Announcement

Collapse

Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Only accept connections from Trend Micro ERS?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • stylus277
    started a topic Only accept connections from Trend Micro ERS?

    Only accept connections from Trend Micro ERS?

    Hello,

    We recently started using the Trend Micro Email Reputation Services. We our primary and secondary MX records to point to the Trend Micro servers.

    Now I would like to set Exchange to only accept incoming mail from trend micro where would I find this setting?

    I thing that I want to change the default smtp virtual server properties/access/connection control but not 100% positive.

    Thanks
    Ben

  • AndyJG247
    replied
    Re: Only accept connections from Trend Micro ERS?

    Great, thanks for letting us know.

    Leave a comment:


  • stylus277
    replied
    Re: Only accept connections from Trend Micro ERS?

    I implimented this code yesterday, works perfect.

    Leave a comment:


  • AndyJG247
    replied
    Re: Only accept connections from Trend Micro ERS?

    No probs, obviously you need to test but it should be ok. Have a good day!

    Leave a comment:


  • stylus277
    replied
    Re: Only accept connections from Trend Micro ERS?

    Thanks for the help, it saves me a lot of guess and check on my firewall config.

    Leave a comment:


  • AndyJG247
    replied
    Re: Only accept connections from Trend Micro ERS?

    Yeah, this should do it

    no access-list allow permit tcp any host 216.220.228.115 eq smtp
    access-list allow permit tcp 216.99.131.128 255.255.255.128 host 216.220.228.115 eq smtp
    access-list allow permit tcp 168.61.60.0 255.255.255.128 host 216.220.228.115 eq smtp

    Leave a comment:


  • stylus277
    replied
    Re: Only accept connections from Trend Micro ERS?

    Here is my current acl's on a Pix506e, do I just need to change the first line to say the ip ranges that I want instead of "any"?

    ++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++
    access-list allow permit tcp any host 216.220.228.115 eq smtp
    access-list allow permit tcp any host 216.220.228.115 eq 3389
    access-list allow permit tcp any host 216.220.228.115 eq www
    access-list allow permit tcp any host 216.220.228.115 eq https
    access-list allow permit tcp any host 216.220.228.115 eq 444
    access-list allow permit tcp any host 216.220.228.115 eq 4125
    access-list allow permit tcp any host 216.220.228.115 eq pptp
    access-list allow permit tcp any host 216.220.228.114 eq pptp
    access-list allow permit icmp any host 216.220.228.114 unreachable
    access-list allow permit icmp any host 216.220.228.114 time-exceeded
    access-list allow permit icmp any host 216.220.228.114 echo-reply
    access-list allow permit ip 192.168.16.0 255.255.255.0 192.168.15.0 255.255.255.0
    access-list allow permit tcp any host 216.220.228.115 eq imap4
    access-list 110 permit ip 192.168.16.0 255.255.255.0 192.168.15.0 255.255.255.0
    access-list nonat permit ip 192.168.16.0 255.255.255.0 192.168.15.0 255.255.255.0

    ++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++


    According to Trend I need to allow 216.99.131.128/25, and 168.61.60.0/25

    Thanks

    Leave a comment:


  • AndyJG247
    replied
    Re: Only accept connections from Trend Micro ERS?

    It may be easier just to block it on your firewall to save your server the overheads. If the MX record for your domain points to Trend then just block all port 25 from anyone apart from the IP address(es) they give you. Same as for Message Labs.

    Leave a comment:

Working...
X