I am using an external spam filter that works by being the first to get email (Windows EOP). It works by changing the mx record.
Works fine by filtering out spam.
I have discovered the many spammers send email directly to my port 25 and bypass the spam filter.
I want to block access to port 25 except for a number of ip address ranges used by microsoft antispam.
How do I do that?
G’day,
The trick here is to create a Global Rule that blocks access to port 25 - BUT - you need to select the EXCLUDE option and then nominate the addresses you wish to allow in.
The parameters for the Global Rule are as follows (explanatory text in italics under each parameter);
Action : BLOCK
>Block all unsolicited inbound access
Protocol : TCP or UDP
>Specify which protocols are to be blocked
Direction : IN
>Block inbound traffic only
Description : Descriptive text relevant to your circumstances
Source Address : Select EXCLUDE - IP ADDRESS RANGE
>This parameters specifies the IP address range that will be excluded from being blocked
Destination Address : ANY
>Although it says ANY it means the system this instance of CIS is running on
Source Port : ANY
>The originating port of the inbound request - as we can’t pre-determine this, we enter ANY
Destination Port : 25
>The port on this system to be affected by this rule
Remember to move this rule above any rule that would allow open access to port 25 in the Global Rules list.
Hope this helps,
Ewen 
Thanks “panic”