I have an account with a server that is under a bulk e-mail attach from one IP address (at least that is what is in the headers of the e-mails). Besides having bigger problems, I thought I could go into Exchange (SBS 2003 Server w/ISA2000 SP2) and disallow the IP addresses from sending mail through the connector. Unfortunately, that didn't seem to work and I tried restarting all of the exchange services, not just the Virtual connector.
So, is their a filter that I can put into ISA to block this IP from communicating on port 25? I use a Spam Filtering Service and I thought I could go in and only allow connections from their valid IP addresses, but they have blocks of valid addresses so it became impracticle to input 150 filters, unless there is another way for this in ISA2000. Would appreciate any help, with specifics of what rule(s) I could put in and where to help stop this spam problem.
From: Sydney, Australia
ISA may not be able to help here. a) Do you have packet filters to a SMTP service on the ISA server itself? b) or are you publishing an internal SMPT server
Id guess if your running SBS then it'd be a).
If it's a) then you can only define this on the SMTP listener of IIS. ISA is merely saying "yep, I'll let in traffic detined to port 25".. and can't limit by individual IP addresses. An alternative is you CAN adjust the packet filter rule to allow inbound traffic from any port to port 25 the a SUBNET range, but I suspect the spam solution provider uses multiple upstream providers themselves (most do) so it won't be a single IP range that you can enter. Go to your 'account manager' and ask them. Some I've had experience with in the past have a specific (virtual) machine that sends all your mail to you so it can apply your specific filters/rulesets on the mail it sends/receives.
If it's b) then you can do it within the server publishing rule by "applies to Client address set specific below" and use a client set that is all of the addresses of your spam solution provider - yes, it may be a pain getting all the IP's but this is the only way of you want to limit inbound mail to only that provider! Again, ask you account manager or their helpdesk/customer service.
Yes, the spam service company has multiple IP addresses as well as multiple blocks of IP addresses so that is where the problem came about trying to input all of them - not practicle. I tried setting a filter to Deny port 25 for only the specific IP address, but when I put that into play, it didn't allow e-mail out of the server. I didn't investigate it much further other than to turn that filter off.
From: Sydney, Australia
it sounds to me like option a) - with a SMTP service on ISA itself which the forwards to internally.. If you set the IP allow rules on that... but forget to include your internal IP range it might be able to receive mail from "outside" but outgoing mail will fail because the SMTP service isn't allowing connections from your internal mail server!
As far as the 'restrict mail to only come frm your anti-spam provider' - soudns like no easy solutio here. Either enter them all in.... or continue to get some crud. Alternately you could use a black list on your SMTP listener to see what's allowed. I've have good experience wioth orfee (www.vamsoft.com) over the years. Download a trial version and try it!
For now, I think I've been able to have Exchange reject messages from the offending IP address. Once I put this in, the 4000+ queues that were created stopped growing and within a few hours, all emptied out and regular e-mail worked like it normally would.