Solved

Lock down Exchange 2003 to accept mail from specific IPs

Posted on 2011-02-17
15
1,397 Views
Last Modified: 2012-05-11
I'm using a 3rd party email spam filter and need to lock down the Exchange server to accept email only from specific set of IP ranges.  I wanted to confirm this is done in SMTP Virtual Server->Access>Relay Restrictions.  Is there anywhere else?   unfortunately client doesn't have firewall but NAT device and cannot restrict at that level.

Thanks
0
Comment
Question by:scoobyftl
  • 7
  • 7
15 Comments
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34916138
Are you trying to set-up that your exchange-server only receives mail from certain IP addresses or are you trying to setup that only a few IP's can send mail? If the latter is true, than you're right doing that through the SMTP Virtual Server.
0
 
LVL 17

Expert Comment

by:Viral Rathod
ID: 34916175
Nope ,you only need to configured only Relay Restrictions
http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm
0
 

Author Comment

by:scoobyftl
ID: 34916213
Yeah so that mail server receives email from specific ip addresses only.  
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 11

Expert Comment

by:MichaelVH
ID: 34916257
Okay :-)

open ESM > Global Settings > Message Delivery > Connection filtering > enter the IP addresses from which you want to receive mails.

Grts,

Michael
0
 

Author Comment

by:scoobyftl
ID: 34916993
Ok perfect.  So under Global Accept and Deny list configuration i select accept and enter the subnets i'm going to allow to send us e-mail.  Once i set this up these are the only servers that can send e-mail to our domain correct?  

THanks Michael
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34917055
Scooby,

that's about it :-)

Greets!

Michael
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34917206
If you take a look with ADSIEdit, can you see a PF-database in AD for that specific server?
Maybe there are some leftovers from when you deleted it...

If not, can you please tell me what you did already check and what you didn't (so I don't ask you things twice ;-)  )
0
 

Author Comment

by:scoobyftl
ID: 34917504
Sorry deleted what?

No looks good.  I'll be adding the two IP subnet once they send it to me.   Then only e-mails from the filtering service will be allowed through.   Client was getting nailed with thousands of spam per day over the past week.  looks like he posted his work e-mail on facebook around same time.  
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34917598
Sorry, that previous post whas actually for another post! :p
0
 

Author Comment

by:scoobyftl
ID: 34925223
Michael,

entered the two subnets given to us by mcafee in the above location.  however, still getting hundreds of spam per minute.  i did see another tab for connection filtering within message delivery.  do i need to enter the servers there also?   insane the amount of junk getting in.

Thanks
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34925247
Scooby,

unfortunately I don't have an Exchange 2003 at hand right now, so I'm working out of my own memory. But yes, you could try adding the IP's there as well.

Thanks.
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34925251
Btw: are you sure that you have restarted the SMTP Service as well after changing settings?

Michael
0
 

Author Comment

by:scoobyftl
ID: 34926493
Thought i did.  I did late night and don't remember.  

I just checked the headers and all spam seems to be coming from TERM.gsta.net ([12.147.30.2])

i've added that IP to block under the same connection filtering tab-> Global Accept & Deny list config -> deny and restarted the SMTP service.

will monitor for a few hours.   i had changed the mx record 48 hours ago and seems like these spam were still routing through the old mx.

The area i was talking about is under message delivery->General Tab - > perimeter IP list and IP range config.  haven't added anything here yet to see if above works.
0
 

Accepted Solution

by:
scoobyftl earned 0 total points
ID: 34962511
I added the two subnets to the following tab for the lock down to work:

SMTP virtual Server->Access Tab->Connection
Set to Only the list below and entered the information


0
 

Author Closing Comment

by:scoobyftl
ID: 35115334
solution wasn't provided
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question