Re: Connection Filtering rejecting all emails

---

• From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 17 Sep 2007 11:12:56 -0400

---

Peter Jones <p.jones+usenet@xxxxxxxxxxxxxx> wrote:

On Sat, 15 Sep 2007 12:46:19 -0400, "Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Peter Jones <tweeter@xxxxxxxxxxxxxx> wrote:

I've set up my fair share of Exchange boxes

You've posted this in an Exchange 2000 group for some reason....try
microsoft.public.exchange.admin for the most eyes on your posts, in
the future.

for clients of mine and
have some experience setting up Connection Filtering to use public
Blacklists. I'm running into an issue where a couple of them are
rejecting all email

All? Entirely? Including from, say, Hotmail/Yahoo? Citibank?

Yes. At least Mindspring and gmail.

That's not many, but OK.

saying that the originator is on the Blacklist.
Both machine are SBS servers and I have gone over them to make sure
they are not set up differently than the ones I have setup and are
working.

Here is what I have set up:

Display name: Spamhaus
DNS Suffix of Provider: zen.spamhaus.org

I like them....

Customer Error Message to Return: The IP address %0 was rejected by
the Realtime Block List provider %2.

I also like to set up a custom message to return ...saying what
yours does, but appending "....if you believe this is in error,
please call our office at (main phone number)."

I have rules aslso set up for list.dsbl.org, bl.spamcop.net, and
dnsbl.njabl.org.

I wouldn't use those, myself. I use zen.spamhaus.org alone.

I made sure the public IP address and A record for the mail server

You mean, the receiving Exchange server, right?

Yes.

forward and reverse to each other.

That's fine, but won't be relevant here...

I also made sure that the IP
addresses of both my and the problem machines are not on the any of
the blacklists (tested via dnsgoodies.com.)

Maybe that's not the best place to look? Always check on the
blocklist provider's website.

It yields the same results.

Here is the message I get back in the bouce (with some some small
edits):

Your message did not reach some or all of the intended recipients.

Subject: Test for Bounces
Sent: 9/15/2007 11:34 AM

The following recipient(s) could not be reached:

administrator@nopenadanoway on 9/15/2007 11:34 AM
You do not have permission to send to this recipient.
For assistance, contact your system administrator.
<mail.nopenada.com #5.7.1 smtp;550 5.7.1 $$.$$.85.2 has
been blocked by list.dsbl.org>

The message seems pretty clear to me - did you check dsbl.org ?
http://dsbl.org/main
http://dsbl.org/listing

It shows no listing for the IP reported in the email.

Hmmm. Well, I still can't see how this would be a problem with your Exchange
server. I would stop using these RBLs, and just stick with spamhaus,myself.
There's not going to be any useful logging in here, as far as I know (one of
the main reasons I much prefer Vamsoft/ORF)

Masking IPs/domain names makes it more difficult to troubleshoot.

Anyone experienced this that could point me in the rigth direction?

Thanks,

Peter

Bottom line, don't use RBLs maintained by the overzealous. It's
better to get spam than to reject legit business mail.

Another, easier-to-manage, option would be to use Vamsoft's ORF
instead of configuring your RBLs and other filtering in the Exchange
server directly - it's got very good logging, whitelisting, and so
forth, which Exchange alone doesn't have. You can still use the
RBLs of your choice. zen.spamhaus.org doesn't seem to generate false
positives in my opinion. I abhor spamcop.

.

---

• Follow-Ups:
  • Re: Connection Filtering rejecting all emails
    • From: Peter Jones

• References:
  • Connection Filtering rejecting all emails
    • From: Peter Jones
  • Re: Connection Filtering rejecting all emails
    • From: Lanwench [MVP - Exchange]
  • Re: Connection Filtering rejecting all emails
    • From: Peter Jones

• Prev by Date: Re: Connection Filtering rejecting all emails
• Next by Date: Re: Connection Filtering rejecting all emails
• Previous by thread: Re: Connection Filtering rejecting all emails
• Next by thread: Re: Connection Filtering rejecting all emails
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Exchange Disaster Recovery Server ... The backup server is setup also in the lab so I ... >>> The Microsoft Exchange Server computer is not available. ... >>> Microsoft Exchange Server Information Store ... (microsoft.public.exchange2000.admin) Exchange 2003 SP1 periodicaly losses connection to active directory for about 30 minutes ... We have active directory in two servers but the mail server fails to ... the promotion of the server to active directory the exchange was up. ... After a Domain Controller is promoted to a Global Catalog, ... (microsoft.public.exchange.connectivity) Exchange 2003 SP1 periodicaly losses connection to active directory for about 30 minutes ... We have active directory in two servers but the mail server fails to ... the promotion of the server to active directory the exchange was up. ... After a Domain Controller is promoted to a Global Catalog, ... (microsoft.public.exchange.misc) Re: LDAP Bind Unsuccessful ... We have a similar problem with Exchange 2003 and two DC servers 2003. ... After a Domain Controller is promoted to a Global Catalog, ... server that is designated to be a Global Catalog Server but did ... (microsoft.public.exchange2000.active.directory.integration) Exchange Service Pack 1 Install fails ... I have a Small Business Server 2003 set up. ... Exchange SP1 resolves. ... before installing this Microsoft Exchange Server Service Pack. ... (microsoft.public.exchange.setup)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Exchange  > microsoft.public.exchange2000.admin  > 2007-09