Prevent spam, viruses & attacks from going around Mailprotector
Some virus and spam senders specifically target mail servers using low-priority DNS MX records or by looking up a server directly using a common naming convention such as mail.yourdomain.com. To prevent malicious senders from bypassing the message security service, we highly recommend that you add all of your domains to the service, then lock down the firewall on each of your email servers to accept mail only from Mailprotector.
Note: Before doing this you should make sure this change doesn't conflict with other network requirements (i.e. - roaming users sending outbound through your SMTP, smtp connections from other divisions/locations, etc).
To lock down your firewall limit SMTP (port 25) traffic at the firewall or server to only allow connections from the Mailprotector IP addresses listed in the Global Data Center article:
Examples in Legacy Exchange management panels below:
Important Note: Make sure to enter all IP's associated with the Global Data Centers linked above. The 220.127.116.11/24 range listed is the examples below is scheduled to expire 3/1/2016.
Exchange 2007 screenshot: