Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Restrictions on IP addresses
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
Restrictions on IP addresses - 13.Jan.2004 5:27:00 PM
|
|
|
daslg
Posts: 14
Joined: 13.Jan.2004
From: New York
Status: offline
|
We are setting up an agreement with an outside spam filtering company. I wanted to know where I would go to only accept messages from the IP addresses that the third party provides. Do I do this in Routing Groups or in Protocols? If I specify only those IP adresses, will my internal users still be able to email out or do I have to specify our domain as well. We are also using a Checkpoint firewall which is currently setup to pass email from our ISP to our exchange server.
|
|
|
|
RE: Restrictions on IP addresses - 13.Jan.2004 6:35:00 PM
|
|
|
atguilmette
Posts: 401
Joined: 4.Mar.2003
From: Southfield, MI
Status: offline
|
If you are only going to accept inbound SMTP from your mail gateway, and have a firewall in-between, you won't need to configure anything in Exchange. You can just configure Checkpoint to only allow inbound packets on port 25 (SMTP) from your mail gateway's IP address/range.
|
|
|
|
|
RE: Restrictions on IP addresses - 13.Jan.2004 6:50:00 PM
|
|
|
daslg
Posts: 14
Joined: 13.Jan.2004
From: New York
Status: offline
|
Thanks for the quick response. Yeah I know but my manager wants it at the "network level". I think it's just in case the firewall goes down for some reason. Of course that would be an entirely different problem and I doubt if we'll be worrying about getting spam e-mails.
|
|
|
|
|
RE: Restrictions on IP addresses - 17.Jan.2004 1:05:00 AM
|
|
|
koggen
Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
|
You can configure IP restrictions for the Virtual SMTP Server on Access section of the server's properties. Now, im not sure what you mean by "only accept messages from the IP addresses that the third party provides". Do you intend to receive a list of addresses to accept? Or do you mean that you will route all inbound email through your spam filtering company? In the later case just add the address of their email server. If your local clients connect their Outlook to the Exchange server over RPC then there's no need to add the local ip subnet in the access section. If anyone uses e.g. pop and smtp to receive and send email you must obviously add that subnet as well. If you intend to maintain a list of addresses then I would forget about that! Either it's going to be a very small or very large list, in either cases its gonna cause more trouble than its worth.
Best option is to use an external gateway and only allow access from that gateway (i.e. configure the firewall as atguilmette said).
|
|
|
|
|
RE: Restrictions on IP addresses - 21.Jan.2004 5:00:00 PM
|
|
|
daslg
Posts: 14
Joined: 13.Jan.2004
From: New York
Status: offline
|
Sorry for the late reply. We only want exchange to accept mail from the 3 addresses that the antispam company specifies. The firewall will also be configured to accept from the antispam co. and forward it to exchange. Now under the Access tab would I set them in Relay Restrictions or in Connection Control?
|
|
|
|
|
RE: Restrictions on IP addresses - 21.Jan.2004 5:19:00 PM
|
|
|
koggen
Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
|
Access Control only since you don't want your antispam company to be able to relay through your server. Don't forget to set any other ip addresses or networks that actually need access to your Exchange smtp server.
|
|
|
|
|
RE: Restrictions on IP addresses - 21.Jan.2004 5:38:00 PM
|
|
|
daslg
Posts: 14
Joined: 13.Jan.2004
From: New York
Status: offline
|
Forgive me if this a really stupid question but would I put the AntiSpam company's domain in the default domain line? Or do you mean under Connection control?
|
|
|
|
|
RE: Restrictions on IP addresses - 21.Jan.2004 5:44:00 PM
|
|
|
koggen
Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
|
Under "Connection control", change the default option to "Only the list below" and then add the ip address you have been provided with. Don't use domain name as that's really un-safe. Only put ip addresses you know must and should access the smtp server in the Computers section. I still think it would be better to leave it as it is and instead limit access to your server by using the firewall, but it's your call.
NB! when you change this, any computer which is not on that list can't send email to your server ! You can still send email by using Outlook and RPC, but Outlook Express, other servers etc won't be able to send. Make sure you know what addresses to put in the access control section.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
