Setting Exchange to receive email from spam filter only

Posted on 2010-08-20
Last Modified: 2012-05-10
We just setup an Exchange 2010 server.  Right now we only have it setup internally and it will except emails without authentication.  We have a Barracuda spam filter and we would like the Exchange server to only accept emails from the spam filter's IP.  For phones and device that send email to the server, we would like the Exchange server to require authentication.  How would I go about doing this?
Question by:bpl5000
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4

Assisted Solution

vr_000 earned 100 total points
ID: 33484806
Q1: How to configure Exchange Server to receive mails only from SPAM Filter device?
Ans: You need to create a new receive connector on HUB Transport Server. Configure it to receive mails only from Barracuda spam filte. To do this, follow the below steps:
-Open EMC>Server Configuration>HUB Transport> "Select HTS and create new Receive Connector"> Go to newly create Receive Connector's Properties>Select "Network" Tab> go to "REceive mail from remote serve rthat have these IP Addresses:mention IP address of Barracuda spam filter"

- Disable "Default Connector"
- In newly create Receive Connector, remove any other IP address that is mentioned under "REceive mail from remote serve rthat have these IP Addresses"

Q2: For phones and device that send email to the server, we would like the Exchange server to require authentication.  How would I go about doing this?
Impression: I got an idea from above mention description that you want the user to prompt authentication window those who are accessing their mailboxes via Active Sync and OWA. If yes, below is the answer:
- By default CAS is set to prompt for authentication whenever user access their mailbox via web services (OWA, Active Sync). However it is recomonded to either user MS PKI or opt for third party certificate like go daddy, verisign, etc.

Kindly let me know if you would have any question or concern.

Accepted Solution

DavidGerald earned 400 total points
ID: 33485007

Make a note of your IP addresses first by pressing start and type cmd in the search box.  type ippconfig /all into the command prompt and press enter.  Make a note of your IPv4 and ipv6 addresses

2. add a second IP address

control panel -> network and sharing -> change adapter settings -> right click the connection -> properties -> TCP/IP v4 -> advanced -> add the additional IP

3. Now secure your default receieve connector

Go to exchange management console -> server configuration -> hub transport -> under receive connectors right click 'default (Servername)' -> properties

Under Network tab select the local IPs (the top two) and click edit.  enter the ip addresses you collected in step one here.

Now remove the bottom two (where it says receive mail from remote servers), click add and enter the address of the barracuda in their place.

At this point mail can only come from the barracuda.

No for your phones and other devices.

4. click New receive connector, Name it 'internal devices' -> select custom from the drop down menu -> next -> remove all the IP addresses from the 'receive mail on this address' menu and add the ip address you created in step 2.  click next and finish
Once its created, right click it-> properties -> authentication tab -> make sure Integrated authentication and basic authentication is ticked -> permission groups tab -> make sure anonynmous is unticked.

Restart your exchange transport services, or server.

Now make sure all devices on the network that need to send mail are pointed at the ip created in step 2

Should be it

Author Comment

ID: 33486363
For the phones, I 'm not talking about syncing the phones, our users want to send email from the phone using their Exchange account and they want to receive email to their phone.  So in the phone, we would setup the SMTP address, but we don't want the entire world to be sending mail thru our server.
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.


Expert Comment

ID: 33498875

The instructions are for that purpose.  Although I got the impression you just wanted to send out status emails from VoIP phones rather do a full connection send and receive of email for an account on the server.  If you do want to actually download mail onto the phone you need to check which protocols it can use, if iMAP you need to enable that, if it can do RPC over HTTP use that, if not then it will definately use pop.  All you have to do is enable any of these to set it up to receive (RPC over HTTP will allow you to send AND receieve anyway) but the intrustions I have already provided cover secure sending through your server.

Author Comment

ID: 33517120
Thanks for the info!  I have set it up as you explained and it receives email from the mail filter, but I'm having issues sending mail from devices.  When I specify the username and password, the authentication fails.  If I check anonymous and remove the username and password, then it works.  I tried everything I could think of... domain\username,, and just the username, but nothing seems to work.  What am I doing wrong?

Expert Comment

ID: 33520573

getting there, make sure that you have exchange users ticked under permission groups on the connector.  Also verify that the user account you are using for the devices has an exchange mailbox attached.


Expert Comment

ID: 33520585
Authentication tav should have basic, TLS and integrated ticked

Author Comment

ID: 33520777
Exchange users, TLS, basic and integrated are all checked.  Also, the user account does have an exchange mailbox.  Not sure why it's not working.  It works fine when anonymous is checked, but fails no matter what I try when I uncheck it.

Expert Comment

ID: 33521729
How about the devices email address, the email address the device sends out as needs to match the exchange email accounts SMTP address.

Author Comment

ID: 33527498
It's working now.  Had to use ASDI Edit and modify the rights for the authenticated user on that connector.  I also discovered that you do not need to dedicate a NIC to this second connector.  You can have the default connector and the second connector using the same NIC.  I have the default connector only receiving email from the mail filter IP and Exchange knows to send all other requests to the second connector.  I suppose if you needed more bandwidth, you could use a second NIC.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Purge \Deleted Items? 2 31
Exchange 2010 Server - Phishing attack 3 43
Exchange server licensing 2 37
exchange , office 365 3 16
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question