Using connection filtering

 

Applies to: Forefront Protection for Exchange

You can use the connection filter to block and allow messages that originate from specific IP addresses. The connection filter in Forefront Protection 2010 for Exchange Server (FPE) includes an IP Allow List, an IP Block List, and a proprietary DNS block list (DNSBL) maintained by Microsoft. When an IP address is added to the IP Allow List, e-mail sent from that address bypasses antispam filtering in FPE. When an IP address is added to the IP Block List, e-mail sent from that address is rejected by FPE. When the DNS block list is enabled, FPE checks the IP Address of the connecting MTA against the DNS block list maintained by Microsoft.

Before you begin configuring the connection filtering settings, you need to enable connection filtering.

To enable connection filtering

  1. In the Forefront Protection 2010 for Exchange Server Administrator Console's Policy Management tree view, expand Antispam, and then click Configure.

  2. Select the options you would like to enable in the Options section of the work pane. Your choices include:

    • Enable IP Block List evaluation

    • Enable IP Allow List evaluation

    • Enable Forefront DNSBL checking

      When this option is selected, FPE checks the IP address of the connecting MTA against the DNS block list maintained by Microsoft. FPE blocks messages with matching DNS information. No further configuration is necessary.

    After you have enabled each connection filtering option, you can configure the IP Allow and IP Block Lists.

  3. Click Save at the top of the pane to save your configuration.

Note

The Microsoft Exchange Transport service must be stopped and then started again for changes to this setting to take effect. Do not use the Restart function.

To allow messages from specific IP addresses

  1. In the FPE Administrator Console's Policy Management tree view, expand Antispam, and then click Configure.

  2. In the Antispam - Configure pane, in the Connection filter section, click the Configure Allow/Block Lists button.

  3. In the Configure Allow/Block Lists dialog box, perform the following steps:

    1. Select IP Allow List in the menu bar.

    2. In the IP Address or Range box, enter the IP address or range that you want to add. You must add each IP address or range individually.

    3. In the Expiration box specify the date and time when the entry will expire or leave it set to Never, which is the default setting.

    4. Click Apply to save your changes and enter additional IP addresses or click Apply and Close to save your entry and return to the Antispam - Configure pane. The IP address or range is added to the IP Allow List.

  4. Click Save at the top of the pane to save your configuration.

To block messages from specific IP addresses

  1. In the FPE Administrator Console's Policy Management tree view expand Antispam, and then click Configure.

  2. In the Antispam - Configure pane, in the Connection filter section, click the Configure Allow/Block Lists button.

  3. In the Configure Allow/Block Lists dialog box, perform the following steps:

    1. Select IP Block List in the menu bar.

    2. In the IP Address or Range box, enter the IP address or range that you want to add. You must add each IP address or range individually.

    3. In the Expiration box specify the date and time when the entry will expire or leave it set to Never (The default).

    4. Click Apply to save your changes and enter additional IP addresses or click Apply and Close to save your entry and return to the Antispam - Configure pane. The IP address or range is added to the IP Block List.

  4. Click Save at the top of the pane to save your configuration.

Note   You can edit items in the lists by double-clicking and editing an item, and then pressing ENTER. You can delete items from the lists by selecting an item and clicking Remove. You can also import and export items from lists. For more information, see Importing items into a list and Exporting items from a list.