Re: Connection Filtering Allow IPs and Exchange 2003 SP2

andrew.schmitt@xxxxxxxxx wrote:

>Under "message delivery | general" we have all of the internal network
>in the "Permimeter IP List and Internal IP Range Configuration".

That's fine. That only affects the SenderID stuff.

>I know
>that IMF and connection filtering are different but in the pre-SP2
>environment, as far as I understood a message was checked against the
>"Global Accept List" under Connection Filtering and if it was on that
>list no other filtering would be applied thereafter, IMF or otherwise.

That's true. I misunderstood the information in your description,
thinking "Exception" rather than "Allow".

>So we have our internal network in there as well.

How have you specified that network? Single addresses or by network?
If by network can you post the address and network mask?

>We can setup one of
>the SMTP virtual servers to not apply the IMF filter but the design
>right now has our perimeter postfix server delivering mail to both
>internal systems in a round-robin fashion to help split up the load as
>well as provide some failover.
>
>Did the filtering process change so this is no longer the case?

No, not that I know of.

Do exception addresses under connection filtering affect Intelligent
Message Filter behavior?
Exception e-mail addresses under connection filtering have no
effect on Intelligent Message Filter behavior.

Does Allow Address under connection filtering affect Intelligent
Message Filter behavior?
IP Allow addresses under connection filtering allows mail to
bypass Intelligent Message Filter, which results in messages that
have no SCL value stamped on them. These messages can be filtered
by Outlook 2003 Junk E-mail rules. Intelligent Message Filter does
not specify an SCL by design because content scanning was actually
bypassed. In this case, setting an SCL of 0 would not be an
accurate value from Intelligent Message Filter.

>Is
>there no way at this point to whitelist IP ranges from IMF scanning as
>there was in the past?

What you're doing should work.

--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@xxxxxxxxxxxxx
Or to these, either: mailto:h.pott@xxxxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxxxx
.

Relevant Pages

  • What are they asking for here? Intei Mess Filter-Sender ID quest
    ... " You can enable Sender ID filtering behind the perimeter of the network. ... you specify the IP addresses of the servers in your internal network ...
    (microsoft.public.windows.server.sbs)
  • RE: FreeBSD router two DSL connections
    ... >> control how traffic goes OUT of your network. ... > filtering is simply wrong. ... el-cheapo DSL routers that are network address translators, ... 7206 VXR's now, any ISP under 10,000 customers can easily ...
    (freebsd-questions)
  • Re: using wireless internet without security
    ... I know that using security (password or Mac-address filtering) is often ... Can virus spread across a wireless network between computers which are ... spreading to you from the internet right now. ...
    (alt.computer.security)
  • RE: Unable to allow Internet Access from ISA Server Machine
    ... So no matter what I do the the Local Host network, ... going to look at the Internal Network for the settings. ... Configuring ISA Server with a Single Network Adapter ...
    (microsoft.public.isaserver)
  • Re: IRC-based Olympic Coverage
    ... >>is why nearly every corporate network in existance ... > While ICS has its place, you are too uninformed to realise that other ... Content filtering will be done ... waste money buying a hardware appliance, ...
    (comp.security.firewalls)