Exchange 2016-2019 Configuration
Versions 2013 and earlier of exchange have reached the official End-of-Life (EOL) with Microsoft and Microsoft has ceased support for these products. The following instructions were correct at time of writing, however, as these versions are no longer officially supported, we cannot guarantee the success of configuration.
Hosted Cloud
Microsoft has removed support for allowing based on reverse DNS/hostname. You can however use the following Powershell script:
Add-PSSnapin Microsoft.Exchange*
#Start
$ErrorActionPreference = 'Stop'
$ips = [System.Net.Dns]::GetHostAddresses('delivery.antispamcloud.com') | select IPAddressToString
$ips = $ips | foreach-object {$_.IPAddressToString}
Set-ReceiveConnector -Identity 'Default SERVERNAME' -RemoteIPRanges $ips
#End
Please note that this script is intended for Exchange 2010 on Windows 2008 Small Business but may also apply to Exchange 2007 on other versions of Windows. Replace the 'SERVERNAME' part of the script with your receiving connector's name that you want this script to modify.
You can retrieve this name through Exchange Management Console > Server Name > Server Configuration > Hub Transport.
This script retrieves all IP addresses listed in delivery.antispamcloud.com and allows them in the Receive Connector to allow connections from our servers.
You can use the task scheduler to create a planned task and ensure the IP addresses are updated frequently (hourly or at least once a day). This can be done by creating a task with the following command:
powershell -command '& 'C:\psscripts\exchangereceiveconnector.ps1' '
If you are using Exchange 2007 with SBS 2008, then you may need to create this task with the following command instead:
PowerShell.exe -PSConsoleFile 'C:\Program Files\Microsoft\Exchange Server\Bin\ExShell.Psc1' -Command '. 'C:\psscripts\exchangereceiveconnector.ps1'
The user running the task needs privileges for 'Log on as a batch job' on the host running Exchange and needs to be a member of the Microsoft Exchange Security Groups\Server Management group.
Optionally to add additional custom IP addresses you can add after the line containing the foreach-object:
$ips += '192.168.1.0/24'
Make sure you replace this IP with any IP addresses or subnets that should also have permission to deliver directly. You can add this line for each IP/subnet you want to include.
Local Cloud
To restrict deliveries to your mail servers from your filtering nodes only to avoid direct deliveries use the following powershell command to restrict per IP (replace IP OF NODE HERE to your filter server IP(s))
Set-ReceiveConnector -Identity 'Default SERVERNAME' -RemoteIPRanges IP OF NODE HERE
Disclaimer: This documentation may contain references to third party software or websites. N-able has no control over third party software or content and is not responsible for the availability, security, or operation, of any third-party software. If you decide to utilize a release involving third-party software, you do so entirely at your own risk and subject to the applicable third party’s terms and conditions of the use of such software. No information obtained by you from N-able or this documentation shall create any warranty for such software.