Restricting Access to your Mail Server

It's possible for spammers to bypass your MX records and send emails directly to your mail server, rendering anti-spam filtering useless. To avoid direct spam you need to make sure only our IPs can communicate to your mail server. This restriction can be implemented either at the mail server, firewall, or router level. This all depends on your infrastructure.

Make sure that all your domains are added to our filtering service and MX have been changed to our filters before making these modifications. 

You can find our complete list of IP addresses by viewing the Related Articles.

Microsoft Exchange 2013

Exchange 2013 uses a web-based interface called Exchange Admin Center (EAC). From the EAC, do the following:

1

Select mail flow →  receive connectors.

2

Select Default Frontend [servername] and click the edit icon.

3

On the Default Frontend [servername] select the scoping option and then select the default IP address range (0.0.0.0-255.255.255.255) and click the remove icon.

4

Click on the add icon to add all our IPs (see Related Articles) and then save.

Microsoft Exchange 2007 & 2010

1

Open the Exchange Management Console.

2

Go to Server Configuration →  Hub Transport →  Default Receive Connector →  Properties →  Network tab.

3

You will see a section that says Receive mail from remote servers that have these IP addresses.

4

Remove the default rule for 0.0.0.0 to 255.255.255.255.

5

Add all our IPs (see Related Articles).

6

Stop and restart the MSExchangeTransport service.

Microsoft Exchange 2003

1

In Exchange System Manager, expand the following object: Servers →  [ servername ] →  Protocols →  SMTP

2

Right-click the virtual SMTP server where you want to restrict inbound IPs, and then click Properties.

3

Click the Access tab, and then Connection.

4

Enable the Only the list below option and add all our IPs (see Related Articles).

5

Restart Exchange to activate your changes.

Access Restrictions for Google Apps

Instructions for Google hosting

Configuring our filtering with Google hosting requires a few extra steps that must be executed after you change your MX records. Google's instructions can be found here. You can find a shortened and adapted version below.

Google's Inbound Gateway Instructions

1

Update your domain’s MX records to point to our filters.

2

Sign in to the Google Admin console.

3

From the dashboard, go to Apps →  G Suite →  Gmail →  Advanced settings.

4

In the Organizations section, highlight your domain (top-level org).

5

Scroll down to Inbound gateway.

6

Hover the cursor to the right of Inbound gateway. To create a new inbound gateway setting, click Configure. To edit an existing setting, click Edit.

7

Under Gateway IPs, enter the IP address/range for each gateway:

8

Click Add.

9

Enter all our IPs (see Related Articles).

10

Click Save.

11

Check the following box to ensure that spammers do not bypass filtering:  Reject all mail not from gateway IPs — If you check this box, G Suite doesn’t accept mail from anywhere other than your inbound gateway.

12

Click Save changes at the bottom of the Gmail settings page.

If your emails are hosted on a provider that hosts several domains on the same server, they will likely not be able to restrict incoming email traffic and thus be unable to block direct spam. You may need to contact your provider to check what can be done.

The service provider could offer to close port 25 and open another port to handle SMTP traffic. This solution can be used even if the service provider hosts several customers on the same server because it is often possible to change the SMTP port on a per-domain basis. If this solution is used, the port change must be coordinated with us so that email can be properly delivered. 

If all else fails and your service provider is unable to offer any solutions, we will be unable to prevent any direct spam from being sent directly to you unless the situation changes.