Restrict Inbound SMTP traffic to certain IP addresses

I use a third party Spam filter / email archive company.  All of our inbound and outbound traffic goes through this companies servers.  Our MX record points to them, they filter and archive and then send the mail to us.  In their setup instructions, it states that I need to lock down my firewall to restrict inbound SMTP traffict to ONLY their server's IP addresses/

Excerpt from their setup instructions -
"Inbound SMTP Restrictions:
Please wait 72 hours after changing your MX record
to allow full propagation across the Internet.
Next, restrict inbound port-25 SMTP traffic on your
firewall or mail server(s) to only accept mail from the
FrontBridge data centers as shown below."

and then it lists their IP addresses to use.

The problem is, I can't find anyone who knows how to do that.  I have a Cisco Pix 515 firewall.  Any suggestions would be appreciated. We are running MS Exchange 2003.

Thanks!
markcondiffAsked:
Who is Participating?
 
SanDiegoComputerCommented:
Its pretty straight forward.  

1. Open the exchange system manager.
2. Click the plus next to servers
3. Click the plus next to your server.
4. Click the plus next to protocols
5. Click the plus next to the SMTP protocol.
6. Right click on the default smtp virtual server and click properties.
7. On the second tab (access), click the Connections button
8. Set the option button to "Only the list below"
9. Click Add and Add the networks the provider has given you.
10.  If any local servers relay through this box or any on site systems use pop to communication, specify the local network.
11.  Click Ok and Ok and you are done!

One caveat that your provider may not have mentioned.  This will disable access by remote pop users.  One trick to get around that is to not lock the domain down in terms of connection, but instead to rename the ip in the dns from mail.domain.com to webmail.domain.com or something else.  Most spammers try delivering to the mail. address and will ignore other names.  That way your remote users just change their smtp server address.  
0
 
GlenHarveyCommented:
I have to do the same thing... how would I enter in these ip address values with the "/25"


216.99.131.0/25
216.104.4.0/24


0
 
GlenHarveyCommented:
Sorry .... I discovered that /25 represented the subnet mask... please ignore previous post./
0
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

 
mojopojoCommented:
OK. So that's the way around remote users with iMap, POP or Outlook over RPC accounts....

BUT how does this affect OWA? I am using a hosted filter and a lot of spam is still getting through. I need to lock it down the SMTP connector without locking anyone out. (?)

My users browse to mail.ourdomain.com/exchange (and /remote for RWP).Will this cause trouble or do I have to reconfigure IIS as well?
0
 
mojopojoCommented:
Not to mention all of the cell phones. It's a war of attrition.
0
 
qualityipCommented:
I have to do this EXACT same thing and am very familiar with doing it in Exchange 2003, but I am using Exchange 2010 with a Hub Transport.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.