RSS Subscription 167 Posts and 2,643 Comments

Exchange 2007/2010 Connection Filtering and Transport Configuration

Connection Filtering Basics (Blocking Connection to the Server)

Many of you know what Connection Filtering is in Exchange. It allows you to control what IPs are allowed and what IPs are blocked.   Taking a look at the following image, we can see exactly what parts of Anti-Spam utilize the connection filtering agent.

In the following image, we can see in what order the anti-spam agents run.

If you utilize the IP Block List, if something is blocked, the connection dies there.  Let’s take a look at the IP Block in action and how the connecting server’s connection is terminated.  For starts, let’s take a look at the connecting machine’s IP.

Let’s make a telnet to the server on port 25.

We see the connection works just fine.  Now, let’s go add the client IP to the IP Block List. To do this, Select IP BlockListRight-Click > Select Properties > Click Add > Enter Client IP Address.

Now let’s try Telneting to the Server over port 25 again.

As we can see, we cannot communicate via port 25 to the SMTP Server anymore due to the connecting IP being on the IP Block List.

Connection Filtering and Non-Exchange SMTP Filtering Appliances/Servers

One of the big things here, is that Connection Filtering happens based on the last untrusted IP Address.  One of the biggest things that are overlooked when using the Exchange or Forefront Connection Filtering Agent is that it is very important for you to enter the trusted SMTP IP Addresses in your organization.

This will need to be done via your Hub Transport Server.  To modify the trusted SMTP IP Addresses in your organization, go to Organization Configuration > Hub Transport > Global Settings > Message Delivery.

It is very important when using Connection Filtering to enter ALL trusted IP Addresses that handle SMTP in the organization.  This includes any type of SMTP Appliance/Server that is sending traffic to Exchange.  This includes Ironport, Sendmail, Barracuda, etc…  The reason why is, the way Connection Filtering works, is that it looks at the sending server’s IP Address and does the lookup on that.  But, let’s say it’s the Edge Transport Server and it’s receiving mail from an Ironport.

Do you really want the Connection Filtering lookup to lookup the Ironport IP?  Of course not, Ironport is an internal server.  Connection filtering ignores any IPs listed in the above Message Delivery list.  This means, if an Exchange Edge server receives mail from an Ironport, if the Ironport IP is on that list, the Exchange Edge will then do a Connection Filteirng lookup on the last untrusted IP which would be the server that sent the mail to the Ironport (that is if the server that sent mail to Ironport is not also another internal device that is on the above list.

So, make sure you add all trusted IPs (Exchange and non-Exchange that are handling SMTP) internal to your organization to make sure Connection Filtering is working as it should be.

Share

5 Responses to “Exchange 2007/2010 Connection Filtering and Transport Configuration”

  1. [...] This post was mentioned on Twitter by John A Cook, Elan Shudnow. Elan Shudnow said: Exchange 2007/2010 Connection Filtering and Transport Configuration http://bit.ly/augZw7 [...]

  2. on 31 Oct 2010 at 6:50 pmDrew

    I have found that in Exchange 2010, it is checking all IPs resulting in tons of email being blocked due to client IPs being blacklisted. Very annoying and pretty much useless.

  3. on 22 Feb 2011 at 8:03 amRyan

    Email filtering can be very tricky and pointless. Our firms spend thousands of dollars on this and it did not give us the result we were looking for. We tried several different types of software and still the same-not what we were looking for. It is very important to allow your trusted sites and addresses when operating and using these filtering software systems. If not, you will not receive important business emails that are essential for operation.

  4. on 12 Feb 2013 at 5:50 amboomboom123

    My husband cheated on me,I found out by going through his computer and saw emails I confronted him and he told me nothing happened. After a long time. I forgave him but never forgot,within two months everything started again but with different woman actually its more than one woman, I don't know what to do now,we have three small kids http://www.myboyfriendcheated.com/

  5. on 12 Feb 2013 at 5:50 amboomboom123

    My husband cheated on me,I found out by going through his computer and saw emails I confronted him and he told me nothing happened. After a long time. I forgave him but never forgot,within two months everything started again but with different woman actually its more than one woman, I don't know what to do now,we have three small kids
    My Boyfriend Cheated On Me

Trackback this post | Feed on Comments to this post

Leave a Reply