Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Setting Exchange to receive email from spam filter only

Posted on 2010-08-20
10
2,856 Views
Last Modified: 2012-05-10
We just setup an Exchange 2010 server.  Right now we only have it setup internally and it will except emails without authentication.  We have a Barracuda spam filter and we would like the Exchange server to only accept emails from the spam filter's IP.  For phones and device that send email to the server, we would like the Exchange server to require authentication.  How would I go about doing this?
0
Comment
Question by:bpl5000
  • 5
  • 4
10 Comments
 
LVL 1

Assisted Solution

by:vr_000
vr_000 earned 100 total points
ID: 33484806
Q1: How to configure Exchange Server to receive mails only from SPAM Filter device?
Ans: You need to create a new receive connector on HUB Transport Server. Configure it to receive mails only from Barracuda spam filte. To do this, follow the below steps:
-Open EMC>Server Configuration>HUB Transport> "Select HTS and create new Receive Connector"> Go to newly create Receive Connector's Properties>Select "Network" Tab> go to "REceive mail from remote serve rthat have these IP Addresses:mention IP address of Barracuda spam filter"

Note:
- Disable "Default Connector"
- In newly create Receive Connector, remove any other IP address that is mentioned under "REceive mail from remote serve rthat have these IP Addresses"

Q2: For phones and device that send email to the server, we would like the Exchange server to require authentication.  How would I go about doing this?
Impression: I got an idea from above mention description that you want the user to prompt authentication window those who are accessing their mailboxes via Active Sync and OWA. If yes, below is the answer:
- By default CAS is set to prompt for authentication whenever user access their mailbox via web services (OWA, Active Sync). However it is recomonded to either user MS PKI or opt for third party certificate like go daddy, verisign, etc.

Kindly let me know if you would have any question or concern.
0
 
LVL 2

Accepted Solution

by:
DavidGerald earned 400 total points
ID: 33485007
Hi BPL,
1.

Make a note of your IP addresses first by pressing start and type cmd in the search box.  type ippconfig /all into the command prompt and press enter.  Make a note of your IPv4 and ipv6 addresses

2. add a second IP address

control panel -> network and sharing -> change adapter settings -> right click the connection -> properties -> TCP/IP v4 -> advanced -> add the additional IP

3. Now secure your default receieve connector

Go to exchange management console -> server configuration -> hub transport -> under receive connectors right click 'default (Servername)' -> properties

Under Network tab select the local IPs (the top two) and click edit.  enter the ip addresses you collected in step one here.

Now remove the bottom two (where it says receive mail from remote servers), click add and enter the address of the barracuda in their place.

At this point mail can only come from the barracuda.

No for your phones and other devices.

4. click New receive connector, Name it 'internal devices' -> select custom from the drop down menu -> next -> remove all the IP addresses from the 'receive mail on this address' menu and add the ip address you created in step 2.  click next and finish
Once its created, right click it-> properties -> authentication tab -> make sure Integrated authentication and basic authentication is ticked -> permission groups tab -> make sure anonynmous is unticked.

Restart your exchange transport services, or server.

Now make sure all devices on the network that need to send mail are pointed at the ip created in step 2

Should be it
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33486363
For the phones, I 'm not talking about syncing the phones, our users want to send email from the phone using their Exchange account and they want to receive email to their phone.  So in the phone, we would setup the SMTP address, but we don't want the entire world to be sending mail thru our server.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 2

Expert Comment

by:DavidGerald
ID: 33498875
Hi BPL,

The instructions are for that purpose.  Although I got the impression you just wanted to send out status emails from VoIP phones rather do a full connection send and receive of email for an account on the server.  If you do want to actually download mail onto the phone you need to check which protocols it can use, if iMAP you need to enable that, if it can do RPC over HTTP use that, if not then it will definately use pop.  All you have to do is enable any of these to set it up to receive (RPC over HTTP will allow you to send AND receieve anyway) but the intrustions I have already provided cover secure sending through your server.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33517120
Thanks for the info!  I have set it up as you explained and it receives email from the mail filter, but I'm having issues sending mail from devices.  When I specify the username and password, the authentication fails.  If I check anonymous and remove the username and password, then it works.  I tried everything I could think of... domain\username, username@domain.com, and just the username, but nothing seems to work.  What am I doing wrong?
0
 
LVL 2

Expert Comment

by:DavidGerald
ID: 33520573
Hi BPL,

getting there, make sure that you have exchange users ticked under permission groups on the connector.  Also verify that the user account you are using for the devices has an exchange mailbox attached.

David
0
 
LVL 2

Expert Comment

by:DavidGerald
ID: 33520585
Authentication tav should have basic, TLS and integrated ticked
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33520777
Exchange users, TLS, basic and integrated are all checked.  Also, the user account does have an exchange mailbox.  Not sure why it's not working.  It works fine when anonymous is checked, but fails no matter what I try when I uncheck it.
0
 
LVL 2

Expert Comment

by:DavidGerald
ID: 33521729
How about the devices email address, the email address the device sends out as needs to match the exchange email accounts SMTP address.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 33527498
It's working now.  Had to use ASDI Edit and modify the rights for the authenticated user on that connector.  I also discovered that you do not need to dedicate a NIC to this second connector.  You can have the default connector and the second connector using the same NIC.  I have the default connector only receiving email from the mail filter IP and Exchange knows to send all other requests to the second connector.  I suppose if you needed more bandwidth, you could use a second NIC.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question