• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Blocked IP address from sending e-mail

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> Blocked IP address from sending e-mail Page: [1]
Login
Message << Older Topic   Newer Topic >>
Blocked IP address from sending e-mail - 16.Nov.2007 5:08:55 PM   
jb

 

Posts: 12
Joined: 28.Feb.2002
Status: offline
I have an account with a server that is under a bulk e-mail attach from one IP address (at least that is what is in the headers of the e-mails).  Besides having bigger problems, I thought I could go into Exchange (SBS 2003 Server w/ISA2000 SP2) and disallow the IP addresses from sending mail through the connector.  Unfortunately, that didn't seem to work and I tried restarting all of the exchange services, not just the Virtual connector.

So, is their a filter that I can put into ISA to block this IP from communicating on port 25?  I use a Spam Filtering Service and I thought I could go in and only allow connections from their valid IP addresses, but they have blocks of valid addresses so it became impracticle to input 150 filters, unless there is another way for this in ISA2000.  Would appreciate any help, with specifics of what rule(s) I could put in and where to help stop this spam problem.

Thanks a lot.
Post #: 1
RE: Blocked IP address from sending e-mail - 16.Nov.2007 6:10:00 PM   
AHIT

 

Posts: 1561
Joined: 22.Jul.2002
From: Sydney, Australia
Status: offline
ISA may not be able to help here.
a) Do you have packet filters to a SMTP service on the ISA server itself?
b) or are you publishing an internal SMPT server

Id guess if your running SBS then it'd be a).

If it's a) then you can only define this on the SMTP listener of IIS. ISA is merely saying "yep, I'll let in traffic detined to port 25".. and  can't limit by individual IP addresses. An alternative is you CAN adjust the packet filter rule to allow inbound traffic from any port to port 25 the a SUBNET range, but I suspect the spam solution provider uses multiple upstream providers themselves (most do) so it won't be a single IP range that you can enter. Go to your 'account manager' and ask them. Some I've had experience with in the past have a specific (virtual) machine that sends all your mail to you so it can apply your specific filters/rulesets on the mail it sends/receives.

If it's b) then you can do it within the server publishing rule by "applies to Client address set specific below" and use a client set that is all of the addresses of your spam solution provider - yes, it may be a pain getting all the IP's but this is the only way of you want to limit inbound mail to only that provider! Again, ask you account manager or their helpdesk/customer service.

Hope this helps.

_____________________________

http://www.ahit.com.au/isa
(Previous nick: Tolk)

(in reply to jb)
Post #: 2
RE: Blocked IP address from sending e-mail - 16.Nov.2007 6:37:54 PM   
jb

 

Posts: 12
Joined: 28.Feb.2002
Status: offline
Yes, the spam service company has multiple IP addresses as well as multiple blocks of IP addresses so that is where the problem came about trying to input all of them - not practicle.  I tried setting a filter to Deny port 25 for only the specific IP address, but when I put that into play, it didn't allow e-mail out of the server.  I didn't investigate it much further other than to turn that filter off.

Thanks for your prompt response.

(in reply to AHIT)
Post #: 3
RE: Blocked IP address from sending e-mail - 17.Nov.2007 7:52:03 PM   
AHIT

 

Posts: 1561
Joined: 22.Jul.2002
From: Sydney, Australia
Status: offline
it sounds to me like option a) - with a SMTP service on ISA itself which the forwards to internally.. If you set the IP allow rules on that... but forget to include your internal IP range it might be able to receive mail from "outside" but outgoing mail will fail because the SMTP service isn't allowing connections from your internal mail server!

As far as the 'restrict mail to only come frm your anti-spam provider' - soudns like no easy solutio here. Either enter them all in.... or continue to get some crud. Alternately you could use a black list on your SMTP listener to see what's allowed. I've have good experience wioth orfee (www.vamsoft.com) over the years. Download a trial version and try it!

_____________________________

http://www.ahit.com.au/isa
(Previous nick: Tolk)

(in reply to jb)
Post #: 4
RE: Blocked IP address from sending e-mail - 17.Nov.2007 8:57:00 PM   
jb

 

Posts: 12
Joined: 28.Feb.2002
Status: offline
OK.  I will look into that option.

For now, I think I've been able to have Exchange reject messages from the offending IP address.  Once I put this in, the 4000+ queues that were created stopped growing and within a few hours, all emptied out and regular e-mail worked like it normally would.

Thanks for suggestions and help.

(in reply to jb)
Post #: 5
RE: Blocked IP address from sending e-mail - 19.Nov.2007 3:55:12 AM   
AHIT

 

Posts: 1561
Joined: 22.Jul.2002
From: Sydney, Australia
Status: offline
Glad to hear you've had some success.

_____________________________

http://www.ahit.com.au/isa
(Previous nick: Tolk)

(in reply to jb)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> Blocked IP address from sending e-mail Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts