[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Locking down SMTP while permitting remote users (IMail, MX Logic)

Posted on 2009-02-23
2
Medium Priority
?
1,221 Views
Last Modified: 2012-06-27
We have recently subscribed to MX Logic to provide both incoming and outgoing mail defense, content filtering, etc. MX Logic recommends that access to the SMTP server be "locked down," and we agree that this is necessary as a tremendous amount of mail continues to exchanged directly with our server (even though the MX TTL was 30 minutes and the MX change was made several days ago). They suggest that we restrict SMTP access to two ranges (208.65.144.0/21 and 208.81.64.0/22), either at the firewall or at the mail server. I don't believe that I can do this without at the same time blocking field users with aircards/dynamic IPs, home users, and users at field offices without VPNs who need to send mail. I need a solution that will allow us to exchange mail with MX Logic and authorized non-VPN users outside our offices without accepting any mail from random SMTP servers, if such is possible.

The email server is IMail Premium 10.02. We currently use SMTP AUTH with no SSL/TLS on Port 25 only. There are a number of SMTP access controls with IMail, but I'm not sure how to mix/match to suit. No solution is off the table, including client changes, if necessary. I really appreciate any suggestions.
0
Comment
Question by:jaredfaulkner
2 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 2000 total points
ID: 23713927
I know what I would do - if your firewall is capable of doing it.
Lock down the port 25 traffic as requested but at the firewall, not the server. Then open another port (2525 for example) with a port redirection to port 25 on the inside. Then configure the clients to use that alternative port for sending email instead.

Another option would be to use TLS on the TLS port, if the server supports that.
Basically anything other than port 25.

-M
0
 

Author Closing Comment

by:jaredfaulkner
ID: 31550113
Thanks for taking the time to answer. This seems like the way to go, and although changing the port for outside clients will be painful, the task seems manageable.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses
Course of the Month18 days, 14 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question