Re: Help with configuring Connection Filtering - RBL - zen.spamhaus.org

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hello Terence.
Thank you for the summary and the MS link.

Can you help me understand / explain -
In the DNS Suffix of Provider box, type the DNS suffix that the provider
appends to the IP address.

In the case of zen.spamhaus.org is it simply - zen.spamhaus.org or do I
need to do a DNS lookup of zen.spamhaus.org

Thank you again.

John


"Terence Liu [MSFT]" <v-terliu@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:pjLzRFk3HHA.4200@xxxxxxxxxxxxxxxxxxxxxxxxx
Hello John,

Thank you for posting here, and thanks for SBS Rocker's inputs.

SBS Rocker is correct, we have to perform 2 steps to configure the
Connection Filtering on Exchange: Add the RBLs in the Message Delivery
properties window; select the Apply Connection Filter check box in Default
SMTP Virtual Server properties window.

First, I want to explain how the Connection Filtering works:

Connection filtering is a rule that the Simple Mail Transfer Protocol
(SMTP) uses to determine whether a sending computer's Internet Protocol
(IP) address appears on a Realtime Block List (RBL). An RBL is a database
that is created by an entity to record potential sources of unsolicited
commercial e-mail (UCE) or of bulk e-mail. UCE is also known as spam. Some
of the potential sources of UCE or of bulk e-mail include e-mail servers
that are configured as "open" relays or dial-up accounts.

SMTP uses connection filtering to perform a Domain Name System (DNS) query
for the IP address of the sending mail server. Exchange Server 2003 sends
the query to the RBL provider to see whether the host record (also known
as
the A record) of the sending mail server appears in the RBL. The RBL
provider checks its DNS records for the existence of the sending mail
server's host record. The RBL provider looks for this host record in the
following format:

Reverse IP address of the sending mail server . DNS suffix of the RBL
provider

For example, if the sending mail server's IP address is 172.16.21.5 and if
the RBL provider's DNS suffix is contoso.com, Exchange 2003 queries for
5.21.16.172.contoso.com.

The RBL provider returns one of the following responses:
a. "Host Not Found": The RBL provider returns this response if the
requested IP address does not exist in the provider's DNS.
b. "127.0.0. Status code ": The RBL provider returns this response if the
requested IP address is present in the provider's DNS. Status code
indicates the type of offense. This status code may vary among providers
because no current standard exists.

If the IP address is present in the RBL provider's DNS, SMTP returns the
following error message in response to the sending mail server's RCPT TO
command:

550 5.x.x

You can use several connection filters to prioritize the order that each
filter is applied in. If multiple RBL providers are used, each provider is
queried in the order that they appear in Exchange 2003. Exchange Server
does not query other RBL providers in the list if it obtains a match from
a
previous provider.

I. Create a connection filter

To create a connection filter in Exchange 2003, follow these steps:
1. Start Exchange System Manager.
2. Expand Global Settings, right-click Message Delivery, and then click
Properties.
3. Click the Connection Filtering tab.
4. To create a connection filter rule, click Add.
5. In the Display Name box, type a name for the connection filter.
6. In the DNS Suffix of Provider box, type the DNS suffix that the
provider appends to the IP address.
7. In the Custom Error Message to Return box, type a custom error message
to return to the sender.

Leave this field blank if you want to use the default error message. The
default error message is:

IP address has been blocked by Rule name of the connection filter

You can generate a custom message by using the following variables:

%0 : IP address of the sending mail server
%1 : Rule name of the connection filter
%2 : The RBL provider

For example, if you type The IP address %0 was rejected by the Realtime
Block List provider %2. in the Custom Error Message to Return box, the
following custom error message is generated:

The IP address IP address was rejected by the Realtime Block List provider
RBL provider .

8. To configure the return status codes that are received from the RBL
provider that you want to match in this connection filter, click Return
Status Code, and then do one of the following:
a. Click Match Filter Rule to Any Return Code to set the default value
that
matches the connection filter to any return status.
b. Click Match Filter Rule to the Following Mask, and then type the bit
mask that you want to filter against. Base the bit mask on the bit masks
that your providers use.

Note A bit mask only checks against a single value. If you set a bit mask
value that is returned when an IP address appears on two lists, the bit
mask only matches IP addresses that match both settings.

c. Click Match Filter Rule to Any of the Following Responses, and then
type
the return codes that you want to filter with.

When you are finished configuring the items in the Return Status Code
dialog box, click OK.

9. Click OK two times.
10. When you receive the following message, click OK:

Connection, Recipient, and Sender Filtering must be manually enabled on
specific SMTP virtual server IP address assignments as they are not
enabled
by default. For more information on how to enable any of the above
filtering types, read their associated help.

II. Apply the connection filter or the recipient filter or both to the
appropriate SMTP virtual servers

You must enable the connection filters and the recipient filters on each
SMTP virtual server where you want these settings to be applied. To apply
a
filter to a SMTP virtual server, follow these steps:
1. Start Exchange System Manager.
2. Expand Servers, expand Server Name , expand Protocols, and then expand
SMTP.
3. Right-click the SMTP virtual server where you want to apply the
filter,
and then click Properties.
4. On the General tab, click Advanced.
5. Click the IP address that you want to apply the filter to, and then
click Edit.
6. In the Identification dialog box, click to select either the Apply
Connection Filter check box or the Apply Recipient Filter check box.
7. Click OK, click OK, click Apply, and then click OK.
8. Restart the SMTP virtual server where you applied the filter.
9. Repeat steps 2 through 8 for each virtual server where you want to
apply the filter.

For more detail information, you can refer to the following KB:

How to configure connection filtering to use Realtime Block Lists (RBLs)
and how to configure recipient filtering in Exchange 2003
http://support.microsoft.com/?id=823866

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check
the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.

--------------------
| Reply-To: "John Revay" <johnrevay@xxxxxxxxxxx>
| From: "John Revay" <johnrevay@xxxxxxxxxxx>
| References: <OGlgjzb3HHA.5424@xxxxxxxxxxxxxxxxxxxx>
<eaiaiPc3HHA.2312@xxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Help with configuring Connection Filtering - RBL -
zen.spamhaus.org
| Date: Mon, 13 Aug 2007 21:38:17 -0400
| Lines: 44
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
| X-RFC2646: Format=Flowed; Response
| Message-ID: <un5oMPh3HHA.1184@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: ool-43564560.dyn.optonline.net 67.86.69.96
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:56310
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Regarding - Applying RBL to Connection Filtering
|
| Is it as simple as listing zen.spamhaus.org in the DNS Suffix of
Provider
| field of the rule?
|
|
|
|
|
| "SBS Rocker" <noreply@xxxxxxxxxxxx> wrote in message
| news:eaiaiPc3HHA.2312@xxxxxxxxxxxxxxxxxxxxxxx
| > Go to ESM/Global Settings/Message Delivery right click Properties.
| > "Connection filtering" tab. Apply your RBL's there. You also need to
| > "Apply" the Connection Filter on the Default SMTP Virtual Server under
| > Servers/Servername/Protocols/SMTP/Properties. General tab/Advanced.
| >
| > Some other good ones to use are:
| >
| > bl.spamcop.net
| > dul.dnsbl.sorbs.net
| > sbl-xbl.spamhaus.org
| >
| > list.dsbl.org
| >
| > relays.ordb.org
| >
| >
| > "John Revay" <johnrevay@xxxxxxxxxxx> wrote in message
| > news:OGlgjzb3HHA.5424@xxxxxxxxxxxxxxxxxxxxxxx
| >> Over the last week, I received several responses to a post re: RBL -
| >> Connection filtering - zen.spamhaus.org
| >>
| >> Can some one piont me in the proper direction re: how to configure
| >> zen.spamhaus.org in connection filering.
| >>
| >> I have google it...and looked at spamhaus.org - I did not see any
| >> documentation which specifially addressed this.
| >>
| >> Thank you
| >>
| >
| >
|
|
|



.

Relevant Pages