• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 592
  • Last Modified:

Blocking email from certain countries on Windows 2003

I am using CA eTrust Secure Content Manager to filter spam coming in to our network. We notice that a lot of the spam is coming from Korea, Russia and China, and as we do not deal with anyone from these countries, we want to block all connections from these countries. Is there any way to do this on a Windows 2003 server? Either within Secure Content Manger (i.e Blocking public address ranges - which I can seem to find any databases of public IP address ranges for countries) or as a free SMTP relay application that performs a IP to Location check with option to block certain countries?
0
Accdat
Asked:
Accdat
1 Solution
 
Christopher MartinezCommented:
Sure....open up Exchange system manager (SM), goto the Global SEttings, and right click on Message Delivery and select properties.
In the connection filter tab click add
In the connection filter rule enter: Display name: TQMCube_countries            
DNS Suffix of provider: world.tqmcube.com
* Click return status code and it will bring up a code looking for ip list...the follow website has the numbers to enter for the country you wish to block (i.e. 127.0.0.193 for russia)  
http://www.tqmcube.com/worldzone.php
ok out of everything now and ignore the error message.
Goto administrative groups inj the ESM than goto your particular admin group, servers, your server, protocols, SMTP and right click on deftault SMTP Virtual server and goto properties.
In the general tab goto advanced Button.
Click Edit
In the ID page enter a check in connection filter and OK out of it all.
You will need to repeat the * step for every country you wish to put in.

Hope this helps and some of this is from memory so will try to clean it up if this doesnt work :)

0
 
AccdatAuthor Commented:
Bahpoopie,

Thanks for the information, however, I need to do this filtering before the mail hits my spam filter - otherwise the mail will be quarantined which is what we are trying to avoid - having to scan through hundreds of spam email per day from countries we don't want to receive emails from.

At the moment, eTrust SCM is listening on port 25, filters the email and then forwards it on to Exchange listening on port 2525. Is there anyway I can setup a seperate SMTP relay in Exchange to peform this filter first, then pass the mail on to eTrust SCM and the back to the SMTP Virtual Server in Exchange?

Or is there some other way?
0
 
BGTSLLCCommented:
Buy Securence and run everything though that first.  Feel free to contact me.

http://www.securence.com/
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
Christopher MartinezCommented:
Well...hrm....try to create a second virtual SMTP with all the rules i set above
goto the exchange manager and right click on default SMTP virtual server and goto properties
On the general tab set the virtual server to listen on the IP address for the second server
On the delivery tab goto advanced
Configure the virtual server to use a smart host to forward all mail through the outbound smtp virtual server
Than configure the second virtual smtp to accept a relay only from the primary IP address that the default smtp server uses.
In practice ive made this work but i never had the eTrust SCM thing thrown in the mix, so i apologize for generalizations. ive heard really good things about this company too to avoid the headache of that overhead http://www.gfi.com/
0
 
AccdatAuthor Commented:
Bahpoopie,

I'm waiting on a call from CA regarding SCM and it's ability to block based on these presedence. If that doesn't work, I'll try configuring a new SMTP Virtual Server will all the rules you've mentioned and let you know the outcome.

Thanks for your contribution!

Accdat
0
 
FinikitoCommented:
I found the list with all the country codes here: http://archives.neohapsis.com/archives/postfix/2006-08/0130.html
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now