How to Restrict Access by IP Address on a Receiving Bridgehead Server
You can restrict access to a receiving bridgehead server by IP address and subnet address. You do this by allowing only the IP address or subnet of the connecting servers in one forest to send mail to a receiving bridgehead server in another forest.
To restrict access by IP address on a receiving bridgehead server
Open Exchange System Manager.
In the console tree, expand Servers, expand < Bridgehead Server Name >, expand Protocols, and then expand SMTP.
Right-click the SMTP virtual server you want, and then click Properties
On the Access tab, click Connection.
In Connection, click Only the list below to restrict access to a specified list of IP addresses.
Click Add, and then perform one of the following steps:
Click Single Computer, and in the IP address box, type the IP address of the connecting Exchange server in the Adatum forest (the connecting forest). Repeat this step for each computer in the Adatum forest.
Click Group of computers, and in the Subnet address and Subnet mask boxes, type the subnet address and subnet masks for the group of computers that host connectors to the Fabrikam forest.