June 2005
Intermediate to advanced
464 pages
13h 2m
English
You need to maintain the connection restriction, relay restriction, and global accept/deny lists on your Exchange servers.
Use the SMTP Internet Protocol Restriction and Accept/Deny List Configuration Tool (ExIpSecurity). You can download it from:
| http://www.microsoft.com/downloads/details.aspx?familyid=dcce0536-7edc-40b4-9950-8b6906abda2d&displaylang=en |
To add an IP address to the connection restriction list:
> cscript ipsec.vbs -d<DC>-s<server>-i<VSnum>-o a -r connection -v<IPaddress>
Example:
> cscript ipsec.vbs -dDC01-sEXCH01-i1-o a -r connection -v192.168.0.1
To add a domain to the relay restriction list:
> cscript ipsec.vbs -d<DC>-s<server>-i<VSnum>-o a -r relay -t domain -v<domain>
Example:
> cscript ipsec.vbs -dDC01-sEXCH01-i1-o a -r relay -t domain -vcontoso.com
To grant connection access to all IP addresses or domains except the list specified:
> cscript ipsec.vbs -s<server>-i<VSnum>-o s -r connection -g grant -d<DC>
Example:
> cscript ipsec.vbs -sEXCH01-i1-o s -r connection -g grant -d DC01
To delete a range of IP addresses from the relay restriction list:
> cscript ipsec.vbs -s<server>-i<VSnum>-o d -r relay -v<IPaddress>-m<mask>-d <DC>
Example:
> cscript ipsec.vbs -sEXCH01-i1-o d -r relay -v192.168.0.1 -m 255.255.255.0 -d DC01
To add a single entry to the global accept/deny list (Exchange Server 2003 only):
> cscript ipsec.vbs -d <DC> ...