I created a regular case with Cisco/Meraki for this. In 2 comments, I explained exactly what I wanted. Each time the response back clearly showed they didn't understand what seems fairly straight forward. So I'm hoping the forum can help me.
We have an On-Premise Exchange server. In the last month we switched our eMail security from local to Barracuda Cloud Services. The Exchange server is still On-Premise. Everything is working as expected. The way BCS works is our MX records point to Barracuda instead of to us. Now all Incoming email goes through BCS first. Again, that is all working fine. But Spammers can ignore our MX records and send directly to our IP address and thus bypass Barracuda. To stop this, Barracuda recommends locking down our External Firewall by only allowing SMTP traffic to come from the Barracuda IP Range. Here is exactly what they say:
It is recommended to lock down your External Firewall to only allow SMTP Traffic from Barracuda IPs.
209.222.80.0/21 (255.255.248.0)
64.235.144.0/20 (255.255.240.0)
This will stop Spammers from hitting your Network Directly and all SMTP Must come from us to be valid.
This is what I explained when I opened my case with Meraki/Cisco support. I think I need to use the Traffic Shaping-Flow Preferences-Internet Traffic section to make this happen. Can anyone tell me exactly what I need to enter and where?
On the MX65, if I'm thinking of the correct section, my fields are Protocol, Source, Src port, Destination, Dst Port
If something is not clear let me know and I'll be glad to update the post. Thanks...Dave
