Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Entering a range of IP's into SMTP - Can it be done?, I have a list of over 600 IP's, I'd like to enter 208.65.144.0 to 208.65.151.255 instead of typing in each address manually.

Posted on 2008-10-04
13
Medium Priority
?
539 Views
Last Modified: 2012-05-05
Hello Experts,

I just signed up for MX Logic, They want me to lock down the SMTP so that only IP's     208.65.144.0   to   208.65.151.255     &     208.81.64.0  to  208.81.67.255   can be accepted.

How can I enter a range into the SMTP Connection?

I found this answer from Sembee, but the author only needed one IP:  http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_21676289.html?

I do have a list of all their IP's but there must be 1000 IP's in that list, I can't type that fast.

Thanks,

Lasareath

SMTP-Range.jpg
0
Comment
Question by:Lasareath
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
13 Comments
 
LVL 5

Expert Comment

by:valheru_m
ID: 22641243
Dos it have to be done on the Exchange server or can it be done at the firewall level?  Many firewalls have provisions to only allow certain IP ranges to access a particular port.  If you lock it down at the firewall level you dont need to make the changes on the mail server itself.
0
 

Author Comment

by:Lasareath
ID: 22641267
That's my problem, they have a cheapo $65 LinkSys firewall
0
 
LVL 5

Expert Comment

by:valheru_m
ID: 22641344
ahhh, yeah that bites.  Wish I had better news for you.. but I think it's time to set aside an afternoon for typing. :(
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Lasareath
ID: 22641349
efff that, they can shell out some money for a new router!
0
 
LVL 5

Expert Comment

by:valheru_m
ID: 22641379
Are you linux savvy at all? If you are, there is a 3rd party firmware called OpenWRT that you can install on your linksys router.  It's all command line and config files, so if you're not comfortable wth that then it's defintiely not for you, bt I've successfully used shorewall (linux software firewall) on the linksys router before and that would give you the flexibility to enter rules as you see fit.
0
 

Author Comment

by:Lasareath
ID: 22641384
Not at all :(, I used some linux 20 years ago LOL

0
 

Author Comment

by:Lasareath
ID: 22641973
I decided to try the following:

The range they want me to grant is

208.65.144.0  to  208.65.151.255
208.81.64.0   to  208.81.67.255

So, I typed in 208.65.0.0 / 255.255.0.0    &    208.81.0.0  /  255.255.0.0   (Are these Subnet Masks correct?)

I guess this lets in the whole class B of 208.65 & 208.81 ?

I guess I can narrow it down even further to just allow the class C's ?

So if there are any spammers on teh 208 network then they will still be able to send to the email server directly.

What you guys think?

Lasareath


I-Granted--this-Range.jpg
0
 
LVL 5

Accepted Solution

by:
valheru_m earned 1500 total points
ID: 22642031
Ah, I didn't see the option to allow full networks instead of just hosts.  My apologies.  In this case, you shoudl go with the following network addresses which will narrow it down to what you want:

208.65.144.0 255.255.248.0    --> Will give you exactly 208.65.144.0 - 208.65.151.255

and

208.81.64.0 255.255.252.0  -->  Will give you exactly 208.81.64.0 - 208.81.67.255
0
 

Author Comment

by:Lasareath
ID: 22642056
They want all these ranges:

They-want-me-to-enter-these-netw.jpg
0
 
LVL 5

Expert Comment

by:valheru_m
ID: 22642090
Yes...  Thats' what those two address ranges I gave you will cover if you use the subnet masks I provided.
0
 

Author Comment

by:Lasareath
ID: 22642094
Thanks valheru!

I entered them and I will wait a little while to make sure that it is OK and then you will be awarded.

Lasareath

0
 

Author Comment

by:Lasareath
ID: 22643354
If you have MX Logic and you want to lock down your SMTP then this question is for you.

This has worked 100% for me!!!

Simply go to ESM, Servers, <your server>, Protocols, SMTP. Right click on the "Default SMTP Virtual Server" and choose Properties.
Click on the "Access" tab and then "Connections". Change the configuration from "All except the list below" to "Only the list below".
Click the Add button, Click "Group of Computers", Enter 208.65.144.0 for the Subnet Address then 255.255.248.0 for the Subnet Mask, click OK

Then Click the Add button again, Click "Group of Computers", Enter 208.81.64.0  then 255.255.252.0, click OK all the way out.

You are done, Your server will only accept emails from MX Logic

Lasareath
0
 

Author Comment

by:Lasareath
ID: 35114742
Wow I needed this again and I totally forgot what I did. Thank God this was still here!!!

Works Great!

Lasareath
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question