Re: SBS2008 - Exchange 2007 + Connection Control
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 12 Mar 2009 17:42:36 -0400
Jim <jim@xxxxxxxxxxxxxxxxxxx> wrote:
Hmm.. PITA ?
Looked that one up in all my manuals...can't see any mention of it in
there..??
Lets try Google..
..ah.. procto-gluteus maximus
;-)
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:%23EnnmNYoJHA.4168@xxxxxxxxxxxxxxxxxxxxxxx
Jim <jim@xxxxxxxxxxxxxxxxxxx> wrote:
I hear what you're saying..
But then why not do it in Exchange if the facility is there to do
it ?
"Just because you can....doesn't mean you should."
Can you see it causing a problem per se ?
Yes, as it will make troubleshooting a huge PITA. Protect at the
perimeter.
Jim.
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:%231TSUZCoJHA.1168@xxxxxxxxxxxxxxxxxxxxxxx
Jim <jim@xxxxxxxxxxxxxxxxxxx> wrote:
I've removed the default IP's and entered the external
mail-filtering company's public IP's and our own public IP's and
the local LAN IP's for the copiers etc etc. seems to work OK.
Jim.
Cool, but the fact that you can't do this in your firewall should
be a big red flag that it isn't suitable for use protecting a
corporate network. Get something that can do this and more (you
should do this only on the firewall & not in Exchange). Check out
the Sonicwall offerings.
"Jim" <jim@xxxxxxxxxxxxxxxxxxx> wrote in message
news:gp10i0$1l59$1@xxxxxxxxxxxxxxxxxxxx
That's a good idea..
Hmmm..that said their router/firewall only allows for an address
range or a single address..
Wonder If I can make up multiple rules for port 25.....or several
services..
Hmm..not so on their current router/firewall..
Seems that modifying the options in 'Exchange Management Console'
is the only method open to me at the moment.
Could get them to get another firewall I suppose...ho hum..
Jim.
"Andrew Hodgson" <andrew@xxxxxxxxxxxxxxxxx> wrote in message
news:nsu7r4d42nhs8c65l6j7318rcet8sgega8@xxxxxxxxxxxxxxxxxxxx
On Sun, 8 Mar 2009 15:34:25 -0000, "Jim"
<jim@xxxxxxxxxxxxxxxxxxx> wrote:
Hi,
In SBS 2003 we used to enable Connection Control to only allow
certain permitted IP addresses and ranges.
On SBS2008 am I in the right place when I am looking at:
Microsoft Exchange > Server Configuration > Hub Transport >
Windows SBS Internet Receive [Servername]
Currently this would appear by default to permit connections
from: 0.0.0.0-192.167.255.255
192.168.0.1-192.168.0.1
192.168.1.0-192.168.255.255
Yes, that is where you modify them. However, I would tend to
leave it be on an SBS system, and make the modifications on the
firewall. This has the advantage of blocking the connections
before they even reach the server, so the server doesn't have to
send out any deny message, possibly giving the attacker a notion
that there is some type of SMTP listener on there. It also
means that any wizards that play around with these settings
will not fail. Andrew.
.
- References:
- SBS2008 - Exchange 2007 + Connection Control
- From: Jim
- Re: SBS2008 - Exchange 2007 + Connection Control
- From: Andrew Hodgson
- Re: SBS2008 - Exchange 2007 + Connection Control
- From: Jim
- Re: SBS2008 - Exchange 2007 + Connection Control
- From: Jim
- Re: SBS2008 - Exchange 2007 + Connection Control
- From: Lanwench [MVP - Exchange]
- Re: SBS2008 - Exchange 2007 + Connection Control
- From: Jim
- Re: SBS2008 - Exchange 2007 + Connection Control
- From: Lanwench [MVP - Exchange]
- Re: SBS2008 - Exchange 2007 + Connection Control
- From: Jim
- SBS2008 - Exchange 2007 + Connection Control
- Prev by Date: Re: Big problem with Vista clients
- Next by Date: Re: Outlook Vs Outlook Anywhere
- Previous by thread: Re: SBS2008 - Exchange 2007 + Connection Control
- Next by thread: SBS 2008 - Exchange problems - A lot of mail, receiving problems
- Index(es):
Relevant Pages
|
