- Posts: 177
- Thank you received: 0
Exchange spamfilter - Spamhause m.fl.
- JudgeFredd
- Topic Author
- Offline
- Administrator
Less
More
10 months 1 week ago #134
by JudgeFredd
Exchange spamfilter - Spamhause m.fl. was created by JudgeFredd
Setting up DNSBLs and DNSWLs
While I'm not endorsing any of the following DNS filtering lists, I think that they may be useful when setting up spam filtering on an exchange server, be it an older 2003 using IMF or a newer one
Let's start with the DNS blacklists, those are used to check if a given IP address connecting to an exchange server and trying to send (us) email(s) is "good" or "bad", the following lists are quite "conservative" ones, that is, won't list an IP just for a few "bad mails" and will only, in general, list known, almost sure, "bad" sending IPs
zen.spamhaus.org
bb.barracudacentral.org
ix.dnsbl.manitu.net
bl.spamcop.net
combined.njabl.org
v4.fullbogons.cymru.com
the above lists, as I wrote, are quite reliable and conservative, this means that you will get really few false-positives (if any); to configure them, just add the above to the Exchange spam filter; when doing so, it may be a good idea to configure the "reject message" (the one used by exchange to refuse an email if the sender is listed by a given DNSBL) to something meaningful, for example, something like the following
Message refused, your IP {0} is blacklisted by {2} (see multirbl.valli.org/lookup/{0}.html ).
using the above message, exchange will automatically replace {0} with the IP the connection came from (the one from the sending server) and {2} with the name of the blacklist which caused the reject; the URL will then allow to perform a straight check against the IP to find out which DNS blacklists are listing that IP and the reasons for the listing, this in turn may allow the remote (sending) server admins to fix the issue, so being able to send you emails again.
Note: in Exchange 2003 the above "variables" (or macros if you prefer) used a different syntax, so, in place of {0} or {2} you'd have %0 or %2; in any case, the meaning of the variables remained the same, that is 0=IP address of sender, 1=Rule name, 2=The RBL provider.
Org. link:
technet.microsoft.com/en-us/library/aa997658(v=exchg.141).aspx
While I'm not endorsing any of the following DNS filtering lists, I think that they may be useful when setting up spam filtering on an exchange server, be it an older 2003 using IMF or a newer one
Let's start with the DNS blacklists, those are used to check if a given IP address connecting to an exchange server and trying to send (us) email(s) is "good" or "bad", the following lists are quite "conservative" ones, that is, won't list an IP just for a few "bad mails" and will only, in general, list known, almost sure, "bad" sending IPs
zen.spamhaus.org
bb.barracudacentral.org
ix.dnsbl.manitu.net
bl.spamcop.net
combined.njabl.org
v4.fullbogons.cymru.com
the above lists, as I wrote, are quite reliable and conservative, this means that you will get really few false-positives (if any); to configure them, just add the above to the Exchange spam filter; when doing so, it may be a good idea to configure the "reject message" (the one used by exchange to refuse an email if the sender is listed by a given DNSBL) to something meaningful, for example, something like the following
Message refused, your IP {0} is blacklisted by {2} (see multirbl.valli.org/lookup/{0}.html ).
using the above message, exchange will automatically replace {0} with the IP the connection came from (the one from the sending server) and {2} with the name of the blacklist which caused the reject; the URL will then allow to perform a straight check against the IP to find out which DNS blacklists are listing that IP and the reasons for the listing, this in turn may allow the remote (sending) server admins to fix the issue, so being able to send you emails again.
Note: in Exchange 2003 the above "variables" (or macros if you prefer) used a different syntax, so, in place of {0} or {2} you'd have %0 or %2; in any case, the meaning of the variables remained the same, that is 0=IP address of sender, 1=Rule name, 2=The RBL provider.
Org. link:
technet.microsoft.com/en-us/library/aa997658(v=exchg.141).aspx
Please Log in to join the conversation.
Time to create page: 0.508 seconds