Exchange spamfilter - Spamhause m.fl. Question

Topic Author
  • Posts: 124
  • Karma:
  • Gender: Unknown
  • Birthdate: 11 Sep 2019
Exchange spamfilter - Spamhause m.fl. #67
Setting up DNSBLs and DNSWLs
While I'm not endorsing any of the following DNS filtering lists, I think that they may be useful when setting up spam filtering on an exchange server, be it an older 2003 using IMF or a newer one


Let's start with the DNS blacklists, those are used to check if a given IP address connecting to an exchange server and trying to send (us) email(s) is "good" or "bad", the following lists are quite "conservative" ones, that is, won't list an IP just for a few "bad mails" and will only, in general, list known, almost sure, "bad" sending IPs

zen.spamhaus.org

bb.barracudacentral.org

ix.dnsbl.manitu.net

bl.spamcop.net

combined.njabl.org

v4.fullbogons.cymru.com


the above lists, as I wrote, are quite reliable and conservative, this means that you will get really few false-positives (if any); to configure them, just add the above to the Exchange spam filter; when doing so, it may be a good idea to configure the "reject message" (the one used by exchange to refuse an email if the sender is listed by a given DNSBL) to something meaningful, for example, something like the following

Message refused, your IP {0} is blacklisted by {2} (see multirbl.valli.org/lookup/{0}.html ).


using the above message, exchange will automatically replace {0} with the IP the connection came from (the one from the sending server) and {2} with the name of the blacklist which caused the reject; the URL will then allow to perform a straight check against the IP to find out which DNS blacklists are listing that IP and the reasons for the listing, this in turn may allow the remote (sending) server admins to fix the issue, so being able to send you emails again.

Note: in Exchange 2003 the above "variables" (or macros if you prefer) used a different syntax, so, in place of {0} or {2} you'd have %0 or %2; in any case, the meaning of the variables remained the same, that is 0=IP address of sender, 1=Rule name, 2=The RBL provider.

Org. link:
technet.microsoft.com/en-us/library/aa997658(v=exchg.141).aspx
1 year 3 months ago

Please Log in to join the conversation.

Time to create page: 0.202 seconds