scoobyftl
asked on
Lock down Exchange 2003 to accept mail from specific IPs
I'm using a 3rd party email spam filter and need to lock down the Exchange server to accept email only from specific set of IP ranges. I wanted to confirm this is done in SMTP Virtual Server->Access>Relay Restrictions. Is there anywhere else? unfortunately client doesn't have firewall but NAT device and cannot restrict at that level.
Thanks
Thanks
MichaelVH
Are you trying to set-up that your exchange-server only receives mail from certain IP addresses or are you trying to setup that only a few IP's can send mail? If the latter is true, than you're right doing that through the SMTP Virtual Server.
Nope ,you only need to configured only Relay Restrictions
http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm
http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm
ASKER
Yeah so that mail server receives email from specific ip addresses only.
Okay :-)
open ESM > Global Settings > Message Delivery > Connection filtering > enter the IP addresses from which you want to receive mails.
Grts,
Michael
open ESM > Global Settings > Message Delivery > Connection filtering > enter the IP addresses from which you want to receive mails.
Grts,
Michael
ASKER
Ok perfect. So under Global Accept and Deny list configuration i select accept and enter the subnets i'm going to allow to send us e-mail. Once i set this up these are the only servers that can send e-mail to our domain correct?
THanks Michael
THanks Michael
Scooby,
that's about it :-)
Greets!
Michael
that's about it :-)
Greets!
Michael
If you take a look with ADSIEdit, can you see a PF-database in AD for that specific server?
Maybe there are some leftovers from when you deleted it...
If not, can you please tell me what you did already check and what you didn't (so I don't ask you things twice ;-) )
Maybe there are some leftovers from when you deleted it...
If not, can you please tell me what you did already check and what you didn't (so I don't ask you things twice ;-) )
ASKER
Sorry deleted what?
No looks good. I'll be adding the two IP subnet once they send it to me. Then only e-mails from the filtering service will be allowed through. Client was getting nailed with thousands of spam per day over the past week. looks like he posted his work e-mail on facebook around same time.
No looks good. I'll be adding the two IP subnet once they send it to me. Then only e-mails from the filtering service will be allowed through. Client was getting nailed with thousands of spam per day over the past week. looks like he posted his work e-mail on facebook around same time.
Sorry, that previous post whas actually for another post! :p
ASKER
Michael,
entered the two subnets given to us by mcafee in the above location. however, still getting hundreds of spam per minute. i did see another tab for connection filtering within message delivery. do i need to enter the servers there also? insane the amount of junk getting in.
Thanks
entered the two subnets given to us by mcafee in the above location. however, still getting hundreds of spam per minute. i did see another tab for connection filtering within message delivery. do i need to enter the servers there also? insane the amount of junk getting in.
Thanks
Scooby,
unfortunately I don't have an Exchange 2003 at hand right now, so I'm working out of my own memory. But yes, you could try adding the IP's there as well.
Thanks.
unfortunately I don't have an Exchange 2003 at hand right now, so I'm working out of my own memory. But yes, you could try adding the IP's there as well.
Thanks.
Btw: are you sure that you have restarted the SMTP Service as well after changing settings?
Michael
Michael
ASKER
Thought i did. I did late night and don't remember.
I just checked the headers and all spam seems to be coming from TERM.gsta.net ([12.147.30.2])
i've added that IP to block under the same connection filtering tab-> Global Accept & Deny list config -> deny and restarted the SMTP service.
will monitor for a few hours. i had changed the mx record 48 hours ago and seems like these spam were still routing through the old mx.
The area i was talking about is under message delivery->General Tab - > perimeter IP list and IP range config. haven't added anything here yet to see if above works.
I just checked the headers and all spam seems to be coming from TERM.gsta.net ([12.147.30.2])
i've added that IP to block under the same connection filtering tab-> Global Accept & Deny list config -> deny and restarted the SMTP service.
will monitor for a few hours. i had changed the mx record 48 hours ago and seems like these spam were still routing through the old mx.
The area i was talking about is under message delivery->General Tab - > perimeter IP list and IP range config. haven't added anything here yet to see if above works.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
solution wasn't provided