block incoming outgoing mails except one domain
I am using exchange 2003 standard edition, i would like to block external incoming outgoing mails for all the users except one external domain..can anyone please advise?
Risposte
Hi,
In addition to Vishal, in order to have internal users only able to send to one specific external domain, you could create two SMTP Connector with configuration like below:SMTP Connector A:
Address Space: *
Delivery Restriction: By default, messages from everyone are rejected
SMTP Connector B:
Address Space: domain.com
Delivery Restriction: By default, message from everyone are accepted
Note: You need to apply following registry key in order to have Delivery Restriction to work:
http://technet.microsoft.com/en-us/library/aa998976(EXCHG.65).aspx
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
- Proposto come rispostaV I S H A L giovedì 20 agosto 2009 7.52
- Contrassegnato come rispostaMike Shen venerdì 28 agosto 2009 9.34
I suppose above method would work for all Outbound mails.
SMTP Connector A:
Address Space: *
Delivery Restriction: By default, messages from everyone are rejected
SMTP Connector B:
Address Space: domain.com
Delivery Restriction: By default, message from everyone are accepted
Note: You need to apply following registry key in order to have Delivery Restriction to work:
http://technet.microsoft.com/en-us/library/aa998976(EXCHG.65).aspx
For Inbound mails you can have Connection filtering configured on Message Delivery Properties in Global Settings and configure IP address lists for DENYING e-mail from specified IP Addresses. Specify Subnet masks here. do a math to exclude few IPs from subnet mask and add those IP in Accepted list. i hope this will help.
Thanks.
Vishal Ramnani | MCITP - Exchange 2007 | MCSE Messaging | MCTS - Win 2008 Config- Contrassegnato come rispostaMike Shen venerdì 28 agosto 2009 9.34
- so you mean to say the Exchange server is facing internet and accepting connections..???
if so then have you considered trying IMF connection filtering? i think you can give entire IP range to reject connection and exclude few IPs of that domain from which you want to accept mails.
Its included in Exchange 2003 Service Pack 2. for earlier versions you have to download and install it.
Operation Guide...
http://www.microsoft.com/downloads/details.aspx?FamilyId=B1218D8C-E8B3-48FB-9208-6F75707870C2&displaylang=en
Installing IMF...
http://www.petri.co.il/installing_imf_with_exchange_2003_sp2.htm
Using IMF...
http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF-v2.html
http://www.msexchange.org/tutorials/microsoft-exchange-intelligent-message-filter.html
Thanks.
-Vishal
Vishal Ramnani | MCITP - Exchange 2007 | MCSE Messaging | MCTS - Win 2008 Config- Contrassegnato come rispostaMike Shen venerdì 28 agosto 2009 9.34
Tutte le risposte
- Can you please give us the Topology of Exchange environment?
Thanks.
Vishal Ramnani | MCITP - Exchange 2007 | MCSE Messaging | MCTS - Win 2008 Config - Exchange is installed in a single AD forest with single smtp connector. there is no front end back end technologies.
Thanks. - so you mean to say the Exchange server is facing internet and accepting connections..???
if so then have you considered trying IMF connection filtering? i think you can give entire IP range to reject connection and exclude few IPs of that domain from which you want to accept mails.
Its included in Exchange 2003 Service Pack 2. for earlier versions you have to download and install it.
Operation Guide...
http://www.microsoft.com/downloads/details.aspx?FamilyId=B1218D8C-E8B3-48FB-9208-6F75707870C2&displaylang=en
Installing IMF...
http://www.petri.co.il/installing_imf_with_exchange_2003_sp2.htm
Using IMF...
http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF-v2.html
http://www.msexchange.org/tutorials/microsoft-exchange-intelligent-message-filter.html
Thanks.
-Vishal
Vishal Ramnani | MCITP - Exchange 2007 | MCSE Messaging | MCTS - Win 2008 Config- Contrassegnato come rispostaMike Shen venerdì 28 agosto 2009 9.34
Hi,
In addition to Vishal, in order to have internal users only able to send to one specific external domain, you could create two SMTP Connector with configuration like below:SMTP Connector A:
Address Space: *
Delivery Restriction: By default, messages from everyone are rejected
SMTP Connector B:
Address Space: domain.com
Delivery Restriction: By default, message from everyone are accepted
Note: You need to apply following registry key in order to have Delivery Restriction to work:
http://technet.microsoft.com/en-us/library/aa998976(EXCHG.65).aspx
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
- Proposto come rispostaV I S H A L giovedì 20 agosto 2009 7.52
- Contrassegnato come rispostaMike Shen venerdì 28 agosto 2009 9.34
Yes, a better way without getting into IMF configurations.
SMTP Connector A:
Address Space: *
Delivery Restriction: By default, messages from everyone are rejected
SMTP Connector B:
Address Space: domain.com
Delivery Restriction: By default, message from everyone are accepted
Note: You need to apply following registry key in order to have Delivery Restriction to work:
http://technet.microsoft.com/en-us/library/aa998976(EXCHG.65).aspx
Thanks Mike.
Vishal Ramnani | MCITP - Exchange 2007 | MCSE Messaging | MCTS - Win 2008 Config- Thanks for all your comments on smtp connectors.., But i need sender filtering for except one domain..
I suppose above method would work for all Outbound mails.
SMTP Connector A:
Address Space: *
Delivery Restriction: By default, messages from everyone are rejected
SMTP Connector B:
Address Space: domain.com
Delivery Restriction: By default, message from everyone are accepted
Note: You need to apply following registry key in order to have Delivery Restriction to work:
http://technet.microsoft.com/en-us/library/aa998976(EXCHG.65).aspx
For Inbound mails you can have Connection filtering configured on Message Delivery Properties in Global Settings and configure IP address lists for DENYING e-mail from specified IP Addresses. Specify Subnet masks here. do a math to exclude few IPs from subnet mask and add those IP in Accepted list. i hope this will help.
Thanks.
Vishal Ramnani | MCITP - Exchange 2007 | MCSE Messaging | MCTS - Win 2008 Config- Contrassegnato come rispostaMike Shen venerdì 28 agosto 2009 9.34
- Blocked in Firewall.... :)
Many Thanks for all your replies.
