OK...obviously Exchange was expecting apples and I was thinking oranges...and I don't know squat about CIDR...
So...if my subnet mask is 225.225.254.0...and I want SMTP email to be accepted from subnet 10.1.2.x...then I set the range to 10.1.2.0/23??? ________________________________ From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2008 10:58 AM To: MS-Exchange Admin Issues Subject: RE: Anonymous Relay Issues What? The CIDR length can never be greater than 32. That's how large (in bits) that the IPv4 address is. If you want 10.0.0.0 - 10.255.255.255 then that is a /8, not /32; since the network portion of the IP address is only 8 bits wide. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange From: Brown, Larry [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2008 10:37 AM To: MS-Exchange Admin Issues Subject: Anonymous Relay Issues E2007 SP1, CCR. Separate Hubs and CCR servers...Edge servers on a DMZ. We have a server application called Stakeout that users pull data from to a desktop client. The user can then send reports/data via SMTP from the client. Although all of the emails say they are From: StakeOut@<domain>.com<mailto:[EMAIL PROTECTED]>, the sending IP address is pulled from the client PC. Since all of our networked PC's pull their address from DHCP it's kind of impossible to put individual IP addresses in the Receive mail from remote servers in Anonymous Relay Properties. So...I though about putting in the DHCP ranges for the PC's...but it will only allow me to add a range of 10.x.x.1/32. If I try to make the range any larger I get: The CIDR length xx is greater than the maximum of 32 for an IPv4 address. Etc. So THAT doesn't work. Transport rules don't take effect until an email has been accepted by the Anonymous relay...do they? So I don't think that's the answer. Does anyone have any ideas? Am I missing something simple with the IP ranges? How big a risk would we run if we disabled the Anonymous relay so that it just accepts all anonymous SMTP email? This assumes, of course, that our DMZ is up to snuff...blocking anything externally that doesn't come from the Edge servers... Larry C. Brown LAN/WAN CS Support Dayton Power & Light (937)-331-4922 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
