Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Blocking ALL incoming...

Status
Not open for further replies.
gudguy

gudguy

MIS
Nov 8, 2002
93
US
We are running 2003 exchange. Our setup for incoming is, Mirapoint receives emails from Internet and then forwards to Exchange.

In case of viruses, we want to stop incoming messages on Exchange, allowing mirapoint to queue up. At the same time we want do not want to block outgoing emails.

How can I stop incoming emails on Exchange 2003, while at the sametime allowing outgoing?

I would appreciate your expertise on this.
Thanks in advance
 
Sort by date Sort by votes
Well, since that Mirapoint handles the foward, you need to stop that one from forwarding.

Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do I Get Great Answers To my Tek-Tips Questions? See faq222-2244
 
Upvote 0 Downvote
Thanks Marc for your reply.
Actually I looked into Mirapoint before posting this. And there is no such option to temporarily stop. If we stop, then we dont 'receive any incoming emails from internet at Mirapoint
 
Upvote 0 Downvote
All you can do then is to manually stop Exchange from receiving, but you should consider the impact on that Mirapoint then, will it fail, generate a bunch of errors, NDR....

But why you would stop Exchange from receiving when a virus comes in in Mirapoint, that part I don't quite get.

Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do I Get Great Answers To my Tek-Tips Questions? See faq222-2244
 
Upvote 0 Downvote
If you stop smtp from receiving email, then outgoing emails are stopped too. I don't want to interrupt outgoing and users should be able to do their work and send out emails, but block incoming emails for couple of hours in rare cases where pattern files have not been released.

While AV ppl work on pattern files, I want Mirapoint to hold emails.

There is a solution in this case, to install a second NIC on smtp gateway on Exchange (on DNS create an MX record pointing to this second NIC). In this case all I need to do is goto Network neighborhood and disable NIC. This way mirapoint will hold emails.

But I want a simpler way of creating second SMTP Virtual server or connector to stop incoming emails to Exchange from mirapoint.
 
Upvote 0 Downvote
If you are going to use 2 NICs, don't bother stopping the NIC, just pull out the cable, much faster.

You could also block port 25 on the Exchange server, that will stop incoming mail too. (or change the outgoing port on the Mirapoint, whichever is fastest/easiest, I don't know your setup.. FW in between or not...)

And you could stop external SMTP, internal mail does not use that.

Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do I Get Great Answers To my Tek-Tips Questions? See faq222-2244
 
Upvote 0 Downvote
I still don't see why there would be a need to stop it though, anti-virus patterns should be updated immediately when released, not after the facts.

Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do I Get Great Answers To my Tek-Tips Questions? See faq222-2244
 
Upvote 0 Downvote
I'm not sure if this would work but what about creating a second SMTP Virtual server on your exchange box and adding an IP address to your current NIC. Let the new SMTP server take the new IP address. Setup a new connector or modify the current one to use the new SMTP server for the address space *. You would have to shut down the SMTP server that your Mirapoint gateway uses manually but I think ourgoing would still work at this point because the routing connector is using the new SMTP server. (I think. I have never tried this nor have I separated traffic with connectors. From what little I've read this is the way the connectors can work but I'm just guessing. If I'm totally off on this sorry!!!! ;)

You still may have a problem with NDRs etc. from Mirapoint.

?????
 
Upvote 0 Downvote
Thanks for all your participation.

Marc & Ymeg123 have brought out good points and so would like to address them.

If you are going to use 2 NICs, don't bother stopping the NIC, just pull out the cable, much faster
- I'm talking about more than 100 exchange servers scattered across world, so you got the idea now. Its much simpler to right-click NIC and disable.

You could also block port 25 on the Exchange server, that will stop incoming mail too. (or change the outgoing port on the Mirapoint, whichever is fastest/easiest, I don't know your setup.. FW in between or not...)
- Blocking port 25 is not a good idea, considering changing the TCP/IP properties and putting it back, thou a restart is not necessary. However I'll have to think about disable outgoing port on Mirapoint.

And you could stop external SMTP, internal mail does not use that
- I can't stop external SMTP as I want to use SMTP external.

I still don't see why there would be a need to stop it though, anti-virus patterns should be updated immediately when released, not after the facts
- you'll be surprised that we are the ones who called AV recently before they were aware of some virus. It happened twice already. As they are building a new pattern, imagine how many users will be affected and how shrewed it is to stop external incoming mails for couple of hours, while users can still continue their work communicating within Exchange organization. Stopping external email for couple of hours is not a big deal, while somtimes I get my hotmail emails a day after they were sent :)
------------
I'm not sure if this would work but what about creating a second SMTP Virtual server on your exchange box and adding an IP address to your current NIC. Let the new SMTP server take the new IP address. Setup a new connector or modify the current one to use the new SMTP server for the address space *. You would have to shut down the SMTP server that your Mirapoint gateway uses manually but I think ourgoing would still work at this point because the routing connector is using the new SMTP server. (I think. I have never tried this nor have I separated traffic with connectors. From what little I've read this is the way the connectors can work but I'm just guessing. If I'm totally off on this sorry!!!! ;)
- Right-clicking NIC and disable is much much simpler :)

You still may have a problem with NDRs etc. from Mirapoint.
- There wont be NDRs at Mirapoint, the emails would just pile and wait in the queue, waiting for network connection.
 
Upvote 0 Downvote
It sure would be nice if they had a "stop all incoming mail" button for this wouldn't it.

I hear where you're coming from. I use an anti-virus that updates the tables weekly for auto update and not daily. I had a virus come into my mail server because the tables would not detect the new virus. THE AUTO UPDATE TABLES. The manual update DID detect the new virus. Kinda goofy in my eyes but........

My thoughts were along the lines of not having to install a second nic card....but any way stopping these viruses that plague us all is good.

Good luck. Please let us know your final config. You never know when this config can come in handy!!

 
Upvote 0 Downvote
gudguy, I see your concern now, but admit it, you never mentioned more than 100 server in your post, we were under the impression you were talking about 1 server only.

As for the viruses, the point I was going at is:

You:
If the Mirapoint server detects a virus, then you want to stop the Exchange(s).

Me:
If the Mirapoint server detects a virus, then it is already stopped, so, why stop other emails..
In other words, you would close E-mail when your Mirapoint already intercepted the virus, there is no logic in that.
I do wonder how you detect a virus if your patterns are not uptodate. Unless you are talking about 2 different products, in which case I would suggest dumping the delayed one.

The risk is only there when neither detects a virus, but in that case, you are in trouble anyway.




Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do I Get Great Answers To my Tek-Tips Questions? See faq222-2244
 
Upvote 0 Downvote
Couple of times we were the first recipients of new virus attacks. Neither Mirapoint nor Exchange are aware of this new virus through our virus software. Because of smyptoms and user calls, we find out that there is a virus on that day. However when we call AV company, they tell us that its a new virus and that we are the first ones they heard from about this virus and then they start developing patter files.

meanwhile we want to stop incoming mails coming to our exchange servers.
 
Upvote 0 Downvote
Depending on symptoms s a risky business, that I know.
But then, if you would stop the Exchanges, that means all viruses still get in the Mirapoint server.
Would it make more sense to stop that one then instead?
Mail will get queued by the sender.
And if you have so much trouble with new viruses, is you Anti-virus as good as they claim? (You never mention which AV it is).

Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do I Get Great Answers To my Tek-Tips Questions? See faq222-2244
 
Upvote 0 Downvote
But these viruses execute only upon opening emails, which we want to prevent users from opening by not allowing emails to come into exch org, in the first place.
 
Upvote 0 Downvote
I understand your dillema, but I still think you will be far better of (easier on the job) by making your systems safer then to tackle it when the harm is done. One day, you are going to get a very nasty one like that.
I would strongly suggest you restrict all potential types of attachments, certainly the most obvious ones, like exe, com, bat, pif, scr, reg, ...
And even more importantly, educate the users!
You will probably face the same problem as many others, it is mostly the same group of users that click on anything they receive without thinking, over and over again.

Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do I Get Great Answers To my Tek-Tips Questions? See faq222-2244
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

m245
  • Locked
  • Question
Adding a disclaimer for all outgoing emails in Exchange 2013 Standard Edition
Replies
0
Views
2K
m245
m245
DrB0b
  • Locked
  • Question
Exchange 2019 Full Access to all mailboxes
Replies
3
Views
527
DrB0b
DrB0b
fredmartinmaine
  • Locked
  • Question
Missing incoming messages
Replies
2
Views
265
fredmartinmaine
fredmartinmaine
Rajesh Karunakaran
  • Locked
  • Question
How to redirect all outgoing mails to a particular email id for scrutinizing purpose
Replies
0
Views
237
Rajesh Karunakaran
Rajesh Karunakaran
atverre
  • Locked
  • Question
Error incoming calls from external
Replies
1
Views
274
huddleto
huddleto

Part and Inventory Search

Sponsor

Back
Top