Re: Exchange 2003 Black Lists
- From: Mike <Mike@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 2 May 2006 07:58:03 -0700
Could there be any other setting not in ESM that oculd be causing me not to
see the "Friendly" error message?
"Kirill Palagin" wrote:
.
That is correct - you should do it in VS properties.
You should be getting strings like
"221+2.0.0+LEO.2345.ru+Service+closing+transmission+channel"
"250+2.6.0++<6KTFWhFBK00000008@xxxxxxxxxxxxx>+Queued+mail+for+delivery"
Mike wrote:
Kirill,--
I have selected all available fields, but I still only get numeric codes.
Nothing verbal. Maybe I'm not doing this in the right place. I've selected
all fields to log for the Default SMTP Virtual Server in ESM. Is this
correct?
Mike
"Kirill Palagin" wrote:
Then add all available fields. You should be getting verbal (in addition
to numeric) server responses.
Mike wrote:
I changed my logs to W3 format and selected all fields to log, yet I do not
see any friendly reponses. However if the 550 I see is what I'm supposed to
see that's a good start.
Thanks again!!
Mike
"Kirill Palagin" wrote:
Add "URI Stem" and "URI Query" to list of logged fields. This will give
you human-friendly server response too. And please read 823866.
Mike wrote:
Hello Bharat,
I have already followed the steps from the link that you provided. My
concern is that I'm wondering how to figure out if the RBL is working. Here
is a snippet from my log. I see a "550" on the 3rd entry. Is this how I know
RBL is working? These logs are in IIS format.
81.172.11.136, hermin.com, 5/1/2006, 13:31:46, SMTPSVC1, Exchange, 10.x.x.x,
0, 15, 51, 250, 0, HELO, -, hermin.com,
81.172.11.136, hermin.com, 5/1/2006, 13:31:46, SMTPSVC1, Exchange, 10.x.x.x,
16, 35, 48, 250, 0, MAIL, -, FROM:<saybatchelor@xxxxxxxxxx>,
81.172.11.136, hermin.com, 5/1/2006, 13:31:46, SMTPSVC1, Exchange, 10.x.x.x,
437, 36, 0, 550, 0, RCPT, -, TO:<x@xxxxx>,
81.172.11.136, hermin.com, 5/1/2006, 13:31:46, SMTPSVC1, Exchange, 10.x.x.x,
578, 36, 60, 240, 984, QUIT, -, hermin.com,
Thanks again for your help.
Mike
"Bharat Suneja [MVP]" wrote:
The perfmon counters show your RBLs are working... check your SMTP log for
connections terminated after HELO/EHLO with a 550 5.x.x
How to configure connection filtering to use Realtime Block Lists (RBLs) and
how to configure recipient filtering in Exchange 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;823866
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------
"Mike" <Mike@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:634156B5-78D8-4B08-AC03-2074BFB4B1ED@xxxxxxxxxxxxxxxx
With the counters you listed below, here are my results:
- Connections Rejected by Block List Providers : Average 41
- Block List DNS Queries Issued : Average 13500
- Failed Block List DNS Queries : 280
Does this look like the RBL is working? If these numbers are good, I'm
still
not seeing any entried in my SMTP logs. I have tried the W3 format and IIS
format for the logs and neither have any RBL entried.
Thanks,
Mike
"Bharat Suneja [MVP]" wrote:
To ensure RBLs are working you can also check perfmon counters.
Perfmon object: MSExchange Transport Filter Sink
Counters (each have their /sec equivalents):
- Connections Rejected by Block List Providers
- Block List DNS Queries Issued
and also:
- Failed Block List DNS Queries
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------
"Mike" <Mike@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D75D897E-9092-489B-9FDA-F9ABE57B70E9@xxxxxxxxxxxxxxxx
Thanks. That makes sense! :)
I've checked out my SMTP logs, but what I'm I supposed to see in order
to
know that the Black lists are working? I've looked through the logs for
the
relay codes but didn't find any. Can you or someone post an example?
Thanks,
Mike
"Bharat Suneja [MVP]" wrote:
Check your SMTP logs.
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------
"Mike" <Mike@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5BFA0F46-9A81-41D2-864D-3C5C132E381E@xxxxxxxxxxxxxxxx
Hello,
I've configure my exchange server to use blacklists to help reduce
the
amount of spam we are receiving. When something is blocked/rejected,
does
exchange store the rejected source in a log file somewhere on the
server?
Do
I need to enable this?
Thanks,
Mike
Text from most Windows dialogs can be copied to clipboard with Ctrl-INS.
Free productivity applications suit - www.openoffice.org
Free Internet calling - www.skype.com
Free SQL database Firebird - full support for transaction control,
triggers, stored procedures, partial SQL-99 compliance
http://www.ibphoenix.com/main.nfs?a=ibphoenix&s=1142758270:704186&page=what_is_interbase
- Follow-Ups:
- Re: Exchange 2003 Black Lists
- From: Kirill Palagin
- Re: Exchange 2003 Black Lists
- References:
- Re: Exchange 2003 Black Lists
- From: Bharat Suneja [MVP]
- Re: Exchange 2003 Black Lists
- From: Bharat Suneja [MVP]
- Re: Exchange 2003 Black Lists
- From: Mike
- Re: Exchange 2003 Black Lists
- From: Bharat Suneja [MVP]
- Re: Exchange 2003 Black Lists
- From: Mike
- Re: Exchange 2003 Black Lists
- From: Kirill Palagin
- Re: Exchange 2003 Black Lists
- From: Mike
- Re: Exchange 2003 Black Lists
- From: Kirill Palagin
- Re: Exchange 2003 Black Lists
- From: Mike
- Re: Exchange 2003 Black Lists
- From: Kirill Palagin
- Re: Exchange 2003 Black Lists
- Prev by Date: Re: Exchange SMTP Relay Export list ipsec.vbs
- Next by Date: Re: Recover email from Transaction Log
- Previous by thread: Re: Exchange 2003 Black Lists
- Next by thread: Re: Exchange 2003 Black Lists
- Index(es):
Relevant Pages
|
