Only allow incoming emails from specific IP range

I've recently implemented a hosted spam & virus filtering solution.  My MX record directs all email through this filter which then forwards the email to my exchange server.  I've noticed that some email gets through the filter by somehow sending the mail directly through to my IP address and bypassing the filter.  I was advised by their tech support to restrict all incoming email so that only mail coming from their two IP ranges would be accepted.  How do I configure this in my exchange server?

I am running exchange 2k3 on windows 2k3.
jer007Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
Setup connection control on your default SMTP Virtual Server.
Open up Exchange System Manager, Expand Servers, Expand Your Server, Expand Protocosl, Expand SMTP.
Right-click on the default SMTP virtual server and choose properties.  Click on the Access tab and then on the Connection and then select Only the list below and add the IP's you want to allow.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jer007Author Commented:
Is there a way to add a range?  There are two sperate ranges with a total of 24 IP addresses each.  If possible, I'd rather not enter each one individually.
0
Alan HardistyCo-OwnerCommented:
You can add single addresses, a range of addresses, or by domain.
0
jer007Author Commented:
I'm not seeing how to enter a range.  There is the option of Single address, Group of computers which allows the subnet address & subnet mask, or domain.

I only have the address range.  It is xxx.xxx.xxx.0 - xxx.xxx.xxx.24.  Do I enter it that way in the Subnet address/mask fields?  I wasn't given any sort of subnet mask.
0
Alan HardistyCo-OwnerCommented:
Group of computers is the option to add a range but with the addresses you have, there is no easy way to add them as a group as there is no subnet mask that covers 0-24.
You could add xxx.xxx.xxx.0 with a subnet mask of 255.255.255.240 which covers from 0-15, but you would then have to add 16 - 24 manually.
It might be easier to just add them all one by one - a little boring, but then you can remove them one by one later if neede, which would be much easier.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.