Limiting inbound SMTP traffic for Norman SecureMail

Descrizione del problema

Note: Please do not make any of the changes listed below if you have backup MX records that point directly to your mail server and bypass Norman SecureMail. If you plan to remove your backup MX records, please allow at least 1 week for the DNS caches all over the web to clear before making the below changes.

We have found that spammers, as much as 20 percent, are intentionally delivering their spam to the lower priority MX and directing it to the customers’ servers thus bypassing Norman SecureMail. We highly advise using only the two MX records that Norman supplies. Norman’s servers should be the only servers sending inbound mail to your server. You will need to continue to allow all Outbound SMTP connections since the outbound mail leaves directly from your server and not through Norman SecureMail.

Soluzione del problema

Only allow Norman SecureMail to deliver messages to your server.

Norman SecureMail Server Networks to allow on your mailserver/firewall for inbound SMTP:

5.152.184.128/25 – or 5.152.184.128 (addresses 129-254) with subnet mask of 255.255.255.128

Norman SecureMail Server IPs to allow on your mailserver/firewall for inbound SMTP:

92.52.89.74 – Delivery server
69.20.85.9 – Alerts/Failover server
69.20.85.10 – Alerts/Failover server
69.20.85.11 – Alerts/Failover server
69.20.85.12 – Alerts/Failover server
69.20.58.225 – Alerts/Failover server
69.20.58.234 – Alerts/Failover server
72.32.252.76 – Custom TLS requirements delivery server

If you do not have a firewall, most mail server platforms have ways of limiting which IP addresses have permission to connect to your server’s SMTP service. Norman advises that the traffic be limited from your firewall. If you cannot do this, you may use the examples below to limit it from your mail server. Do not forget to include your firewall or other external devices that connect to you server.

Exchange 2000/2003

Click here to view the Limit SMTP Exchange 2000 - 2003 tutorial video. This video will guide you through a step-by-step procedure on how to configure Exchange 2000/2003 and limit Simple Mail Transfer Protocol (SMTP). Once you view the video, you are ready to configure your Exchange 2000/2003 mail server.

  1. Open the Exchange System Manager.
  2. Navigate to the Default SMTP Virtual Server folder. From here, right-click the folder and select Properties.
  3. Within the Default SMTP Virtual Server properties pop-up window, click the Access tab and the Connection Control button.
  4. From here, you will add the above IPs. Select the Only the list below option button, and then add the listed IPs.
  5. Each IP should be added as a single computer.
  6. Please restart SMTP for the changes to occur.

Exchange 2007/2010

Click here to view the Limit SMTP Exchange 2007 - 2010 tutorial video. This video will guide you through a step-by-step procedure on how to configure Exchange 2007/2010 and limit Simple Mail Transfer Protocol (SMTP). Once you view the video, you are ready to configure your Exchange 2007/2010 mail server.

  1. Open the Exchange Management Console.
  2. Navigate to: Server Configuration -> Hub Transport -> Default Receive Connector -> Properties -> Network tab.
  3. Locate the Receive mail from remote server with IP screen.
  4. By default, the rule is: 0.0.0.0 to 255.255.255.255. Remove the default and add the list of provided IP addresses into this field.
  5. Stop and restart the MSExchangeTransport service on the HUB transport server(s).

Exchange 5.5

  1. Within the Internet Mail Service Properties pop-up window, click the Connections tab in the Accept Connections area.
  2. Click the Only from hosts using: option button, and then select Authentication as the option.
  3. Click the Hosts... button, and then enter the above IP addresses. When done, click the OK button.
  4. Stop and restart the services.


Data di pubblicazione:: 2012.06.05   Data di aggiornamento: 2014.03.25