Solved

Lock down Exchange 2003 to accept mail from specific IPs

Posted on 2011-02-17
15
1,364 Views
Last Modified: 2012-05-11
I'm using a 3rd party email spam filter and need to lock down the Exchange server to accept email only from specific set of IP ranges.  I wanted to confirm this is done in SMTP Virtual Server->Access>Relay Restrictions.  Is there anywhere else?   unfortunately client doesn't have firewall but NAT device and cannot restrict at that level.

Thanks
0
Comment
Question by:scoobyftl
  • 7
  • 7
15 Comments
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34916138
Are you trying to set-up that your exchange-server only receives mail from certain IP addresses or are you trying to setup that only a few IP's can send mail? If the latter is true, than you're right doing that through the SMTP Virtual Server.
0
 
LVL 16

Expert Comment

by:Viral Rathod
ID: 34916175
Nope ,you only need to configured only Relay Restrictions
http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm
0
 

Author Comment

by:scoobyftl
ID: 34916213
Yeah so that mail server receives email from specific ip addresses only.  
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34916257
Okay :-)

open ESM > Global Settings > Message Delivery > Connection filtering > enter the IP addresses from which you want to receive mails.

Grts,

Michael
0
 

Author Comment

by:scoobyftl
ID: 34916993
Ok perfect.  So under Global Accept and Deny list configuration i select accept and enter the subnets i'm going to allow to send us e-mail.  Once i set this up these are the only servers that can send e-mail to our domain correct?  

THanks Michael
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34917055
Scooby,

that's about it :-)

Greets!

Michael
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34917206
If you take a look with ADSIEdit, can you see a PF-database in AD for that specific server?
Maybe there are some leftovers from when you deleted it...

If not, can you please tell me what you did already check and what you didn't (so I don't ask you things twice ;-)  )
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:scoobyftl
ID: 34917504
Sorry deleted what?

No looks good.  I'll be adding the two IP subnet once they send it to me.   Then only e-mails from the filtering service will be allowed through.   Client was getting nailed with thousands of spam per day over the past week.  looks like he posted his work e-mail on facebook around same time.  
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34917598
Sorry, that previous post whas actually for another post! :p
0
 

Author Comment

by:scoobyftl
ID: 34925223
Michael,

entered the two subnets given to us by mcafee in the above location.  however, still getting hundreds of spam per minute.  i did see another tab for connection filtering within message delivery.  do i need to enter the servers there also?   insane the amount of junk getting in.

Thanks
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34925247
Scooby,

unfortunately I don't have an Exchange 2003 at hand right now, so I'm working out of my own memory. But yes, you could try adding the IP's there as well.

Thanks.
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34925251
Btw: are you sure that you have restarted the SMTP Service as well after changing settings?

Michael
0
 

Author Comment

by:scoobyftl
ID: 34926493
Thought i did.  I did late night and don't remember.  

I just checked the headers and all spam seems to be coming from TERM.gsta.net ([12.147.30.2])

i've added that IP to block under the same connection filtering tab-> Global Accept & Deny list config -> deny and restarted the SMTP service.

will monitor for a few hours.   i had changed the mx record 48 hours ago and seems like these spam were still routing through the old mx.

The area i was talking about is under message delivery->General Tab - > perimeter IP list and IP range config.  haven't added anything here yet to see if above works.
0
 

Accepted Solution

by:
scoobyftl earned 0 total points
ID: 34962511
I added the two subnets to the following tab for the lock down to work:

SMTP virtual Server->Access Tab->Connection
Set to Only the list below and entered the information


0
 

Author Closing Comment

by:scoobyftl
ID: 35115334
solution wasn't provided
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now