Solved

Blocking email from certain countries on Windows 2003

Posted on 2008-06-23
6
574 Views
Last Modified: 2008-07-08
I am using CA eTrust Secure Content Manager to filter spam coming in to our network. We notice that a lot of the spam is coming from Korea, Russia and China, and as we do not deal with anyone from these countries, we want to block all connections from these countries. Is there any way to do this on a Windows 2003 server? Either within Secure Content Manger (i.e Blocking public address ranges - which I can seem to find any databases of public IP address ranges for countries) or as a free SMTP relay application that performs a IP to Location check with option to block certain countries?
0
Comment
Question by:Accdat
6 Comments
 
LVL 7

Accepted Solution

by:
Christopher Martinez earned 500 total points
ID: 21851231
Sure....open up Exchange system manager (SM), goto the Global SEttings, and right click on Message Delivery and select properties.
In the connection filter tab click add
In the connection filter rule enter: Display name: TQMCube_countries            
DNS Suffix of provider: world.tqmcube.com
* Click return status code and it will bring up a code looking for ip list...the follow website has the numbers to enter for the country you wish to block (i.e. 127.0.0.193 for russia)  
http://www.tqmcube.com/worldzone.php
ok out of everything now and ignore the error message.
Goto administrative groups inj the ESM than goto your particular admin group, servers, your server, protocols, SMTP and right click on deftault SMTP Virtual server and goto properties.
In the general tab goto advanced Button.
Click Edit
In the ID page enter a check in connection filter and OK out of it all.
You will need to repeat the * step for every country you wish to put in.

Hope this helps and some of this is from memory so will try to clean it up if this doesnt work :)

0
 

Author Comment

by:Accdat
ID: 21851463
Bahpoopie,

Thanks for the information, however, I need to do this filtering before the mail hits my spam filter - otherwise the mail will be quarantined which is what we are trying to avoid - having to scan through hundreds of spam email per day from countries we don't want to receive emails from.

At the moment, eTrust SCM is listening on port 25, filters the email and then forwards it on to Exchange listening on port 2525. Is there anyway I can setup a seperate SMTP relay in Exchange to peform this filter first, then pass the mail on to eTrust SCM and the back to the SMTP Virtual Server in Exchange?

Or is there some other way?
0
 
LVL 4

Expert Comment

by:BGTSLLC
ID: 21852022
Buy Securence and run everything though that first.  Feel free to contact me.

http://www.securence.com/
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 7

Expert Comment

by:Christopher Martinez
ID: 21857431
Well...hrm....try to create a second virtual SMTP with all the rules i set above
goto the exchange manager and right click on default SMTP virtual server and goto properties
On the general tab set the virtual server to listen on the IP address for the second server
On the delivery tab goto advanced
Configure the virtual server to use a smart host to forward all mail through the outbound smtp virtual server
Than configure the second virtual smtp to accept a relay only from the primary IP address that the default smtp server uses.
In practice ive made this work but i never had the eTrust SCM thing thrown in the mix, so i apologize for generalizations. ive heard really good things about this company too to avoid the headache of that overhead http://www.gfi.com/
0
 

Author Comment

by:Accdat
ID: 21861207
Bahpoopie,

I'm waiting on a call from CA regarding SCM and it's ability to block based on these presedence. If that doesn't work, I'll try configuring a new SMTP Virtual Server will all the rules you've mentioned and let you know the outcome.

Thanks for your contribution!

Accdat
0
 

Expert Comment

by:Finikito
ID: 24495935
I found the list with all the country codes here: http://archives.neohapsis.com/archives/postfix/2006-08/0130.html
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now