Configuring SB2011 to only accept SMTP traffic from external spam filtering company
We utilize an external company to filter our email for spam and virus checking. However, we receive some direct emails, likely using our mail.companyname.com DNS name. That name is not in our MX table. We would like to prevent port 25 traffic coming from IP addresses not used by our external spam filtering company. We use a Cisco/Linksys WRT54G router that does not appear to allow use to easily configure this at the router level.
We utilize Symantec's Mail Security for Microsoft Exchange. I have read many posts on how to configure SBS 2011 (Exchange 2010) for limit traffic. But all the post appear to state that the default is 0.0.0.0 - 255.255.255.255. But that is not the case for our server. SMSME is catching these erroneous emails and deleting them based on a executable file detection rule.
Our Hub Transport Settings have the following:
192.168.1.0-192.168.1.0
192.168.1.2-192.168.1.255
192.168.1.1 is the default gateway and is not in the above listing.
I did not setup this server and do not have access to the original installer any more. It appears that SMSME is acting as a SMTP gateway as it is blocking the bad traffic. Don't know exactly how SMSME works so I don't know if the port 25 traffic first goes to SMSME and then to exchange or is integrated in some other fashion. It appears based on above that the listing may need to go somewhere else.
How can I accomplish this, given that SMSME is being used in addition to the outside service.
We utilize Symantec's Mail Security for Microsoft Exchange. I have read many posts on how to configure SBS 2011 (Exchange 2010) for limit traffic. But all the post appear to state that the default is 0.0.0.0 - 255.255.255.255. But that is not the case for our server. SMSME is catching these erroneous emails and deleting them based on a executable file detection rule.
Our Hub Transport Settings have the following:
192.168.1.0-192.168.1.0
192.168.1.2-192.168.1.255
192.168.1.1 is the default gateway and is not in the above listing.
I did not setup this server and do not have access to the original installer any more. It appears that SMSME is acting as a SMTP gateway as it is blocking the bad traffic. Don't know exactly how SMSME works so I don't know if the port 25 traffic first goes to SMSME and then to exchange or is integrated in some other fashion. It appears based on above that the listing may need to go somewhere else.
How can I accomplish this, given that SMSME is being used in addition to the outside service.
Cliff Galiher
That looks like the client receive connector. There should be another receive connector for receiving internet email.
ASKER
Where would that be. I have only limited exposure to Exchange and Exchange 2010. How do I get to the internet mail connector. This client receive connector is where all the technotes and posts pointed to.
The one I see is at Microsoft Exchange Management Console, Server Configuration, Hub Transport, Default Receive Connector, Properties, Network Tab. Receive mail from remote server with IP screen.
The one I see is at Microsoft Exchange Management Console, Server Configuration, Hub Transport, Default Receive Connector, Properties, Network Tab. Receive mail from remote server with IP screen.
I can't see your screens. You do have to have some BASIC exchange knowledge to do what you want, or you can make things worse and end up with an open relay. If you aren't comfortable, hire a local specialist.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Our mx records only point to the spam filtering company and then the forward to email to our configured static IP address of our router. Outgoing email goes directly to the internet, not through the spam filtering company, spamstopshere.com.
I have basic knowledge but the screen presentation is not what is presented that everyone refers to. It does not have ipv6 or the ipv4 entries. The entries are allowing all local traffic except traffic from the gateway, 192.168.1.1 as can be seen in screen image. Thus, Exchange cannot receive any traffic directly from the internet. If it obviously being passed first to the Symantec Email Server Protection Software and then to Exchange. That is why the Symantec protection is detecting and blocking the email via the enable rule.
However, I would like to just block those emails from ever getting to the System Email protection. Is it possible to accomplish this and at what point. The Default Receive connection is already limiting traffic to only internal port 25 traffic other than from the router.
screencapture.jpg
I have basic knowledge but the screen presentation is not what is presented that everyone refers to. It does not have ipv6 or the ipv4 entries. The entries are allowing all local traffic except traffic from the gateway, 192.168.1.1 as can be seen in screen image. Thus, Exchange cannot receive any traffic directly from the internet. If it obviously being passed first to the Symantec Email Server Protection Software and then to Exchange. That is why the Symantec protection is detecting and blocking the email via the enable rule.
However, I would like to just block those emails from ever getting to the System Email protection. Is it possible to accomplish this and at what point. The Default Receive connection is already limiting traffic to only internal port 25 traffic other than from the router.
screencapture.jpg
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Gary, already showed him where to do that, in my snapshot.
ASKER
Ktcazala, Thanks for the information about how SMSME works. I have worked with other processes that work differently, serving at edge, outside the email server.
Cliff, whether someone is knowledgable is subject to opinion. The person who installed the system was an experienced person but did a very poor and incomplete job. A second person fixed some of his problems but I still had to fix things this individual, also very knowledgable, could or did not fix. I know you cannot see my screens. If asked specific questions I can provide you the information that will assist in resolving this. You said some other connector but did not specify where. I assumed incorrectly that the Default one was the proper one, not the SBS Internet receive one. Gary pointed me in the correct direction.
The SBS Exchange Management Console, Server Configuration, Hub Transport Screen has a top section with a receive connector defined, KSSRV1. See attached image Hub Transport.
In the lower section is a Receive Connectors tab and Anti-spam tab. Under the Receive Connectors tab is 3 connectors and the Anti-spam tab for each of the 3 connectors has nothing configured.
I was previous showing the Default connector KSSRV1. See ksssrv1Default. This one has only local address and excludes the gateway. I looked at the other one based on the comments here and it appears to be what is controlling the access. It is called windows SBS Internet Receive Kssvr1. See SBSInternetReceive-page1 image. It appears to be the correct one. I has the proper HELO name and SBSInternetReceive-page2 image shows 3 lines that cover the full range of IP address.
0.0.0.0-192.168.0.255
192.168.1.1-192.168.1.1
192.168.2.0-255.255.255.25
This is the connector that is facing the outside appears to be the proper one to configure.
What is the purpose of having the gateway, 192.168.1.1 separately
Any idea on what is the reason for the 2 connections. The FQDN of the general tab of the defaultkssrv1 is the local name of the server. It includes all local address with the exception of the gateway
The SBSInternet receive one has all address specified in three segments. Its FQDN is the proper reverse lookup DNS name resolving to the email records. Any reason for including the internal 192.168. addresses and listing them separately
As specified previously, I will need to modify this one so it is limited to the spam filtering companies address. Should I make changes to both or just the SBSInternetReceive connector.
As for the comment on the spam filtering company missing emails, that is not true. These are being send directly to the companies external IP address, bypassing the spam filtering company entirely. I have reviewed headers in the past and they have not gone through the spam filtering company.
hubtransport.jpg
kssrvDefault.jpg
SBSInternetreceive-page1..jpg
SBSInternetreceive-page2..jpg
Cliff, whether someone is knowledgable is subject to opinion. The person who installed the system was an experienced person but did a very poor and incomplete job. A second person fixed some of his problems but I still had to fix things this individual, also very knowledgable, could or did not fix. I know you cannot see my screens. If asked specific questions I can provide you the information that will assist in resolving this. You said some other connector but did not specify where. I assumed incorrectly that the Default one was the proper one, not the SBS Internet receive one. Gary pointed me in the correct direction.
The SBS Exchange Management Console, Server Configuration, Hub Transport Screen has a top section with a receive connector defined, KSSRV1. See attached image Hub Transport.
In the lower section is a Receive Connectors tab and Anti-spam tab. Under the Receive Connectors tab is 3 connectors and the Anti-spam tab for each of the 3 connectors has nothing configured.
I was previous showing the Default connector KSSRV1. See ksssrv1Default. This one has only local address and excludes the gateway. I looked at the other one based on the comments here and it appears to be what is controlling the access. It is called windows SBS Internet Receive Kssvr1. See SBSInternetReceive-page1 image. It appears to be the correct one. I has the proper HELO name and SBSInternetReceive-page2 image shows 3 lines that cover the full range of IP address.
0.0.0.0-192.168.0.255
192.168.1.1-192.168.1.1
192.168.2.0-255.255.255.25
This is the connector that is facing the outside appears to be the proper one to configure.
What is the purpose of having the gateway, 192.168.1.1 separately
Any idea on what is the reason for the 2 connections. The FQDN of the general tab of the defaultkssrv1 is the local name of the server. It includes all local address with the exception of the gateway
The SBSInternet receive one has all address specified in three segments. Its FQDN is the proper reverse lookup DNS name resolving to the email records. Any reason for including the internal 192.168. addresses and listing them separately
As specified previously, I will need to modify this one so it is limited to the spam filtering companies address. Should I make changes to both or just the SBSInternetReceive connector.
As for the comment on the spam filtering company missing emails, that is not true. These are being send directly to the companies external IP address, bypassing the spam filtering company entirely. I have reviewed headers in the past and they have not gone through the spam filtering company.
hubtransport.jpg
kssrvDefault.jpg
SBSInternetreceive-page1..jpg
SBSInternetreceive-page2..jpg
SMSME can work on an edge transport. But SBS 2011 can't separate the edge server from the rest like a standard version of exchange 2010.
I tried changing my receive connector to point to just my spam host and I couldn't receive any e-mails. I had to set it back to 0.0.0.0-255.255.255.255
My headers show that my email came from Google (another e-mail I used to send) thru my spam host.
here's the header info. see snapshot.
can you post one of each of yours.
ScreenCapture.jpg
My headers show that my email came from Google (another e-mail I used to send) thru my spam host.
here's the header info. see snapshot.
can you post one of each of yours.
ScreenCapture.jpg
ASKER
Enclosed is one of our current normal headers. I cannot show you one of the incorrect headers, but I have looked at them previously when they were using groupwise. The emails do not go through the spam filtering company. Symantec currently is defined to delete these emails if they contain executable files, which they do.
mailheader.jpg
mailheader.jpg