Exchange IP whitelisting

Hello experts,

I have a client who is looking to white-list IP addresses, for some reason.

After some reading, it seems like we can white-list IPs in Exchange through Receive connector or using IP list providers as per link below

My client does not have edge server, instead has multiple HUBs cas, and MBXs in a DAG, a relay server [third party application]

As per link above, MS does not recommend to apply list providers on HUBs,

Can you please indicate all steps to whitelist IP addresses in Exchange 2010 using both methods, and  indicate your preferred one? what are the best practices for companies that do not have edge servers

What about the scenario for EXCHANGE 2013 servers? 2 CAS/ 2MBX in a DAG

Please, consider both exchange versions, and all options to white-list IP addresses, pros and cons
Jerry SeinfieldAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Thomas GrassiSystems AdministratorCommented:
Yes with Exchange you must use EMC or shell commands

I installed ORF Fusion on my Exchange 2010 server

That whitelists email addresses ip addresses ip address range domain name etc

Very nice product

check it out
Radhakrishnan RSenior Technical LeadCommented:

You need to either contact the other domain owners (who is rejecting your mails) and send a request to unblock your IP or you need to change your exchange server's IP address.
Jian An LimSolutions ArchitectCommented:
just to summary your question

1. you want to know to whitelist using receive connector and IP provider.

receiveconnector method
IP provider method
install antispam on hub then follow IP Allow List section

2. you want to know which one prefered for exchange environment without edge server.
OK. this is a design question.
Without knowing the full picture, it is very hard to recommend something.
I will first ask what is your inbound strategic? what is your antispam strategic?
 if you don't have any then you don't worry about them.

the best recommendation is actually have a 3rd party edge outside your environment. (, symantec cloud or others)
Reason why? because the 3rd party provide MX redundancy, and you are hiding your MX record from the public.

Even given you have 2 hub/CAs server, you don't have 2 seperate IP address (which i assume), so there are single point of failure. let's say you have 2 seperate IP address, do they using 2 seperate modem? (another singapore point of failure)

Further, when there is a mail relay attack, your MX record is not being published to internet so no one will able to hit you directly. further, you always trust a range IP address, i.e. IP from the provider. so you will be much safer.

Again, other consideration like the SPAM and virus are taken care before it reach your network, internet usage will be lower (you don't need to receive the whole email before you reject it and etc)

Some will say install an on-premise solution (which plentiful as well), but the idea is your exchange server  will not be your 1st hop in from internet.

Of course, this is one of the general recommendation, it might not suit your case

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.