And EOL with a full dead stop!
Service and support comes to a full stop on April 30th, 2014.
Cisco is recommending the ISA500 Series Integrated Security Appliances.
Now, as a rule our preference it so utilize ExchangeDefender to sanitize all e-mail prior to it getting remotely close to the production network.
We then have the ability to allow the ExchangeDefender server’s subnets inbound for SMTP traffic thus avoiding SMTP authorization attempts.
And, because we tend to have only one MX record registered we don’t have to worry about spammers pumping spam into secondary MX servers which in some cases will not have any or very little spam protection.
Our primary goal is to filter all inbound and all outbound WAN based traffic. That is, we set up whitelists for Internet bound and server services bound Internet traffic.
Besides filtering inbound SMTP traffic we set an outbound SMTP rule to be allowed only from the on-premises Exchange server as well as other server(s) on the network. If a user gets compromised by something that tries to spew e-mail via SMTP it stops there and we get a call for a machine that’s dragging its feet. :)
We have applied for an ISA550 demo unit from our Cisco rep at D&H Canada. Once we receive it we will post our experience with it as well as a configuration guide.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book
Find out more at