Re: SBS2008 - Exchange 2007 + Connection Control
- From: "Jim" <jim@xxxxxxxxxxxxxxxxxxx>
- Date: Thu, 12 Mar 2009 19:30:58 -0000
Hmm.. PITA ?
Looked that one up in all my manuals...can't see any mention of it in there..??
Lets try Google..
...ah.. procto-gluteus maximus
"Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:%23EnnmNYoJHA.4168@xxxxxxxxxxxxxxxxxxxxxxx
Jim <jim@xxxxxxxxxxxxxxxxxxx> wrote:I hear what you're saying..
But then why not do it in Exchange if the facility is there to do it ?
"Just because you can....doesn't mean you should."
Can you see it causing a problem per se ?
Yes, as it will make troubleshooting a huge PITA. Protect at the perimeter.
Jim.
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:%231TSUZCoJHA.1168@xxxxxxxxxxxxxxxxxxxxxxx
Jim <jim@xxxxxxxxxxxxxxxxxxx> wrote:I've removed the default IP's and entered the external
mail-filtering company's public IP's and our own public IP's and
the local LAN IP's for the copiers etc etc. seems to work OK.
Jim.
Cool, but the fact that you can't do this in your firewall should be
a big red flag that it isn't suitable for use protecting a corporate
network. Get something that can do this and more (you should do this
only on the firewall & not in Exchange). Check out the Sonicwall
offerings.
"Jim" <jim@xxxxxxxxxxxxxxxxxxx> wrote in message
news:gp10i0$1l59$1@xxxxxxxxxxxxxxxxxxxx
That's a good idea..
Hmmm..that said their router/firewall only allows for an address
range or a single address..
Wonder If I can make up multiple rules for port 25.....or several
services..
Hmm..not so on their current router/firewall..
Seems that modifying the options in 'Exchange Management Console'
is the only method open to me at the moment.
Could get them to get another firewall I suppose...ho hum..
Jim.
"Andrew Hodgson" <andrew@xxxxxxxxxxxxxxxxx> wrote in message
news:nsu7r4d42nhs8c65l6j7318rcet8sgega8@xxxxxxxxxxxxxxxxxxxx
On Sun, 8 Mar 2009 15:34:25 -0000, "Jim" <jim@xxxxxxxxxxxxxxxxxxx>
wrote:
Hi,
In SBS 2003 we used to enable Connection Control to only allow
certain permitted IP addresses and ranges.
On SBS2008 am I in the right place when I am looking at:
Microsoft Exchange > Server Configuration > Hub Transport >
Windows SBS Internet Receive [Servername]
Currently this would appear by default to permit connections
from: 0.0.0.0-192.167.255.255
192.168.0.1-192.168.0.1
192.168.1.0-192.168.255.255
Yes, that is where you modify them. However, I would tend to
leave it be on an SBS system, and make the modifications on the
firewall. This has the advantage of blocking the connections
before they even reach the server, so the server doesn't have to
send out any deny message, possibly giving the attacker a notion
that there is some type of SMTP listener on there. It also means
that any wizards that play around with these settings will not
fail. Andrew.
.
- Follow-Ups:
- Re: SBS2008 - Exchange 2007 + Connection Control
- From: Lanwench [MVP - Exchange]
- Re: SBS2008 - Exchange 2007 + Connection Control
- References:
- SBS2008 - Exchange 2007 + Connection Control
- From: Jim
- Re: SBS2008 - Exchange 2007 + Connection Control
- From: Andrew Hodgson
- Re: SBS2008 - Exchange 2007 + Connection Control
- From: Jim
- Re: SBS2008 - Exchange 2007 + Connection Control
- From: Jim
- Re: SBS2008 - Exchange 2007 + Connection Control
- From: Lanwench [MVP - Exchange]
- Re: SBS2008 - Exchange 2007 + Connection Control
- From: Jim
- Re: SBS2008 - Exchange 2007 + Connection Control
- From: Lanwench [MVP - Exchange]
- SBS2008 - Exchange 2007 + Connection Control
- Prev by Date: Re: Disabling SSLv2 in SBS2008
- Next by Date: Re: SBS 2008 Standard OEM - MS has pulled it
- Previous by thread: Re: SBS2008 - Exchange 2007 + Connection Control
- Next by thread: Re: SBS2008 - Exchange 2007 + Connection Control
- Index(es):
Relevant Pages
|
Loading
