WinDeveloper IMF Tune
WinDeveloper IMF Tune
WinDeveloper IMF Tune

Real-Time Block Lists in Exchange 2003

Alexander Zammit

Alexander Zammit Photo

Software Development Consultant. Involved in the development of various Enterprise software solutions. Today focused on Blockchain and DLT technologies.

More from Alexander Zammit...
  • Published: Oct 12, 2006
  • Category: Anti-Spam
  • Votes: 5.0 out of 5 - 6 Votes
Cast your Vote
Poor Excellent

Real-Time Block Lists identify hosts from which spam and other unwanted emails are distributed. Our journey will cover understanding how RBLs work, some tips on selecting the list provider, and Exchange 2003 configuration.

FirstPreviousPage 1Page 2NextLast All Pages

Configuring RBLs in Exchange 2003

In Exchange 2003 RBL configuration starts from:
Global Settings | Message Delivery | Connection Filtering

Message Delivery Properties

Connection Filtering

Click on Add to subscribe to a new RBL.

RBL configuration

In the Connection Filtering Rule dialog that opens we need to fill in the Display Name and Provider DNS Suffix fields. The Display Name could be anything, but I would suggest entering the name of the RBL provider. The DNS suffix is specific to the list provider, for example SpamCop uses bl.spamcop.net, SpamHaus sbl-xbl.spamhaus.org etc.

On matching an RBL, the default rejection says:
<IP address> has been blocked by <Display Name>

This is a good response. It provides blocked legitimate senders with relevant information, allowing them to rectify the problem.

In the Connection Filtering Rule dialog click on the Return Status Code button.

RBL Status Code

From here we can customize RBL matching based on the 127.0.0.x code returned for a successful lookup. This customization is provider specific. In general we would keep the default settings i.e. emails are rejected whenever matching the RBL independently of the return code.

The option 'Match Filter Rule to the Following Mask' could be used to match multiple status codes with one setting. For example entering 127.0.0.3 would allow matches against status codes 127.0.0.1 and 127.0.0.2. Any other status code would not be matched and the email is allowed to go through.

The 'Match Filter Rule to Any of the Following Responses' option is more intuitive. Here the specific status codes to be matched are entered one by one through the list interface.

This completes the basic RBL configuration. If necessary you can repeat the same steps to subscribe to additional RBL services.

RBL Exceptions

Getting back to the main Connection Filtering property page we can configure Recipient and IP base exceptions. Clicking the Exception button brings the recipient exception list dialog. Here enter the recipient addresses whose emails are to skip RBL filtering. This can be useful for mailboxes receiving highly critical emails, where false positives cannot be tolerated.

Recipient Exceptions

The IP Accept and Deny lists also work in combination with RBLs. The lists identify hosts whose emails are to be always accepted or rejected. Emails originating from hosts on the IP Accept list skip RBL processing. Configuring these lists was discussed in depth in an earlier article, Connection Filtering IP Accept List in Exchange SP2.

Enabling Connection Filtering and RBLs

Once connection filtering is configured, it is necessary to enable it on each of the SMTP Virtual servers. Again Connection Filtering IP Accept List in Exchange SP2 goes through the necessary steps.

Applying RBLs behind the Network Perimeter

As long as Exchange is directly handling internet originating email, the IP to be looked up at the RBL is readily available. Otherwise when sitting behind some other SMTP host, the necessary IP must be extracted from the email headers. For this to work the range of local IPs must be configured within Exchange under:
Global Settings | Message Delivery | General

Once again Connection Filtering IP Accept List in Exchange SP2 goes through the configuration details.

References

TechNet: Exchange Server 2003 Real-Time Block Lists

Connection Filtering IP Accept List in Exchange SP2

FirstPreviousPage 1Page 2NextLast All Pages

User Comments - Page 1 of 1

shawn 7 Jun 2011 11:37
Exchange 2011 Real-time Block Lists
A real-time block list (RBL) is a method of stopping spammers from being able to send out large quantities of distasteful spam. A real-time block list is managed and maintained by an organization (company, non-profit, or volunteers) who track spam activity and create a list of known violators. Violations can include SMTP configurations to being caught sending spam. Once you are on their list, you can typically request removal. Some site will publish email addresses and all messages received to that email address is spam.
When a computer connects to your Exchange server, Exchange will query the specified real-time block list. If the address is on that list, Exchange will generate an error and refuse the message. The server that was trying to send the spam is then responsible to generate a non-delivery report and send it the sender. This will eventually lock up the sending server until their open relay is detected and resolved.
For a list of real-time block lists, please refer to the Wikipedia article:
http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
Setup
The process is the same for Exchange 2008 and Exchange 2010.
To setup a RBL, open Exchange Management Console – the GUI, and under Organization Configuration select Hub Transport. Select the Anti-Spam tab and right click IP Block List Providers selecting Properties. You can add lists and set them up here.

www.internetworkconsulting.net


Alexander Zammits 14 Aug 2009 01:27
Please always check the site of the RBL provider for configuration details.

For example changes at spamhaus today recommand the use of:
zen.spamhaus.org

Instead of:
sbl-xbl.spamhaus.org
Copyright © 2005 - 2024 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation