Solved

Configuring SB2011 to only accept SMTP traffic from external spam filtering company

Posted on 2014-01-30
14
847 Views
Last Modified: 2014-04-23
We utilize an external company to filter our email for spam and virus checking.  However, we receive some direct emails, likely using our mail.companyname.com DNS name.  That name is not in our MX table.  We would like to prevent port 25 traffic coming from IP addresses not used by our external spam filtering company.  We use a Cisco/Linksys WRT54G router that does not appear to allow use to easily configure this at the router level.  

We utilize Symantec's Mail Security for Microsoft Exchange.  I have read many posts on how to configure SBS 2011 (Exchange 2010) for limit traffic.  But all the post appear to state that the default is 0.0.0.0 - 255.255.255.255.  But that is not the case for our server.  SMSME is catching these erroneous emails and deleting them based on a executable file detection rule.

Our Hub Transport Settings have the following:

192.168.1.0-192.168.1.0
192.168.1.2-192.168.1.255

192.168.1.1 is the default gateway and is not in the above listing.

I did not setup this server and do not have access to the original installer any more.  It appears that SMSME is acting as a SMTP gateway as it is blocking the bad traffic.  Don't know exactly how SMSME works so I don't know if the port 25 traffic first goes to SMSME and then to exchange or is integrated in some other fashion.  It appears based on above that the listing may need to go somewhere else.

How can I accomplish this, given that SMSME is being used in addition to the outside service.
0
Comment
Question by:cwsoft05
  • 5
  • 4
  • 3
  • +2
14 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39823154
That looks like the client receive connector. There should be another receive connector for receiving internet email.
0
 

Author Comment

by:cwsoft05
ID: 39823164
Where would that be.  I have only limited exposure to Exchange and Exchange 2010.  How do I get to the internet mail connector.  This client receive connector is where all the technotes and posts pointed to.

The one I see is at Microsoft Exchange Management Console, Server Configuration, Hub Transport, Default Receive Connector, Properties, Network Tab.  Receive mail from remote server with IP screen.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39823189
I can't see your screens. You do have to have some BASIC exchange knowledge to do what you want, or you can make things worse and end up with an open relay. If you aren't comfortable, hire a local specialist.
0
 
LVL 12

Assisted Solution

by:ktaczala
ktaczala earned 200 total points
ID: 39823272
How is this filtering company redirecting your email to you?

Usually your MX record will point to them, and then they forward on to you.

All you need to do is lock down your receive connector to only accept traffic on port 25 from your filtering companies IP address(s)

remove the IVP6 entry also.

See snapshot
ScreenCapture.jpg
0
 

Author Comment

by:cwsoft05
ID: 39823665
Our mx records only point to the spam filtering company and then the forward to email to our configured static IP address of our router.  Outgoing email goes directly to the internet, not through the spam filtering company, spamstopshere.com.

I have basic knowledge but the screen presentation is not what is presented  that everyone refers to.  It does not have ipv6 or the ipv4 entries.  The entries are allowing all local traffic except traffic from the gateway, 192.168.1.1 as can be seen in screen image.  Thus, Exchange cannot receive any traffic directly from the internet.  If it obviously being passed first to the Symantec Email Server Protection Software and then to Exchange.  That is why the Symantec protection is detecting and blocking the email via the enable rule.  

However, I would like to just block those emails from ever getting to the System Email protection.  Is it possible to accomplish this and at what point.  The Default Receive connection is already limiting traffic to only internal port 25 traffic other than from the router.
screencapture.jpg
0
 
LVL 3

Assisted Solution

by:BertSublime
BertSublime earned 100 total points
ID: 39823988
the other option would be to lock down the inbound port 25 traffic on the server using the firewall,
0
 
LVL 12

Assisted Solution

by:ktaczala
ktaczala earned 200 total points
ID: 39824097
SMSME (Symantec mail Security for Exchange) creates a hook into MS exchange. It does not process mail before it hits exchange.
if you are getting messages processed by SMSME then your host is not blocking everything.
Most don't or you never get any e-mail.  there's a fine line between spam and legit emails.
what may be spam to one business may be valid email to another.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 100 total points
ID: 39824922
As explained SMSME does not receive mail first (and even if it did, the receive connector you describe is not configured to receive mail from it either.) You are looking at the wrong receive connector, as I said before. Since I can't see your screens, I can't tell you the name of the right one.... after all connectors, like computer names, can be named anything the admin who set it up wanted... and you admitted that want you and don't have access to that individual. We can help, but we can't be psychic. You have to look at all of the receive connectors and understand what you are looking at.
0
 
LVL 12

Accepted Solution

by:
Gary Coltharp earned 100 total points
ID: 39824969
Open Exchange console, Server Configuration, Hub Transport.
Right click SBS Internet Receive Connector and go to properties
In the network settings, under Recieve mail from remote servers...

Add the IP or IPs or subnet specified by your spam filterer as allowed hosts. Delete all others, including the ones you listed.

HTH
Gary
0
 
LVL 12

Expert Comment

by:ktaczala
ID: 39825328
Gary, already showed him where to do that, in my snapshot.
0
 

Author Comment

by:cwsoft05
ID: 39825696
Ktcazala,  Thanks for the information about how SMSME works.  I have worked with other processes that work differently, serving at edge, outside the email server.  

Cliff, whether someone is knowledgable is subject to opinion. The person who installed the system was an experienced person but did a very poor and incomplete job.  A second person fixed some of his problems but I still had to fix things this individual, also very knowledgable, could or did not fix.  I know you cannot see my screens.  If asked specific questions I can provide you the information that will assist in resolving this.  You said some other connector but did not specify where.  I assumed incorrectly that the Default one was the proper one, not the SBS Internet receive one.  Gary pointed me in the correct direction.  

The SBS Exchange Management Console, Server Configuration, Hub Transport Screen has a top section with a receive connector defined, KSSRV1.  See attached image Hub Transport.

In the lower section is a Receive Connectors tab and Anti-spam tab.  Under the Receive Connectors tab is 3 connectors and the Anti-spam tab for each of the 3 connectors has nothing configured.

I was previous showing the Default connector KSSRV1.  See ksssrv1Default.  This one has only local address and excludes the gateway.  I looked at the other one based on the comments here and it appears to be what is controlling the access.  It is called windows SBS Internet Receive Kssvr1.  See SBSInternetReceive-page1 image.  It appears to be the correct one.  I has the proper HELO name and SBSInternetReceive-page2 image shows 3 lines that cover the full range of IP address.

0.0.0.0-192.168.0.255
192.168.1.1-192.168.1.1
192.168.2.0-255.255.255.255

This is the connector that is facing the outside appears to be the proper one to configure.

What is the purpose of having the gateway, 192.168.1.1 separately

Any idea on what is the reason for the 2 connections.  The FQDN of the general tab of the defaultkssrv1 is the local name of the server.  It includes all local address with the exception of the gateway

The SBSInternet receive one has all address specified in three segments.  Its FQDN is the proper reverse lookup DNS name resolving to the email records.   Any reason for including the internal 192.168. addresses and listing them separately  

As specified previously, I will need to modify this one so it is limited to the spam filtering companies address.  Should I make changes to both or just the SBSInternetReceive connector.

As for the comment on the spam filtering company missing emails, that is not true.  These are being send directly to the companies external IP address, bypassing the spam filtering company entirely.  I have reviewed headers in the past and they have not gone through the spam filtering company.
hubtransport.jpg
kssrvDefault.jpg
SBSInternetreceive-page1..jpg
SBSInternetreceive-page2..jpg
0
 
LVL 12

Expert Comment

by:ktaczala
ID: 39825833
SMSME can work on an edge transport.  But SBS 2011 can't separate the edge server from the rest like a standard version of exchange 2010.
0
 
LVL 12

Expert Comment

by:ktaczala
ID: 39825857
I tried changing my receive connector to point to just my spam host and I couldn't receive any e-mails.  I had to set it back to 0.0.0.0-255.255.255.255

My headers show that my email came from Google (another e-mail I used to send) thru my spam host.
here's the header info. see snapshot.
can you post one of each of yours.
ScreenCapture.jpg
0
 

Author Comment

by:cwsoft05
ID: 39825866
Enclosed is one of our current normal headers.  I cannot show you one of the incorrect headers, but I have looked at them previously when they were using groupwise.  The emails do not go through the spam filtering company.  Symantec currently is defined to delete these emails if they contain executable files, which they do.
mailheader.jpg
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now