Lock down Exchange 2003 to accept mail from specific IPs

I'm using a 3rd party email spam filter and need to lock down the Exchange server to accept email only from specific set of IP ranges.  I wanted to confirm this is done in SMTP Virtual Server->Access>Relay Restrictions.  Is there anywhere else?   unfortunately client doesn't have firewall but NAT device and cannot restrict at that level.

Thanks
scoobyftlAsked:
Who is Participating?
 
scoobyftlConnect With a Mentor Author Commented:
I added the two subnets to the following tab for the lock down to work:

SMTP virtual Server->Access Tab->Connection
Set to Only the list below and entered the information


0
 
MichaelVHCommented:
Are you trying to set-up that your exchange-server only receives mail from certain IP addresses or are you trying to setup that only a few IP's can send mail? If the latter is true, than you're right doing that through the SMTP Virtual Server.
0
 
Viral RathodConsultantCommented:
Nope ,you only need to configured only Relay Restrictions
http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
scoobyftlAuthor Commented:
Yeah so that mail server receives email from specific ip addresses only.  
0
 
MichaelVHCommented:
Okay :-)

open ESM > Global Settings > Message Delivery > Connection filtering > enter the IP addresses from which you want to receive mails.

Grts,

Michael
0
 
scoobyftlAuthor Commented:
Ok perfect.  So under Global Accept and Deny list configuration i select accept and enter the subnets i'm going to allow to send us e-mail.  Once i set this up these are the only servers that can send e-mail to our domain correct?  

THanks Michael
0
 
MichaelVHCommented:
Scooby,

that's about it :-)

Greets!

Michael
0
 
MichaelVHCommented:
If you take a look with ADSIEdit, can you see a PF-database in AD for that specific server?
Maybe there are some leftovers from when you deleted it...

If not, can you please tell me what you did already check and what you didn't (so I don't ask you things twice ;-)  )
0
 
scoobyftlAuthor Commented:
Sorry deleted what?

No looks good.  I'll be adding the two IP subnet once they send it to me.   Then only e-mails from the filtering service will be allowed through.   Client was getting nailed with thousands of spam per day over the past week.  looks like he posted his work e-mail on facebook around same time.  
0
 
MichaelVHCommented:
Sorry, that previous post whas actually for another post! :p
0
 
scoobyftlAuthor Commented:
Michael,

entered the two subnets given to us by mcafee in the above location.  however, still getting hundreds of spam per minute.  i did see another tab for connection filtering within message delivery.  do i need to enter the servers there also?   insane the amount of junk getting in.

Thanks
0
 
MichaelVHCommented:
Scooby,

unfortunately I don't have an Exchange 2003 at hand right now, so I'm working out of my own memory. But yes, you could try adding the IP's there as well.

Thanks.
0
 
MichaelVHCommented:
Btw: are you sure that you have restarted the SMTP Service as well after changing settings?

Michael
0
 
scoobyftlAuthor Commented:
Thought i did.  I did late night and don't remember.  

I just checked the headers and all spam seems to be coming from TERM.gsta.net ([12.147.30.2])

i've added that IP to block under the same connection filtering tab-> Global Accept & Deny list config -> deny and restarted the SMTP service.

will monitor for a few hours.   i had changed the mx record 48 hours ago and seems like these spam were still routing through the old mx.

The area i was talking about is under message delivery->General Tab - > perimeter IP list and IP range config.  haven't added anything here yet to see if above works.
0
 
scoobyftlAuthor Commented:
solution wasn't provided
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.