Solved

Setting Exchange to receive email from spam filter only

Posted on 2010-08-20
10
2,676 Views
Last Modified: 2012-05-10
We just setup an Exchange 2010 server.  Right now we only have it setup internally and it will except emails without authentication.  We have a Barracuda spam filter and we would like the Exchange server to only accept emails from the spam filter's IP.  For phones and device that send email to the server, we would like the Exchange server to require authentication.  How would I go about doing this?
0
Comment
Question by:bpl5000
  • 5
  • 4
10 Comments
 
LVL 1

Assisted Solution

by:vr_000
vr_000 earned 100 total points
ID: 33484806
Q1: How to configure Exchange Server to receive mails only from SPAM Filter device?
Ans: You need to create a new receive connector on HUB Transport Server. Configure it to receive mails only from Barracuda spam filte. To do this, follow the below steps:
-Open EMC>Server Configuration>HUB Transport> "Select HTS and create new Receive Connector"> Go to newly create Receive Connector's Properties>Select "Network" Tab> go to "REceive mail from remote serve rthat have these IP Addresses:mention IP address of Barracuda spam filter"

Note:
- Disable "Default Connector"
- In newly create Receive Connector, remove any other IP address that is mentioned under "REceive mail from remote serve rthat have these IP Addresses"

Q2: For phones and device that send email to the server, we would like the Exchange server to require authentication.  How would I go about doing this?
Impression: I got an idea from above mention description that you want the user to prompt authentication window those who are accessing their mailboxes via Active Sync and OWA. If yes, below is the answer:
- By default CAS is set to prompt for authentication whenever user access their mailbox via web services (OWA, Active Sync). However it is recomonded to either user MS PKI or opt for third party certificate like go daddy, verisign, etc.

Kindly let me know if you would have any question or concern.
0
 
LVL 2

Accepted Solution

by:
DavidGerald earned 400 total points
ID: 33485007
Hi BPL,
1.

Make a note of your IP addresses first by pressing start and type cmd in the search box.  type ippconfig /all into the command prompt and press enter.  Make a note of your IPv4 and ipv6 addresses

2. add a second IP address

control panel -> network and sharing -> change adapter settings -> right click the connection -> properties -> TCP/IP v4 -> advanced -> add the additional IP

3. Now secure your default receieve connector

Go to exchange management console -> server configuration -> hub transport -> under receive connectors right click 'default (Servername)' -> properties

Under Network tab select the local IPs (the top two) and click edit.  enter the ip addresses you collected in step one here.

Now remove the bottom two (where it says receive mail from remote servers), click add and enter the address of the barracuda in their place.

At this point mail can only come from the barracuda.

No for your phones and other devices.

4. click New receive connector, Name it 'internal devices' -> select custom from the drop down menu -> next -> remove all the IP addresses from the 'receive mail on this address' menu and add the ip address you created in step 2.  click next and finish
Once its created, right click it-> properties -> authentication tab -> make sure Integrated authentication and basic authentication is ticked -> permission groups tab -> make sure anonynmous is unticked.

Restart your exchange transport services, or server.

Now make sure all devices on the network that need to send mail are pointed at the ip created in step 2

Should be it
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33486363
For the phones, I 'm not talking about syncing the phones, our users want to send email from the phone using their Exchange account and they want to receive email to their phone.  So in the phone, we would setup the SMTP address, but we don't want the entire world to be sending mail thru our server.
0
 
LVL 2

Expert Comment

by:DavidGerald
ID: 33498875
Hi BPL,

The instructions are for that purpose.  Although I got the impression you just wanted to send out status emails from VoIP phones rather do a full connection send and receive of email for an account on the server.  If you do want to actually download mail onto the phone you need to check which protocols it can use, if iMAP you need to enable that, if it can do RPC over HTTP use that, if not then it will definately use pop.  All you have to do is enable any of these to set it up to receive (RPC over HTTP will allow you to send AND receieve anyway) but the intrustions I have already provided cover secure sending through your server.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33517120
Thanks for the info!  I have set it up as you explained and it receives email from the mail filter, but I'm having issues sending mail from devices.  When I specify the username and password, the authentication fails.  If I check anonymous and remove the username and password, then it works.  I tried everything I could think of... domain\username, username@domain.com, and just the username, but nothing seems to work.  What am I doing wrong?
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 
LVL 2

Expert Comment

by:DavidGerald
ID: 33520573
Hi BPL,

getting there, make sure that you have exchange users ticked under permission groups on the connector.  Also verify that the user account you are using for the devices has an exchange mailbox attached.

David
0
 
LVL 2

Expert Comment

by:DavidGerald
ID: 33520585
Authentication tav should have basic, TLS and integrated ticked
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33520777
Exchange users, TLS, basic and integrated are all checked.  Also, the user account does have an exchange mailbox.  Not sure why it's not working.  It works fine when anonymous is checked, but fails no matter what I try when I uncheck it.
0
 
LVL 2

Expert Comment

by:DavidGerald
ID: 33521729
How about the devices email address, the email address the device sends out as needs to match the exchange email accounts SMTP address.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33527498
It's working now.  Had to use ASDI Edit and modify the rights for the authenticated user on that connector.  I also discovered that you do not need to dedicate a NIC to this second connector.  You can have the default connector and the second connector using the same NIC.  I have the default connector only receiving email from the mail filter IP and Exchange knows to send all other requests to the second connector.  I suppose if you needed more bandwidth, you could use a second NIC.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now