Restrict Inbound SMTP traffic to certain IP addresses

Posted on 2007-07-30
Medium Priority
Last Modified: 2013-11-30
I use a third party Spam filter / email archive company.  All of our inbound and outbound traffic goes through this companies servers.  Our MX record points to them, they filter and archive and then send the mail to us.  In their setup instructions, it states that I need to lock down my firewall to restrict inbound SMTP traffict to ONLY their server's IP addresses/

Excerpt from their setup instructions -
"Inbound SMTP Restrictions:
Please wait 72 hours after changing your MX record
to allow full propagation across the Internet.
Next, restrict inbound port-25 SMTP traffic on your
firewall or mail server(s) to only accept mail from the
FrontBridge data centers as shown below."

and then it lists their IP addresses to use.

The problem is, I can't find anyone who knows how to do that.  I have a Cisco Pix 515 firewall.  Any suggestions would be appreciated. We are running MS Exchange 2003.

Question by:markcondiff

Accepted Solution

SanDiegoComputer earned 2000 total points
ID: 19593065
Its pretty straight forward.  

1. Open the exchange system manager.
2. Click the plus next to servers
3. Click the plus next to your server.
4. Click the plus next to protocols
5. Click the plus next to the SMTP protocol.
6. Right click on the default smtp virtual server and click properties.
7. On the second tab (access), click the Connections button
8. Set the option button to "Only the list below"
9. Click Add and Add the networks the provider has given you.
10.  If any local servers relay through this box or any on site systems use pop to communication, specify the local network.
11.  Click Ok and Ok and you are done!

One caveat that your provider may not have mentioned.  This will disable access by remote pop users.  One trick to get around that is to not lock the domain down in terms of connection, but instead to rename the ip in the dns from mail.domain.com to webmail.domain.com or something else.  Most spammers try delivering to the mail. address and will ignore other names.  That way your remote users just change their smtp server address.  

Expert Comment

ID: 22481074
I have to do the same thing... how would I enter in these ip address values with the "/25"


Expert Comment

ID: 22488674
Sorry .... I discovered that /25 represented the subnet mask... please ignore previous post./
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Expert Comment

ID: 23502443
OK. So that's the way around remote users with iMap, POP or Outlook over RPC accounts....

BUT how does this affect OWA? I am using a hosted filter and a lot of spam is still getting through. I need to lock it down the SMTP connector without locking anyone out. (?)

My users browse to mail.ourdomain.com/exchange (and /remote for RWP).Will this cause trouble or do I have to reconfigure IIS as well?

Expert Comment

ID: 23502506
Not to mention all of the cell phones. It's a war of attrition.

Expert Comment

ID: 31290828
I have to do this EXACT same thing and am very familiar with doing it in Exchange 2003, but I am using Exchange 2010 with a Hub Transport.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
We aren’t perfect, just like everyone else.  Check out the email errors our community caught and learn the top errors every email marketer should avoid.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question