Hello, I run SBS 2011 which uses Server 2008 R2 and Exchange 2010.
I am using Exchange Online Protection to protect spam from getting to our network.
As is expected spam is getting through still since spammers can send directly to our server using port 25.
So I am trying to figure out how to deny access to this port for all addresses except the following ones:
I can not find the SMTP port under "Windows Firewall with Advanced Security" so I'm not sure how Exchange configured the firewall there.
However, I did try to change the IP ranges in the network tab under the receive connector in the hub transport role of the server configuration. This broke everything, I could no longer get email, I got the following error:
#5.7.1 smtp;530 5.7.1 Client was not authenticated> #SMTP#
I am attaching the file "network_cap_1.JPG" to show what I have before I change anything. "network_cap_2.JPG" shows the EOP IP ranges added and when I add those I get the above error.
I checked the IP that EOP is using to deliver mail to me and that IP currently is 18.104.22.168, so that should be covered by the 22.214.171.124/24 scope, shouldn't it?
Also since I am leaving the default 10.1.1.0-10.1.1.0 & 10.1.1.2-10.1.1.255 entries alone I'm not understanding two things:
1) Why does adding the EOP IPs break everything
2) Why is any email coming in since those IP ranges are local and not external.
Help would be greatly appreciated.