introduction
Connection Filtering enables you to black list or white list email messages originating from individual IP addresses or entire ranges
as we mentioned in previous article : EOP tools to check incoming email in order :
- connection filtering
- anti-malware
- MAil Flow Rules
- Content Filtering ( which known as ANti-SPAM )
SO … Connection Filtering id the first tool to check incoming email before sent to recipient
this articloe we will how to configure connection filtering from both:
- [Exchange Admin Center EAC ]
- and [Security And Compliance Center SCC ]
Connection Filtering Concepts
you can configure the default connection filter policy to identify good or bad source email servers by their IP addresses. or even create new policy
The key components of the connection filter policy are:
IP Allow List
Skip spam filtering for all incoming messages from the source email servers that you specify by IP address or IP address range.
IP Block List
Block all incoming messages from the source email servers that you specify by IP address or IP address range. The incoming messages are rejected, are not marked as spam, and no additional filtering occurs.
- Meaning that the first defense line [Connection Filtering ] has reject incoming email and there is NO need to make another inspection
Safe list
The safe list is a dynamic allow list in the Microsoft datacenter that requires no customer configuration.
Microsoft identifies these trusted email sources from subscriptions to various third-party lists.
You enable or disable the use of the safe list; >> you can’t configure the source email servers on the safe list.
Spam filtering is skipped on incoming messages from the email servers on the safe list.
- in simple words : We can’t find any information about who these “Trusted Senders” are or who creates this list so we can’t really comment on what it does.>> just accept it 🙂
Configure Connection Filtering
we have company requirement to
- enable all incoming email from email server with public IP 2.2.2.2
- Block all incoming email from email server with public IP 3.3.3.3
- enable microsoft safe list
let us to configure Connection Filtering default policy :
- To access connection filtering from EAC : https://portal.office.com >> admin center >> exchange >> protection >> content filtering
- also we can Use the Security & Compliance Center To access connection filtering from SCC : https://protection.office.com/ >> In the Security & Compliance Center and go to Threat management> Policy > Anti-Spam.
- On the Anti-spam settings page, expand Connection filter policy by clicking , and then click Edit policy.
- Please note connection filtering is always ON
- In the Default flyout that appears, configure any of the following settings:
- Description: Enter optional descriptive text.
- IP Allow List: Click Edit. In the IP Allow Listflyout that appears, enter an IPV4 address in the Address or address range box using the following syntax:
- Single IP: For example, 2.2.2.2
- IP range: For example, 2.2.2.2 -2.2.2.254 .
- CIDR IP 2.2.2.2 /24
- IP Block List: Click Edit. In the IP block List flyout that appears, enter an IPV4 address in the Address or address range box using the following syntax:
- Single IP: For example, 3.3.3.3
- IP range: For example, 3.3.3.3 -3.3.3.254 .
- CIDR IP 3.3.3.3 /24
Conclusion
Connection Filtering is the first EOP [Exchange Online Protection ] Tools to check incoming email before sent to recipient mailbox
Connection Filtering could be configured by :
- Exchange Admin center EAC
- Security and Compliance Center SCC
