Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-08-21
This topic explains how to use the Exchange Management Console or the Exchange Management Shell to add IP addresses to the IP Allow list and IP Block list for connection filtering in Microsoft Exchange Server 2007. The Connection Filter agent is an anti-spam agent that is enabled on computers that have the Edge Transport server role installed.
IP Block lists and IP Allow lists are administrator-defined lists that specify IP addresses and IP address ranges that are acted on by the Connection Filter agent. The Connection Filter agent disconnects the Simple Mail Transfer Protocol (SMTP) session after all MAIL FROM: headers in the message are processed if the following conditions are true:
- The Edge Transport server is connected directly to the
Internet.
- An originating IP address matches an IP address or IP address
range on the IP Block list.
When an originating IP address matches an IP address or IP address range on the IP Allow list, the Connection Filter agent sends the message to the destination without additional processing by other anti-spam agents.
You can also specify a day and time when the IP Block list entry that you create will expire. If you specify a time only, and not a date, the current day is assumed. When you enter a specific date, use the short date format that is defined in the Regional Options settings that are configured on the local computer. For example, if your computer is configured to use the short date format mm/dd/yyyy hh:mm:ss, to set the expiration time at 11:00 A.M. January 3, 2007, enter the following information, enclosed in double quotation marks: "1/3/2007 11:00".
Before You Begin
To perform the following procedures on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.
Also, before you perform these procedures, confirm the following:
- You have reviewed Anti-Spam and Antivirus
Functionality to understand the general strategy for
configuring all anti-spam agents so that they work together
efficiently for your organization.
- You have read Configuring Connection
Filtering.
Procedure
The steps in this section specifically refer to adding IP addresses to the IP Block list. However, the concepts for adding IP addresses to the IP Allow list are the same for the IP Block list. You can apply these steps to the IP Allow list.
Note: |
---|
In Exchange 2007 Service Pack 1 (SP1), you manage the IP Allow list and IP Block list on the Anti-Spam tab of the Hub Transport node under Server Configuration in the Exchange Management Console. You manage other anti-spam agent functionality, such as enabling and disabling the IP Allow lists and IP Block lists, and IP Allow List providers and IP Block List providers on the Anti-Spam tab of the Hub Transport node under Organization Configuration in the Exchange Management Console. |
To use the Exchange Management Console to add IP addresses to the IP Block list
-
In the Exchange Management Console, click Edge Transport.
-
In the work pane, click the Anti-Spam tab, and then select IP Block List.
-
In the action pane, click Properties, and then click the Blocked Addresses tab.
-
Click the drop-down arrow on the Add button, and select one of the following options:
- IP Address To add an IP address and
subnet mask by using classless interdomain routing (CIDR), use the
following format: 192.168.0.1/24.
- IP and Mask To add an IP address and
subnet mask, use the following format: IP Address:
192.168.0.1; and IP Mask: 255.255.255.0.
- IP Range To add an IP range, use the
following format: Start Address: 192.168.0.1; End
Address: 192.168.0.254.
Note: If Exchange 2007 Service Pack 1 (SP1) is deployed on a computer that is running Windows Server 2008, you can enter IP addresses and IP address ranges in the Internet Protocol Version 4 (IPv4) format, Internet Protocol Version 6 (IPv6) format, or both formats. A default installation of Windows Server 2008 enables support for IPv4 and IPv6. For more information about Exchange 2007 SP1 support for IPv6 addresses, see IPv6 Support in Exchange 2007 SP1 and SP2.
- IP Address To add an IP address and
subnet mask by using classless interdomain routing (CIDR), use the
following format: 192.168.0.1/24.
-
To configure an expiration date and time for the IP Block List entry, select the Block until date and time option, and then set the date and time.
-
To configure the IP address to never expire, select the Never expire this address option.
Note: You can't configure an expiration date and time for the IP Allow list in the Exchange Management Console. Use the Exchange Management Shell to configure the expiration date and time for the IP Allow list. -
Click OK to close the dialog box.
To add IP addresses to the IP Allow list and IP Block list by using the Exchange Management Shell, see Add-IPAllowListEntry and Add-IPBlockListEntry.
To use the Exchange Management Shell to add IP addresses to the IP Block list
-
To add an IP address to the IP Block list and include an expiration date and time, run the following command:
Copy Code Add-IPBlockListEntry -IPAddress <IPAddress> [-ExpirationTime <DateTime>]
For example, to add the IP address 192.168.0.1 and include an expiration date and time, run the following command:
Copy Code Add-IPBlockListEntry -IPAddress 192.168.0.1 -ExpirationTime "1/3/2007 23:59"
-
To add an IP address range and include an expiration date and time, run the following command:
Copy Code Add-IPBlockListEntry -IPRange <IPRange> [-ExpirationTime <DateTime>]
For example, to add the IP address 192.168.0.1 - 192.168.0.254 with a specific expiration date and time, run the following command:
Copy Code Add-IPBlockListEntry -IPRange 192.168.0.1-192.168.0.254 -ExpirationTime "1/3/2007 23:59"
-
To add an IP address and subnet mask by using CIDR, run the following command:
Copy Code Add-IPBlockListEntry -IPRange <IPRange>
For example, to add the IP address 192.168.0.1 with the subnet mask 255.255.255.0 by using CIDR, run the following command:
Copy Code Add-IPBlockListEntry -IPAddress 192.168.0.1/24
For More Information
For more information about how to configure connection filtering, see the following tasks: