Restrict SMTP to list of allowed IPs

MS Exchange 2007 services under one VIP, on AX 3200-12’s in one-arm mode. I want to restrict the SMTP service to allow only a predefined list of client IP addresses or networks to go through. This would match the allow list on the Exchange Server configuration. The reason for this is since the AX’s are in one-arm mode using source NAT, in order to allow SMTP from the AX’s I have to add their IPs to the allow list in Exchange, thereby making my SMTP service wide open! Not good.
Can I do this with an aFleX script?
Thanks
Tony

You have a couple of options in this case. Either use ACLs, PBSLB or indeed with aFleX with or without a class-list.

Thanks Mischa. Finally got around to testing…adding ACLs on the VIP on port 25 worked like a charm. Wasn’t sure of the file format for PBSLB, or the exact coding for aFleX, so ACLs was the easier method.
Tony

I got Thunder 3030S. I am in the same boat with exchange 2013 adding ACLs on the VIP Port 25. Currently I have around 200 server/devices relaying via exchange.

Is there a limitation on how many server/devices I can add to the ACL? I created an extended ACL.
thank you