Home > IT Answers > Security > IP Block
Help

Question

  Asked: Apr 15 2008   6:07 PM GMT
  Asked by: F5mann

IP Block


Perimeter Email Protection, IMP, Exchange 2003

We use Exch 2003 R2 Sp/2 and have IMF configured and working satisfactorily. Our ISP is advising to have our incoming email configured to accept from 1 IP block. The ISP provides us with Perimeter Email Protection (PEP). All email is routed through PEP.Is the suggestion a valid one considering we have IMF configured? Thanks

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
Last Answered: Apr 15 2008  7:00 PM GMT  by Labnuke99




Absolutely! This is a great idea because it shields your servers from receiving inbound messages from non-filtered sources. We use Postini and receive messages only from their IP block. If you do not enable this, someone could attempt directory harvest attacks or even relay attempts across your server.
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Security, AS/400 and Exchange.

Looking for relevant Security Whitepapers? Visit the SearchSecurity.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

F5mann  |   Apr 16 2008  4:39PM GMT

Thank very much for your response. Can you either advise how to set up “accept incoming mail only from a specific IP block or refer me to the appropriate KB? I searched for the KB but did not get any specific instructions on “how to do”

Thanks again>>>>F5mann

 

Labnuke99  |   Apr 17 2008  1:18PM GMT

This is done by whoever maintains your perimeter firewall. The firewall will need to be configured to permit inbound connections on port 25 from the specified IP address range of the PEP servers. The firewall should be configured to drop all other inbound SMTP (port 25) traffic.

 

F5mann  |   Apr 17 2008  9:35PM GMT

The PEP provider does not “firewall” the Exchange server, They hold the MX record and provide spyware and anti virus scanning prior to delivery to the SBS 2003 server. The server is running ISA 2004 integrated into the server OS. I know the negatives of this but I have to work with what I have. So what you are telling me then is: There is no way to configure exchange 2003 to accept email from 1 IP block? The block of IP addresses supplied by the PEP provider. I have to set that up in ISA 2004?

Thanks

 

Labnuke99  |   Apr 18 2008  1:35PM GMT

I understand that the provider does not manage the firewall, that is something someone in your network services organization does or your network provider does for you. They are the ones that you should talk to about this issue. I would recommend putting your Exchange server behind a firewall (like Microsoft ISA) for sure so you can manage the inbound connections and also ensure that outbound SMTP traffic is limited to your authorized e-mail server. There is likely a way to setup the inbound SMTP connector to accept traffic from only a certain IP address range but I do not know that well enough to offer specific guidance on it.

I did a Google search of “restrict inbound smtp by ip exchange 2007″. Some promising links include:

<a href="http://msexchangeteam.com/archive/2005/01/24/359677.aspx" rel="nofollow">http://msexchangeteam.com/archive/2005/01/24/359677.aspx</a>

<a href="http://www.tek-tips.com/faqs.cfm?fid=4295" rel="nofollow">http://www.tek-tips.com/faqs.cfm?fid=4295</a>

<a href="http://exchangepedia.com/blog/2007/01/exchange-server-2007-how-to-allow.html" rel="nofollow">http://exchangepedia.com/blog/2007/01/exchange-server-2007-how-to-allow.html</a>

Please use these resources at your own discretion. I do not know for sure the accuracy of what they suggest or recommend.

 

F5mann  |   Apr 18 2008  6:51PM GMT

Thanks very much for “pointing me in the right direction” …