Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3388
  • Last Modified:

Setting Exchange to receive email from spam filter only

We just setup an Exchange 2010 server.  Right now we only have it setup internally and it will except emails without authentication.  We have a Barracuda spam filter and we would like the Exchange server to only accept emails from the spam filter's IP.  For phones and device that send email to the server, we would like the Exchange server to require authentication.  How would I go about doing this?
0
bpl5000
Asked:
bpl5000
  • 5
  • 4
2 Solutions
 
vr_000Commented:
Q1: How to configure Exchange Server to receive mails only from SPAM Filter device?
Ans: You need to create a new receive connector on HUB Transport Server. Configure it to receive mails only from Barracuda spam filte. To do this, follow the below steps:
-Open EMC>Server Configuration>HUB Transport> "Select HTS and create new Receive Connector"> Go to newly create Receive Connector's Properties>Select "Network" Tab> go to "REceive mail from remote serve rthat have these IP Addresses:mention IP address of Barracuda spam filter"

Note:
- Disable "Default Connector"
- In newly create Receive Connector, remove any other IP address that is mentioned under "REceive mail from remote serve rthat have these IP Addresses"

Q2: For phones and device that send email to the server, we would like the Exchange server to require authentication.  How would I go about doing this?
Impression: I got an idea from above mention description that you want the user to prompt authentication window those who are accessing their mailboxes via Active Sync and OWA. If yes, below is the answer:
- By default CAS is set to prompt for authentication whenever user access their mailbox via web services (OWA, Active Sync). However it is recomonded to either user MS PKI or opt for third party certificate like go daddy, verisign, etc.

Kindly let me know if you would have any question or concern.
0
 
DavidGeraldCommented:
Hi BPL,
1.

Make a note of your IP addresses first by pressing start and type cmd in the search box.  type ippconfig /all into the command prompt and press enter.  Make a note of your IPv4 and ipv6 addresses

2. add a second IP address

control panel -> network and sharing -> change adapter settings -> right click the connection -> properties -> TCP/IP v4 -> advanced -> add the additional IP

3. Now secure your default receieve connector

Go to exchange management console -> server configuration -> hub transport -> under receive connectors right click 'default (Servername)' -> properties

Under Network tab select the local IPs (the top two) and click edit.  enter the ip addresses you collected in step one here.

Now remove the bottom two (where it says receive mail from remote servers), click add and enter the address of the barracuda in their place.

At this point mail can only come from the barracuda.

No for your phones and other devices.

4. click New receive connector, Name it 'internal devices' -> select custom from the drop down menu -> next -> remove all the IP addresses from the 'receive mail on this address' menu and add the ip address you created in step 2.  click next and finish
Once its created, right click it-> properties -> authentication tab -> make sure Integrated authentication and basic authentication is ticked -> permission groups tab -> make sure anonynmous is unticked.

Restart your exchange transport services, or server.

Now make sure all devices on the network that need to send mail are pointed at the ip created in step 2

Should be it
0
 
bpl5000Author Commented:
For the phones, I 'm not talking about syncing the phones, our users want to send email from the phone using their Exchange account and they want to receive email to their phone.  So in the phone, we would setup the SMTP address, but we don't want the entire world to be sending mail thru our server.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
DavidGeraldCommented:
Hi BPL,

The instructions are for that purpose.  Although I got the impression you just wanted to send out status emails from VoIP phones rather do a full connection send and receive of email for an account on the server.  If you do want to actually download mail onto the phone you need to check which protocols it can use, if iMAP you need to enable that, if it can do RPC over HTTP use that, if not then it will definately use pop.  All you have to do is enable any of these to set it up to receive (RPC over HTTP will allow you to send AND receieve anyway) but the intrustions I have already provided cover secure sending through your server.
0
 
bpl5000Author Commented:
Thanks for the info!  I have set it up as you explained and it receives email from the mail filter, but I'm having issues sending mail from devices.  When I specify the username and password, the authentication fails.  If I check anonymous and remove the username and password, then it works.  I tried everything I could think of... domain\username, username@domain.com, and just the username, but nothing seems to work.  What am I doing wrong?
0
 
DavidGeraldCommented:
Hi BPL,

getting there, make sure that you have exchange users ticked under permission groups on the connector.  Also verify that the user account you are using for the devices has an exchange mailbox attached.

David
0
 
DavidGeraldCommented:
Authentication tav should have basic, TLS and integrated ticked
0
 
bpl5000Author Commented:
Exchange users, TLS, basic and integrated are all checked.  Also, the user account does have an exchange mailbox.  Not sure why it's not working.  It works fine when anonymous is checked, but fails no matter what I try when I uncheck it.
0
 
DavidGeraldCommented:
How about the devices email address, the email address the device sends out as needs to match the exchange email accounts SMTP address.
0
 
bpl5000Author Commented:
It's working now.  Had to use ASDI Edit and modify the rights for the authenticated user on that connector.  I also discovered that you do not need to dedicate a NIC to this second connector.  You can have the default connector and the second connector using the same NIC.  I have the default connector only receiving email from the mail filter IP and Exchange knows to send all other requests to the second connector.  I suppose if you needed more bandwidth, you could use a second NIC.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now