Hello all,   I apologize in advance if this is a simple answer. I probably am over thinking this issue but thought I would ask before a created a mess.   We have an on-premise exchange server. This has the Proofpoint email filter server in front of it for inbound and outbound mail filtering/security. We route all email connections through that service for various security reasons.   However, we are implementing a cloud-based CRM (Bitrix24 if it matters). It has built in IMAP capabilities. The wrinkle is that Bitrix has a set of virtual mail servers hosted in AWS. Those servers seem to have dynamic IP addresses (probably as new VMs are spun up). This implementation has shown a seemingly unending list of AWS IP addresses attempting to access our Meraki. There is a pool of five MTA records that tie to IP addresses. (example mta-us-001.bitrix24.com) These records expire every 5 minutes.   Currently we have a port forwarding rule to the email server setup allowing specific IP addresses on port 993. I would rather not open access to several AWS A IP blocks. There has to be a method to allow inbound connections using the published MTA records. However, my brain is not helping me here. Thanks in advance.  ... View more