I have implemented a new Exchange 2007 server running on Server 2008 in our domain. We previously used Exchange 2003 running on Server 2003 and I had locked the Default SMTP Connector down so that it would only accept message from a range of IP addresses provided by MX Logic. For those who don't know, MX Logic provides spam filtering services, like Postini.
I have added the MX Logic IP addresses to the IP Allow List under Server Configuration > Hub Transport. My question is, how do I tell the Exchange server to deny messages from all other IP addresses that are not explicitly defined in the IP Allow List?
If it matters, this server is the Client Access Server and Hub Transport server. We do not have an Edge Transport server in the organization.
I think I went the wrong way with the previous answer.
Setup a receive connector on your Hub that allows anonymous connection (presumable this is done if you are receiving mail though MX Logic). If you are using only one receive connector, then you will need to create a new one - one which allows anonymous users and the other which does not.
On the properties of that anonymous receive connector, go to the Network tab and edit the field "Receive mail from remote servers that have these IP addresses:".
Add only MX Logic IPs in there, and possibly any boxes on your local network that need to send SMTP with unauthenticated connections.
Set the Block List Range from 0.0.0.0-255.255.255.255. It will ignore everything in the Allow List. Just make sure you include your internal network in the allow list.
Is there a reason you do not have an Edge Transport? That has the integrated IP Block / Allow list functionality built in to it.
If you want to stay without it, you can always add a set of firewall rules for TCP/25 inbound to the Windows Server 2008 firewall (which is VERY nice, relative to previous built in firewalls).