locked
Receive connector scoped to domain and IP? RRS feed

  • Question

  • Can anyone tell me if it would be possible to scope a receive connector such that relaying could only occur if the specified IPs were met (this part is easy) AND the email address is from @xyz.com (no other domain)?

    I have a separate (external) mail system with some of my users that requires authentication and I want to push all mail through my E2k7 box without opening things up more than I have to.  I'm required to whitelist their entire IP range, but would like a "second" factor like my domain name since I control the auth for any @xyz domain on that other system.

    Thursday, September 17, 2015 8:38 PM

Answers

  • Can anyone tell me if it would be possible to scope a receive connector such that relaying could only occur if the specified IPs were met (this part is easy) AND the email address is from @xyz.com (no other domain)?

    I have a separate (external) mail system with some of my users that requires authentication and I want to push all mail through my E2k7 box without opening things up more than I have to.  I'm required to whitelist their entire IP range, but would like a "second" factor like my domain name since I control the auth for any @xyz domain on that other system.

    not on a receive connector, no. You could have a transport rule though. Maybe, if sender ip address match x.x.x.x and senders address is user@domain, then stop processign rules, otherwise reject or some variation of that.

    2007 is pretty old, so you'll have to mess around to see what is possible with the transport rule.


    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    • Marked as answer by Lynn-Li Monday, September 28, 2015 1:59 AM
    Thursday, September 17, 2015 8:45 PM
  • I'm not seeing an intuitive way to do this right off, but will continue to play with the transport rule. Is this something newer versions can definitely do?

    Hi,

    In Exchange 2013, there is a condition "Sender's IP address is in the range" in transport rule to match messages where the sender's IP address falls within the specified ranges.

    But this condition doesn't exist in exchange 2007/2010.

    Best Regards.



    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Lynn-Li
    TechNet Community Support


    • Edited by Lynn-Li Friday, September 18, 2015 9:22 AM
    • Marked as answer by Lynn-Li Monday, September 28, 2015 1:59 AM
    Friday, September 18, 2015 9:22 AM

All replies

  • Can anyone tell me if it would be possible to scope a receive connector such that relaying could only occur if the specified IPs were met (this part is easy) AND the email address is from @xyz.com (no other domain)?

    I have a separate (external) mail system with some of my users that requires authentication and I want to push all mail through my E2k7 box without opening things up more than I have to.  I'm required to whitelist their entire IP range, but would like a "second" factor like my domain name since I control the auth for any @xyz domain on that other system.

    not on a receive connector, no. You could have a transport rule though. Maybe, if sender ip address match x.x.x.x and senders address is user@domain, then stop processign rules, otherwise reject or some variation of that.

    2007 is pretty old, so you'll have to mess around to see what is possible with the transport rule.


    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    • Marked as answer by Lynn-Li Monday, September 28, 2015 1:59 AM
    Thursday, September 17, 2015 8:45 PM
  • I'm not seeing an intuitive way to do this right off, but will continue to play with the transport rule. Is this something newer versions can definitely do?

    Thursday, September 17, 2015 11:03 PM
  • I'm not seeing an intuitive way to do this right off, but will continue to play with the transport rule. Is this something newer versions can definitely do?

    Hi,

    In Exchange 2013, there is a condition "Sender's IP address is in the range" in transport rule to match messages where the sender's IP address falls within the specified ranges.

    But this condition doesn't exist in exchange 2007/2010.

    Best Regards.



    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Lynn-Li
    TechNet Community Support


    • Edited by Lynn-Li Friday, September 18, 2015 9:22 AM
    • Marked as answer by Lynn-Li Monday, September 28, 2015 1:59 AM
    Friday, September 18, 2015 9:22 AM