Google
Search WWW Search msexchangetips.blogspot.com

Tuesday, August 22, 2006

Exchange: Block Host IP From Sending E-Mail

Summary:

You identify a malicious host IP and wish to block all messages orginating from this host. For example Host A is sending a large volume of emails to your Exchange server. You want to block A's email IP address. If A resides in your Exchange
Organization, A and your recipients will be MAPI clients. If A is a remote host from Internet, your recipients will be POP3 or IMAP4 clients.


Circumstance One
===============
If A is an internal client which resides in the same LAN, and you set
Routing Group Connector to allow mail flow between two different sites,
A will send email via the corresponding RGC. At this circumstance, you
need to restrict the RGC to prevent A from sending email. If you set a
SMTP Connector but not RGC, A will send email via the corresponding SMTP
Virtual Server. At this circumstance, you need to restrict the SMTPVS to
prevent A from sending email.

Circumstance Two
===============
If A is an external client which comes from Internet, and you set SMTP
Virtual Server to allow mail flow between your Exchange Organization and
Internet, A will establish a SMTP session to your SMTPVS in order to
send emails to your Exchange Server. At this circumstance, you need to
set the connection control on your SMTPVS to prevent A from sending
email.

Note: You should disable the opening relay first.

Understanding the above information, we can perform the following steps
to block A's email IP address:


Circumstance with RGC, let's set the connection restriction on
RGC:
------------------------------------------------------------------------
1. Open ESM, locate to Administrative Group\First Administrative
Group\Routing Groups\First Routing Group\Connectors.

2. In the right pane, right-click on a RGC, and open the "Properties"
page.

3. Click the "General" tab, and then choose "These servers can send
mail over this connector".

4. Click Add button, and then select your Exchange server with
"Default SMTP Virtual Server".

5. Click OK to add the server into the list.

6. Click OK to save the changes.

7. Configure the Connection Control on your SMTP Virtual Server to block User "A"

8. Restart the SMTP service and Exchange Routing Engine service.


Circumstance with SMTP Connector, let's set the connection
restriction on SMTP Connector:
------------------------------------------------------------------------

1. Open ESM, locate to Administrative Group\First Administrative
Group\Routing Groups\First Routing Group\Connectors.

2. In the right pane, right-click on a SMTPC, and open the
"Properties" page.

3. On the "General" page, click "Add" button to add your Exchange
server with "Default SMTP Virtual Server" as a Local Bridgehead.

4. Click OK to save the changes.

5. Configure the Connection Control on your SMTP Virtual Server as I
mentioned in my previous email.

6. Restart the SMTP service and Exchange Routing Engine service.


To Circumstance with SMTP Virtual Server, let's just set the
connection restriction on SMTPVS:
------------------------------------------------------------------------

1. Open ESM, locate to Administrative Group\First Administrative
Group\Servers\Protocols\SMTP.

2. Right-click "Default SMTP Virtual Server", and open the
"Properties" page.

3. Choose the "Access" tab, and then click "Connection" button of the
"Connection control" box.

4. Select "All except the list below", click Add button.

5. Select "Single computer", and then put the host IP address in the
"IP address" blank.

6. Click OK to save the changes.

7. Restart the SMTP service and Exchange Routing Engine service.


James Chong
MCSE M+, S+, MCTS, Security+
msexchangetips.blogspot.com


How useful was this article? Want to see a tip not listed? Please leave a comment.

2 Comments:

Anonymous Anonymous said...

Cool blog as for me. It would be great to read more concerning this matter. The only thing your blog needs is a few pictures of some devices.
John Watcerson
Phone jammer

3:10 AM  
Blogger longge said...

replica handbags an icon of Hollywood celebrity and the phrase "Sunset Boulevard" is enduring shorthand for the glamour associated with Tinsel town. Called as Sunset Boulevard, designer replica handbags may expect this purse would become one of the most popular designer handbags in fashion stage. So, fashion aficionados, has designer bags enchanted you?

5:40 PM  

Post a Comment

<< Home

xml:lang="en" lang="en"> MS Exchange Tips: Exchange: Block Host IP From Sending E-Mail