This describes the set up used to block IPv4 or IPv6 access to an internal email server (or other similar resource) on the basis of Geographic location or Autonomous System (AS) Number obtained from ipinfo.io and implementing blocking and alerting (possibly for DLP purposes) using the All Cybercrime IP Feeds feed from FireHOL.
An organisation has an MS Exchange server behind a Watchguard firewall that forwards ports 443, 143 and 587 (for OWA, IMAP and SMTP[message submission agent)]) to an internal MS Exchange Server (Windows Server 2012 R2), email is checked by staff in a geographically defined area.
This is identified as a risk (external access to an internal reasource, if there is a breach access to a segmented internal network with is possible). The risk is greater than it needs to be since staff checking email are narrrowly geographically distributed
Whilst strong passwords are important they do not protect against buffer overflow or similar exploits