incoming email marked with router IP

I ran into an interesting problem the other day that I have been racking my brain over. I had several clients with exchnage server complaining that they where getting bombarded with spam. I tested everything on the exchange server and couldent find a problem yet spam filtering was catching nothing.

finally after drilling down a bit further and looking at the message headers themselves I found something interesting. all incoming email was marked as originating from my routers internal IP. i don’t do anything special with routing. just port forward.

in my exchange I have spam exception rules for local senders. since the router is on the local network it was bypassing all spam filtering.

why on earth are the addresses being changed by the router. this issue is across several platforms. 2011, 751g, cloudswitch, and CCR. all with ros 6+

i can temporally work around this by disabling all IP filtering on the exchange servers but that doesn’t solve anything. source address should not be being touched with a simple port forward.

My guess is, it has to do with the masquerade rule. The masquerade rule normally should look like this:

/ip firewall nat
chain=srcnat action=masquerade out-interface=ether1

assuming ether1 is the interface which connects to the internet.
If no out-ineterface is specified, than router will change the addresses on every interface

wow, how did I not look there first. I haven’t tried it out yet but I can guarantee thats it. a couple months ago I got tired of programming the same basic rules for every customer router so I sat down with my team and we built a first run script for each of the routers and switches. this now explains why the error is on all the new equipment.

here is the lazy move that was made

 /ip firewall nat
add action=masquerade chain=srcnat to-addresses=0.0.0.0

thanks so much. this would have baffled me for days at least. the way my mind works i was avoiding the masquerade rule as it was doing its job properly. turns out over doing it a bit.