I’m sure all of you Exchange types have already been to Jeffrey’s blog and downloaded the cheat sheet (btw, this is hanging on my wall at the moment) and written tons of powershell scripts already. In case you did get the download, but didn’t know what to write perhaps some security deployment automation scripts would be a good start!!
Allowing only the IP addresses of your Exchange and other mail servers to connect to the rest of the Exchange servers in your environment is one of the easiest and quickest ways to get your mail routing secure. It ensures that only the servers you specify are able to open connections to your Exchange mailbox and/or hub server. This is important to prevent rogue/viral applications, users, and hackers from sending unwanted mail or overloading your messaging interfaces.
In Exchange 2003 these entries were stored in active directory as blobs and could not be easily exportable. In Exchange 2007 this has changed and automating the deployment of this security best practice has been made feasible. To make things even easier, you don’t have to write your own script to automate this…..There is a powershell script Microsoft put together to do this. This script will make the whole process easy! Just run it to export the entries, then run the script file you exported the entries to, on the import side….very easy, thanks Bhavin!!