The address the ironmail uses to determine whitelists is the 821 address which is:
[IMSN].27127630; Thu, 09 Dec 2010 13:47:33 -0500
Received: by Whatever.SendersBogusDomain.com (PowerMTA(TM) v3.5r15) id [id] for
<MyAddress@MyBogusDomain.com>; Fri, 10 Dec 2010 04:29:46 +1100
The rest is the 822 header
From: My Company <WhiteListedAddress@MyBogusDomain.com>
Date: Fri, 10 Dec 2010 04:29:41 +1100
Subject: This is the Subject Line
Anything in the from, to, date, subject is considered the 822 address. Unfortunately the 822 is part of the envelope which isnt parsed until it's in the superq
Thanks for the response, Ivan. It's good to know that IronMail looks at the envelope header stamped by the sending mail server for whitelisting, as opposed to the message header. If I understand correctly then, the PowerMTA mail server is presenting the email as from the non-whitelisted address, even though the message header shows it as from whitelisted address. That's why it appears in Outlook as from the whitelisted address but IronMail sees it as from the non-whitelisted address. In other words; when the SMTP connection is established with our IronMail server, the sending mail server is using a "MAIL FROM:" of a non-whitelisted address but is using the whitelisted address in a "From:" line in the DATA. The former becoming the envelope header and the latter being the message header. Did I get that right?
An smtp conversation goes as follows:
250-ESMTP Server Ready
MAIL FROM: <firstname.lastname@example.org>
As you can see there are two different FROM addresses.
Basically anything past the DATA command is the 822 headers; These headers are considered to be part of the email message itself and are sent to the ripq to be seperated and then parsed by the superq. So in order for this scenario to work, you would have to whitelist the 821 email address (email@example.com).
In the scenario that you have proposed there may be an issue with the sending domain as it appears that the FROM email address may have some random generated numbers applied to it. If this is the case then you will need to either whitelist the domain or talk to their system admin and see if they can send from a specific address.
Yeah, I figured I could whitelist the sender's domain but I'm loathed to do that because I see messages from the same domain (and mail server IP) that could potentially be classified as unwanted by our users. I'm going to press the service provider to look at their mail server and determine why they aren't forging the whitelisted address I provided them. Thanks for all your help on this. That really clears it up!