03-14-2013 05:54 AM
There are many policies implemented for users but when they use BIS, then it use different SMTP, reason being implemented policy doesn't apply on them.
This is the main reason, we want to block our employees to configure their mails using BIS services..!!
03-14-2013 09:59 AM
After a huge research over internet, I have found Blocking BIS subnet are not the solution, because it will block all the e-mails coming from BIS network including non-employees as well, who may be our client or customer (Anybody can approach us using BIS ID)
So we analyzed & found our work ID (official ID) request come from different Port and rest domains request (i.e. gmail, hotmail, yahoo etc) come from different port.
So we blocked the BIS IP subnet ( KB11036 ) on the particulars port, which were opened for official ID.
Now its working for us, hope this will work for you as well.
I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier
03-17-2013 01:47 PM
Block port 80 and 443 incoming from BIS ips and they wont get email from BIS.
If using IMAP and POP still think about changing to RPC over HTTPS aka Outlook Anywhere.
IMAP, POP are not even used here on my server. It was decided that these older protocols make the server run harder and are easier to hack too since we protect Outlook Anywhere with a SSL cert for connections via TMG 2010.
03-19-2013 09:14 AM
In our scenerio, when employee try to activate his official ID using BIS than request hits at port 80 & 443 but if outside user try to communicate with our official ID then request comes from Port 25.
So we blocked all BIS subnets provided on Blackberry Support Forum only for port 80 & 443, if request come from any domain i.e. gmail or yahoo than it will be open and mail will drop in our inbox.