Wednesday, September 24, 2014

Exchange Online and a Connection Filter limitation

Ran into a situation the other day where I was inputting Whitelisted IP's from a customer's current mail hygiene solution, and EOP would not let me input a /20 network into the dialog.  I double checked the IP/subnet was correct, the periods were really periods, and no whitespace characters in my input.  No go.   Turns out I hit a fun limitation of the connection filter.  Not sure why they would have this limitation, but here is the documented limit and a workaround (if you use Exchange Online - if you are an EOP only customer, I am not currently aware of a workaround)

From here: http://technet.microsoft.com/en-us/library/jj200718%28v=exchg.150%29.aspx
"You can specify a maximum of 1273 entries, where an entry is either a single IP address or a CIDR range of IP addresses from /24 to /32."

So that's the limitation.  Luckily, this customer is using Exchange Online, which allows you to also use Transport Rules that can then cover a larger subnet and bypass spam filtering for connections from that IP:

http://technet.microsoft.com/en-us/library/jj200718%28v=exchg.150%29.aspx#bkmk_addtionalconsiderationswhenconfiguringipallowlists

No comments: