of unknown recipients, unwanted attachments and the like, never because of client IP blocking.

I don't know how widespread this Barracuda issue is, but it's there and needs to be dealt with. Mail admins who actually knows how to do their job would be a good start, less kneejerkery from Barracuda second, and of course a workaround from Kerio third.

Just my two cents.
  •  
sonofcolin

Messages: 483
Karma: 0
Send a private message to this user
Quote:
I don't know how widespread this Barracuda issue is, but it's there and needs to be dealt with. Mail admins who actually knows how to do their job would be a good start, less kneejerkery from Barracuda second, and of course a workaround from Kerio third.

It isn't just barracuda. .Mac does the same thing with their mail system. As has been explained previously, the request isn't for Kerio to hide the IP address in all mail, it is to give users the option in webmail for when they are on the road or in a remote location when their email could be blocked due to 'clueless admins / large mail hosting companies.' This is how gmail works (by hiding IP address of client) with their webmail client and I think they know a little bit about sending and receiving email Smile
  •  
denis bider

Messages: 7
Karma: 0
Send a private message to this user
TorW wrote on Sat, 03 October 2009 04:37
That is obvious, but I would be reluctant to spend precious developer time implementing a safety device like this if I were Kerio.

That "precious development time" is something I help pay for.

I am a professional developer myself. My estimate is that the time required to implement this additional checkbox is about 2-3 hours, testing included.

I spend more time handling problems resulting from the absence of this feature, than Kerio needs to spend implementing it.

Now multiply that by the number of other people who experience this problem.

TorW wrote on Sat, 03 October 2009 04:37
All it does is work around other mail admins' cluelessness.

You would have people like me waste their time educating their business contacts about properly configuring their email systems, when all it takes to avoid this issue altogether is a simple checkbox.

You are a correctness Nazi. Ignore all real circumstances and stick to principle, whatever the costs. Easy for you, if the costs are someone else's.

TorW wrote on Sat, 03 October 2009 04:37
I administer half a dozen different mail servers (KMS, , Exchnge, Exim and qmail) which sends a five figured number of mails out every day. None of them hides the client IP. The number of blocks (5.5.x return codes) I see every day are usually around 50, and they are always because of unknown recipients, unwanted attachments and the like, never because of client IP blocking.

The reason you don't observe this issue is because you have a different usage pattern. Your usage pattern doesn't include remote clients sending email from IP addresses that may be on blacklists.

TorW wrote on Sat, 03 October 2009 04:37
Just my two cents.

Your two cents, eh. Those of us who are having this problem are also paying Kerio thousands of USD, and we need to have that checkbox!

[Updated on: Sat, 03 October 2009 20:03]

  •  
campodoro74

Messages: 119
Karma: 0
Send a private message to this user
My guess is that with your attitude you won't find any sympathy here, especially labeling posters as correctness Nazi's.

Bad form and NOT tolerated here. You should have spent you 'thousands of dollars' on Exchange then (and still have the same problem).

[Updated on: Sat, 03 October 2009 21:37]

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Hi Denis,

Please use more decent wording in your reactions. There is no reason for attacking other members in the forum. And it is definitely something we would like to avoid in the Kerio User Forum. Thanks.

As was mentioned, there already is another thread on the same topic. If you want to raise a request for new feature, please follow the guide in the sticky forum thread.
  •  
denis bider

Messages: 7
Karma: 0
Send a private message to this user
campodoro74 wrote on Sat, 03 October 2009 15:36
My guess is that with your attitude you won't find any sympathy here, especially labeling posters as correctness Nazi's.

I was not labeling, I was stating fact. What we have here is a case of a developer who can easily fix a compatibility issue that plagues many users - yet refuses to do so on the grounds that it's everyone else who's violating the spec. That's counterproductive, and insulting to those users.

campodoro74 wrote on Sat, 03 October 2009 15:36
Bad form and NOT tolerated here. You should have spent you 'thousands of dollars' on Exchange then (and still have the same problem).

A persistent problem in a competitor's product does not excuse the same persistent problem in one's own product.
  •  
jfitzell

Messages: 60
Karma: 0
Send a private message to this user
campodoro74 wrote on Sun, 04 October 2009 06:36
You should have spent you 'thousands of dollars' on Exchange then (and still have the same problem).


Actually, Exchange doesn't have this problem, since it hides the client IP's of users connected via MAPI (unsure about Webmail).
jfitzell

Messages: 60
Karma: 0
Send a private message to this user
TorW wrote on Sat, 03 October 2009 18:37

I administer half a dozen different mail servers (KMS, , Exchnge, Exim and qmail) which sends a five figured number of mails out every day. None of them hides the client IP. The number of blocks (5.5.x return codes) I see every day are usually around 50, and they are always because of unknown recipients, unwanted attachments and the like, never because of client IP blocking.

I don't know how widespread this Barracuda issue is, but it's there and needs to be dealt with. Mail admins who actually knows how to do their job would be a good start, less kneejerkery from Barracuda second, and of course a workaround from Kerio third.

Just my two cents.


Obviously your clients are different to mine. In my scenario I have a very small number of users who are permanently roaming. The remote IP address varies from their GPRS data cards with dynamic IP's to wifi access points etc. Since the only way to send mail through my server is with encrypted authentication I'm not concerned what their IP is and the "hide local IP" feature isn't useful because I'd need to add 0.0.0.0/0 which would make me an open relay.

We have encountered filtering based on "client IP headers" with hotmail, me.com, mac.com... there's quite possibly more because in the case of me.com they don't even notify you that the email has been dropped... who knows how many others do this.

I agree that the cause of the problem is not Kerio's fault and I'd far rather the other mail servers weren't misusing the headers, however shooting yourself in the foot on principal instead of just changing sneakers to fit with the rest just doesn't make any sense.

If Kerio cannot fix the problem then I'll be forced to purchase an alternative mail server that can reliably email the "rest of the world".

[Updated on: Sun, 04 October 2009 02:14]

Previous Topic: Share Mailboxes
Next Topic: McAfee
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 04:04:31 CET 2017

Total time taken to generate the page: 0.00611 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.