Reflexion KBA's
Lock a Server Down to Only Accept Mail from Reflexion
Posted by Robert Mitchell on 07 November 2016 11:43 AM

Overview

Enforcing IP restrictions is absolutely critical to ensure complete protection of your mail server. Because hackers and spammers can easily bypass cloud services and target your server directly, mail servers protected by Reflexion should only accept SMTP connections from the Reflexion IPs listed below and deny all other traffic:

69.84.129.224/27          (255.255.255.224)

208.70.208.0/22            (255.255.252.0)

 

Office 365

In the Exchange Admin Center (EAC), click Mail Flow > Connectors. Then create an Inbound Connector to receive emails from Reflexion IP's below:

69.84.129.224/27 (255.255.255.224)
208.70.208.0/24 (255.255.255.0)
208.70.209.0/24 (255.255.255.0)
208.70.210.0/24 (255.255.255.0)
208.70.211.0/24 (255.255.255.0)

Exchange 2013

  1. Mail Flow, Rules, Create a new rule
  2. Apply this rule if, sender location is Outside the Organization
  3. Do the following - recommend reject or delete the message
  4. Click More options
  5. Add Exceptions for the Reflexion IP addresses

       69.84.129.224/27          (255.255.255.224)
       208.70.208.0/24            (255.255.252.0)
       208.70.209.0/24            (255.255.252.0)
       208.70.210.0/24            (255.255.252.0)
       208.70.211.0/24            (255.255.252.0)

Exchange 2007/2010

  1. Open the Exchange Management Console
  2. Navigate to Server Configuration > Hub Transport > Default Receive Connector > Properties > Network tab
  3. Under "Receive mail from remote servers that have these addresses:" find the entry that says 0.0.0.0-255.255.255.0 and delete it
  4. Under "Receive mail from remote servers that have these addresses:" click Add
  5. Input the first Reflexion IP range; repeat this step for each Reflexion IP
  6. Click on the Permission Group tab and ensure that anonymous delivery is allowed from our ranges
  7. Stop and restart the MSExchangeTransport service on the HUB transport server(s)

Exchange 2003

  1. Open the Exchange System Manager
  2. Expand Servers > Server Name > Protocols > SMTP > right-click "Default SMTP Virtual Server" (or the active receive connector name) and select Properties
  3. Navigate to the Access tab and then select the Connection button
  4. Remove any entries from previous providers or entries that have the IP range 0.0.0.0 - 255.255.255.0
  5. Click Add to enter a new IP restriction
  6. Select the group of computers option, insert the first IP range for Reflexion, set the subnet mask to 255.255.255.224 and click OK; repeat this step for each of the Reflexion IPs
  7. Restart the Simple Mail Transfer Protocol (SMTP) service to apply the changes

Feedback and contact

If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

(0 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).

Help Desk Software by Reflexion
Copyright 2004-2015 Sophos Limited or one of its affiliates. All rights reserved.