Solved

Lock down Exchange 2003 to accept mail from specific IPs

Posted on 2011-02-17
15
1,501 Views
Last Modified: 2012-05-11
I'm using a 3rd party email spam filter and need to lock down the Exchange server to accept email only from specific set of IP ranges.  I wanted to confirm this is done in SMTP Virtual Server->Access>Relay Restrictions.  Is there anywhere else?   unfortunately client doesn't have firewall but NAT device and cannot restrict at that level.

Thanks
0
Comment
Question by:scoobyftl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
15 Comments
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34916138
Are you trying to set-up that your exchange-server only receives mail from certain IP addresses or are you trying to setup that only a few IP's can send mail? If the latter is true, than you're right doing that through the SMTP Virtual Server.
0
 
LVL 17

Expert Comment

by:Viral Rathod
ID: 34916175
Nope ,you only need to configured only Relay Restrictions
http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm
0
 

Author Comment

by:scoobyftl
ID: 34916213
Yeah so that mail server receives email from specific ip addresses only.  
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 11

Expert Comment

by:MichaelVH
ID: 34916257
Okay :-)

open ESM > Global Settings > Message Delivery > Connection filtering > enter the IP addresses from which you want to receive mails.

Grts,

Michael
0
 

Author Comment

by:scoobyftl
ID: 34916993
Ok perfect.  So under Global Accept and Deny list configuration i select accept and enter the subnets i'm going to allow to send us e-mail.  Once i set this up these are the only servers that can send e-mail to our domain correct?  

THanks Michael
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34917055
Scooby,

that's about it :-)

Greets!

Michael
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34917206
If you take a look with ADSIEdit, can you see a PF-database in AD for that specific server?
Maybe there are some leftovers from when you deleted it...

If not, can you please tell me what you did already check and what you didn't (so I don't ask you things twice ;-)  )
0
 

Author Comment

by:scoobyftl
ID: 34917504
Sorry deleted what?

No looks good.  I'll be adding the two IP subnet once they send it to me.   Then only e-mails from the filtering service will be allowed through.   Client was getting nailed with thousands of spam per day over the past week.  looks like he posted his work e-mail on facebook around same time.  
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34917598
Sorry, that previous post whas actually for another post! :p
0
 

Author Comment

by:scoobyftl
ID: 34925223
Michael,

entered the two subnets given to us by mcafee in the above location.  however, still getting hundreds of spam per minute.  i did see another tab for connection filtering within message delivery.  do i need to enter the servers there also?   insane the amount of junk getting in.

Thanks
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34925247
Scooby,

unfortunately I don't have an Exchange 2003 at hand right now, so I'm working out of my own memory. But yes, you could try adding the IP's there as well.

Thanks.
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34925251
Btw: are you sure that you have restarted the SMTP Service as well after changing settings?

Michael
0
 

Author Comment

by:scoobyftl
ID: 34926493
Thought i did.  I did late night and don't remember.  

I just checked the headers and all spam seems to be coming from TERM.gsta.net ([12.147.30.2])

i've added that IP to block under the same connection filtering tab-> Global Accept & Deny list config -> deny and restarted the SMTP service.

will monitor for a few hours.   i had changed the mx record 48 hours ago and seems like these spam were still routing through the old mx.

The area i was talking about is under message delivery->General Tab - > perimeter IP list and IP range config.  haven't added anything here yet to see if above works.
0
 

Accepted Solution

by:
scoobyftl earned 0 total points
ID: 34962511
I added the two subnets to the following tab for the lock down to work:

SMTP virtual Server->Access Tab->Connection
Set to Only the list below and entered the information


0
 

Author Closing Comment

by:scoobyftl
ID: 35115334
solution wasn't provided
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question