Configuring Connection Filtering

  • Article

 

Connection filtering blocks messages based on the Internet Protocol (IP) address of the connecting SMTP server. For connection filtering, you can configure connection filtering rules, configure exceptions, and configure global accept and deny lists.

Configuring Connection Filtering Rules

You can subscribe to a third-party block list provider and configure a connection filtering rule that checks against the provider's list of specific IP addresses. For detailed instructions, see How to Configure a Connection Filtering Rule.

Note

Specific configuration of connection filtering rules is dependent upon the block list provider.

Configuring Exceptions

You can specify whether specific SMTP addresses in your organization are allowed to receive messages from blocked IP addresses. For example, a connection filtering rule blocks a legitimate organization from sending mail to your organization. By entering your postmaster address as an exception to this connection filtering rule, an administrator from the legitimate organization can send an e-mail message to the postmaster in your organization to determine why his or her organization is blocked from sending mail. For detailed instructions, see How to Create a List of Exceptions to Connection Filtering Rules.

Configuring Global Accept and Deny Lists

If you either always want to accept mail or reject mail from specific IP addresses, you can configure a global accept or deny list. For detailed instructions, see How to Create Either a Global Accept or Deny List.

  • Global accept list This list contains all the IP addresses from which you always want to accept mail. Exchange checks this list before checking any other filters. If the connecting server's IP address appears on the global accept list, Exchange automatically accepts the mail and does not check any additional filters.

  • Global deny list This list contains all the IP addresses from which you always want to reject mail. Exchange checks this list immediately after checking the global accept list. If an IP address appears on the global deny list, Exchange automatically rejects the mail and does not check any additional filters.