Spam Experts Help

Exchange 2007-2016 Configuration

Hosted Cloud

Microsoft has removed support for whitelisting based on reverse DNS/hostname. You can however use the following Powershell script:

Add-PSSnapin Microsoft.Exchange*
#Start
$ErrorActionPreference = 'Stop'
$ips = [System.Net.Dns]::GetHostAddresses('delivery.antispamcloud.com') | select IPAddressToString
$ips = $ips | foreach-object {$_.IPAddressToString}
Set-ReceiveConnector -Identity 'Default SERVERNAME' -RemoteIPRanges $ips
#End

Please note that this script is intended for Exchange 2010 on Windows 2008 Small Business but may also apply to Exchange 2007 on other versions of Windows. Replace the 'SERVERNAME' part of the script with your receiving connector's name that you want this script to modify.

You can retrieve this name through Exchange Management Console > Server Name > Server Configuration > Hub Transport.

This script retrieves all IP addresses listed in delivery.antispamcloud.com and whitelists them in the Receive Connector to allow connections from our servers.

You can use the task scheduler to create a planned task and ensure the IP addresses are updated frequently (hourly or at least once a day). This can be done by creating a task with the following command:

powershell -command '& 'C:\psscripts\exchangereceiveconnector.ps1' '

If you are using Exchange 2007 with SBS 2008, then you may need to create this task with the following command instead:

PowerShell.exe -PSConsoleFile 'C:\Program Files\Microsoft\Exchange Server\Bin\ExShell.Psc1' -Command '. 'C:\psscripts\exchangereceiveconnector.ps1'

The user running the task needs privileges for 'Log on as a batch job' on the host running Exchange and needs to be a member of the Microsoft Exchange Security Groups\Server Management group.

Optionally to add additional custom IP addresses you can add after the line containing the foreach-object:

$ips += '192.168.1.0/24'

Make sure you replace this IP with any IP addresses or subnets that should also have permission to deliver directly. You can add this line for each IP/subnet you want to include.

Local Cloud

To restrict deliveries to your mail servers from your filtering nodes only to avoid direct deliveries use the following powershell command to restrict per IP (replace IP OF NODE HERE to your filter server IP(s))

Set-ReceiveConnector -Identity 'Default SERVERNAME' -RemoteIPRanges IP OF NODE HERE