Re: HELP - Exchange & Cisco 1700 Lockdown from SPAM
- From: Mickie <mickiemellott@xxxxxxxxx>
- Date: Fri, 30 May 2008 10:48:18 -0700 (PDT)
On May 30, 12:58 pm, Trendkill <jpma...@xxxxxxxxx> wrote:
On May 30, 9:50 am, mickiemell...@xxxxxxxxx wrote:
Hello everyone,
I want to thank everyone in advance for any information you provide.
I'm going to be as straigh forward as possible and give as much
detail
as possible.
We are running Windows 2000 SBS with Exchange and I have recently
moved my SPAM scanning externally outside of our building, through a
third-party SPAM scanning company called SpamSoap.
The issue that I am having foolows:
The scanner is working correctly and stopping almost all of the SPAM.
However, someone is directly mailing to our IP address; as our IP is
static we can not change it. SpamSoap recommends locking down our
exchange server to only except mail from a certain IP range they give
us. This is the problem, I don't know how to put these IP addresses
into exchange, and/or my Cisco 1700 router.
Does anyone know how to complete this? Is this true and possible to
be done?
Thanks again for looking and giving any thoughts you might have!
Mickie
I think you are asking how to ACL off SMTP from everywhere except the
IP-range of your 3rd party provider. You would do this by creating an
access-list on the router that allows SMTP (port 25) from your SPAM
filter and nothing else. I would need more information on how exactly
this spam filter works (is your email domain pointed/owned by their
servers and whatever passes the filter is sent on to your specific
mail server, or is something else going on). But here is an example
of an ACL:
access-list 101 permit tcp any host a.b.c.d eq smtp
access-list 101 deny tcp any any eq smtp
You would then apply that ACL to your external interface on your
router:
int <interface>
ip access-group 101 in
Again, I would strong discourage doing anything until you have a
complete understanding of the flow of traffic (in this case mail) with
your 3rd party provider. The last thing you want is an email
outage......- Hide quoted text -
- Show quoted text -
Thank you very much for your input... here the flow of traffic and
additional information you requested:
Our DNS records (through GoDaddy) point/redirect the mail to their
servers where it is checked for SPAM and then their (spamsoap)
server's send the mail on top our IP Address/mail server.
Spamsoap has provided a block of IP addresses to allow within the
router.
I need to set these up because spammers are bypassing the scanner and
mailing directing to our mail server.
I'm pretty sure that what you are saying is what I need, I'm just not
sure how to go about setting it up within the 1700.
Thank you again for your help,
Mickie
.
- Follow-Ups:
- Re: HELP - Exchange & Cisco 1700 Lockdown from SPAM
- From: Trendkill
- Re: HELP - Exchange & Cisco 1700 Lockdown from SPAM
- References:
- HELP - Exchange & Cisco 1700 Lockdown from SPAM
- From: mickiemellott
- Re: HELP - Exchange & Cisco 1700 Lockdown from SPAM
- From: Trendkill
- HELP - Exchange & Cisco 1700 Lockdown from SPAM
- Prev by Date: Re: HighQueueDropRate on 8** series
- Next by Date: Re: HELP - Exchange & Cisco 1700 Lockdown from SPAM
- Previous by thread: Re: HELP - Exchange & Cisco 1700 Lockdown from SPAM
- Next by thread: Re: HELP - Exchange & Cisco 1700 Lockdown from SPAM
- Index(es):
Relevant Pages
|
