IP Block

35 pts.
Tags:
Exchange 2003
IMP
Perimeter Email Protection
We use Exch 2003 R2 Sp/2 and have IMF configured and working satisfactorily. Our ISP is advising to have our incoming email configured to accept from 1 IP block. The ISP provides us with Perimeter Email Protection (PEP). All email is routed through PEP.Is the suggestion a valid one considering we have IMF configured? Thanks

Answer Wiki

Thanks. We'll let you know when a new response is added.

Absolutely! This is a great idea because it shields your servers from receiving inbound messages from non-filtered sources. We use Postini and receive messages only from their IP block. If you do not enable this, someone could attempt directory harvest attacks or even relay attempts across your server.

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • F5mann
    Thank very much for your response. Can you either advise how to set up "accept incoming mail only from a specific IP block or refer me to the appropriate KB? I searched for the KB but did not get any specific instructions on "how to do" Thanks again>>>>F5mann
    35 pointsBadges:
    report
  • Labnuke99
    This is done by whoever maintains your perimeter firewall. The firewall will need to be configured to permit inbound connections on port 25 from the specified IP address range of the PEP servers. The firewall should be configured to drop all other inbound SMTP (port 25) traffic.
    32,960 pointsBadges:
    report
  • F5mann
    The PEP provider does not "firewall" the Exchange server, They hold the MX record and provide spyware and anti virus scanning prior to delivery to the SBS 2003 server. The server is running ISA 2004 integrated into the server OS. I know the negatives of this but I have to work with what I have. So what you are telling me then is: There is no way to configure exchange 2003 to accept email from 1 IP block? The block of IP addresses supplied by the PEP provider. I have to set that up in ISA 2004? Thanks
    35 pointsBadges:
    report
  • Labnuke99
    I understand that the provider does not manage the firewall, that is something someone in your network services organization does or your network provider does for you. They are the ones that you should talk to about this issue. I would recommend putting your Exchange server behind a firewall (like Microsoft ISA) for sure so you can manage the inbound connections and also ensure that outbound SMTP traffic is limited to your authorized e-mail server. There is likely a way to setup the inbound SMTP connector to accept traffic from only a certain IP address range but I do not know that well enough to offer specific guidance on it. I did a Google search of "restrict inbound smtp by ip exchange 2007". Some promising links include: http://msexchangeteam.com/archive/2005/01/24/359677.aspx http://www.tek-tips.com/faqs.cfm?fid=4295 http://exchangepedia.com/blog/2007/01/exchange-server-2007-how-to-allow.html Please use these resources at your own discretion. I do not know for sure the accuracy of what they suggest or recommend.
    32,960 pointsBadges:
    report
  • F5mann
    Thanks very much for "pointing me in the right direction" ...
    35 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following