Castlewood
asked on
How to lock down the IP addresses allowed to connect to our Exchange 2010 server?
It is possible for an attacker to bypass our Spamtitan protection service by sending emails directly to our Exchange server rather than sending to the host specified by our DNS MX records. I understand there is a way to restrict using firewall. Besides using firewall, can we use the Receive Connectors where we can put the Spamtitan's ip address? It is in the Network tab / "Receive mail form remote servers that have these IP addresses:"
please help.
please help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Potentially could prevent inbound mail flow and communication with other Exchange servers within the organization. In my experience, they have been changes that were made that affected Exchange coexistence and migration projects. In many cases where I've added additional Exchange servers within an organization or performed a migration to Office 365 for a customer, where the receive connectors have been modified, I have had to reset these connectors to default in order to get coexistence working properly.
I understand if a company doesn't have additional Exchange servers, but if the foundation is not stable, neither is the house.
I understand if a company doesn't have additional Exchange servers, but if the foundation is not stable, neither is the house.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank all you guys.
One concern raised while locking down firewall to only allow our spam filter host incoming SMTP traffic to hit our Exchange is: we currently don't route the outgoing mails to the spam filter host. Would that become an issue for our Exchange to be labeled as a spam generator since our Exchange directly sends out mails but don't directly receive mails?
One concern raised while locking down firewall to only allow our spam filter host incoming SMTP traffic to hit our Exchange is: we currently don't route the outgoing mails to the spam filter host. Would that become an issue for our Exchange to be labeled as a spam generator since our Exchange directly sends out mails but don't directly receive mails?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You mentioned "Personally, I would not touch the receive connectors as that could potentially introduce issues for client connectivity."
Can you give an example of the issue caused by changing Receive Connectors please?
Thanks.