Re: Help with configuring Connection Filtering - RBL - zen.spamhau

Hello Jim,

Thank you for posting here.

For the step 6:

To configure the return status codes that are received from the RBL
provider that you want to match in this connection filter, click Return
Status Code, and then do one of the following:
a. Click Match Filter Rule to Any Return Code to set the default value that
matches the connection filter to any return status.
b. Click Match Filter Rule to the Following Mask, and then type the bit
mask that you want to filter against. Base the bit mask on the bit masks
that your providers use.

Note: A bit mask only checks against a single value. If you set a bit mask
value that is returned when an IP address appears on two lists, the bit
mask only matches IP addresses that match both settings.

c. Click Match Filter Rule to Any of the Following Responses, and then type
the return codes that you want to filter with.

http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20How%20To%20Use#201

If you still have concern on the configuration of connection filter, please
try to create a new post to get help.

Thanks for your understanding.

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Help with configuring Connection Filtering - RBL -
zen.spamhau
| thread-index: AcffLshWfqsWZojiRQitO7lIMMASWw==
| X-WBNR-Posting-Host: 207.46.193.207
| From: =?Utf-8?B?SmltIEJlaG5pbmc=?= <JimBehning@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <OGlgjzb3HHA.5424@xxxxxxxxxxxxxxxxxxxx>
<eaiaiPc3HHA.2312@xxxxxxxxxxxxxxxxxxxx>
<un5oMPh3HHA.1184@xxxxxxxxxxxxxxxxxxxx>
<pjLzRFk3HHA.4200@xxxxxxxxxxxxxxxxxxxxxx>
<us186ep3HHA.748@xxxxxxxxxxxxxxxxxxxx>
<eygfp9w3HHA.4100@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Help with configuring Connection Filtering - RBL -
zen.spamhau
| Date: Wed, 15 Aug 2007 04:24:02 -0700
| Lines: 306
| Message-ID: <1C689DC8-6FDF-4F2D-B767-AE0B07C6344E@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:56618
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| What does step 6 at the top do? I have turned on the connection filter
| without doing step 6. Five minutes later I am getting calls about remote
| people not able to send email to us.
|
| "Terence Liu [MSFT]" wrote:
|
| > Hello John,
| >
| > Thank you for kind update.
| >
| > You wonder how to fill the DNS Suffix of Provider box in Exchange
Server
| > 2003 Connection Filter. If I'm off base, please feel free to let me
know.
| >
| > Based on my knowledge, you need to input zen.spamhaus.org instead of
DNS
| > lookup of it. The Exchange server will do the DNS lookup automatic.
| >
| > For example, to add Spamhaus:
| >
| > 1. Click the Add button.
| > 2. Provide a Display Name. You can put anything you like in here.
| > 3. For the DNS Suffix, use zen.spamhaus.org
| > 4. Add a custom error message if desired. I use "Your message from %0
has
| > been identified by %1 as potential spam or other unwanted email and
blocked
| > by our scanning gateway. If you believe this was an error, please
forward
| > this message to [insert your abuse address here]. We apologize for
this
| > inconvenience.
| > 5. Click the Return Status Code button.
| > 6. Choose the option ''Match filter rule to the following mask" and
enter
| > 127.0.0.2 for the mask.
| > 7. Click OK to save the changes, then OK one more time.
| >
| > More info here:
| >
| > And for your information, you can refer to the following web link for
more
| > information.
| >
| >
http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20How%20To%20Use#201
| >
| > Hope this helps.
| >
| > Please let me know if you have any other concerns or questions.
| >
| > Thanks and have a nice day!
| >
| > Best regards,
| >
| > Terence Liu(MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Reply-To: "John Revay" <johnrevay@xxxxxxxxxxx>
| > | From: "John Revay" <johnrevay@xxxxxxxxxxx>
| > | References: <OGlgjzb3HHA.5424@xxxxxxxxxxxxxxxxxxxx>
| > <eaiaiPc3HHA.2312@xxxxxxxxxxxxxxxxxxxx>
| > <un5oMPh3HHA.1184@xxxxxxxxxxxxxxxxxxxx>
| > <pjLzRFk3HHA.4200@xxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: Help with configuring Connection Filtering - RBL -
| > zen.spamhaus.org
| > | Date: Tue, 14 Aug 2007 12:08:46 -0400
| > | Lines: 275
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <us186ep3HHA.748@xxxxxxxxxxxxxxxxxxxx>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: ool-44c3df0a.static.optonline.net 68.195.223.10
| > | Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:56474
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hello Terence.
| > | Thank you for the summary and the MS link.
| > |
| > | Can you help me understand / explain -
| > | In the DNS Suffix of Provider box, type the DNS suffix that the
provider
| > | appends to the IP address.
| > |
| > | In the case of zen.spamhaus.org is it simply - zen.spamhaus.org or
do I
| > | need to do a DNS lookup of zen.spamhaus.org
| > |
| > | Thank you again.
| > |
| > | John
| > |
| > |
| > | "Terence Liu [MSFT]" <v-terliu@xxxxxxxxxxxxxxxxxxxx> wrote in message
| > | news:pjLzRFk3HHA.4200@xxxxxxxxxxxxxxxxxxxxxxxxx
| > | > Hello John,
| > | >
| > | > Thank you for posting here, and thanks for SBS Rocker's inputs.
| > | >
| > | > SBS Rocker is correct, we have to perform 2 steps to configure the
| > | > Connection Filtering on Exchange: Add the RBLs in the Message
Delivery
| > | > properties window; select the Apply Connection Filter check box in
| > Default
| > | > SMTP Virtual Server properties window.
| > | >
| > | > First, I want to explain how the Connection Filtering works:
| > | >
| > | > Connection filtering is a rule that the Simple Mail Transfer
Protocol
| > | > (SMTP) uses to determine whether a sending computer's Internet
Protocol
| > | > (IP) address appears on a Realtime Block List (RBL). An RBL is a
| > database
| > | > that is created by an entity to record potential sources of
unsolicited
| > | > commercial e-mail (UCE) or of bulk e-mail. UCE is also known as
spam.
| > Some
| > | > of the potential sources of UCE or of bulk e-mail include e-mail
servers
| > | > that are configured as "open" relays or dial-up accounts.
| > | >
| > | > SMTP uses connection filtering to perform a Domain Name System
(DNS)
| > query
| > | > for the IP address of the sending mail server. Exchange Server 2003
| > sends
| > | > the query to the RBL provider to see whether the host record (also
| > known
| > | > as
| > | > the A record) of the sending mail server appears in the RBL. The RBL
| > | > provider checks its DNS records for the existence of the sending
mail
| > | > server's host record. The RBL provider looks for this host record
in the
| > | > following format:
| > | >
| > | > Reverse IP address of the sending mail server . DNS suffix of the
RBL
| > | > provider
| > | >
| > | > For example, if the sending mail server's IP address is 172.16.21.5
and
| > if
| > | > the RBL provider's DNS suffix is contoso.com, Exchange 2003 queries
for
| > | > 5.21.16.172.contoso.com.
| > | >
| > | > The RBL provider returns one of the following responses:
| > | > a. "Host Not Found": The RBL provider returns this response if the
| > | > requested IP address does not exist in the provider's DNS.
| > | > b. "127.0.0. Status code ": The RBL provider returns this response
if
| > the
| > | > requested IP address is present in the provider's DNS. Status code
| > | > indicates the type of offense. This status code may vary among
providers
| > | > because no current standard exists.
| > | >
| > | > If the IP address is present in the RBL provider's DNS, SMTP
returns the
| > | > following error message in response to the sending mail server's
RCPT TO
| > | > command:
| > | >
| > | > 550 5.x.x
| > | >
| > | > You can use several connection filters to prioritize the order that
each
| > | > filter is applied in. If multiple RBL providers are used, each
provider
| > is
| > | > queried in the order that they appear in Exchange 2003. Exchange
Server
| > | > does not query other RBL providers in the list if it obtains a
match
| > from
| > | > a
| > | > previous provider.
| > | >
| > | > I. Create a connection filter
| > | >
| > | > To create a connection filter in Exchange 2003, follow these steps:
| > | > 1. Start Exchange System Manager.
| > | > 2. Expand Global Settings, right-click Message Delivery, and then
click
| > | > Properties.
| > | > 3. Click the Connection Filtering tab.
| > | > 4. To create a connection filter rule, click Add.
| > | > 5. In the Display Name box, type a name for the connection filter.
| > | > 6. In the DNS Suffix of Provider box, type the DNS suffix that the
| > | > provider appends to the IP address.
| > | > 7. In the Custom Error Message to Return box, type a custom error
| > message
| > | > to return to the sender.
| > | >
| > | > Leave this field blank if you want to use the default error
message. The
| > | > default error message is:
| > | >
| > | > IP address has been blocked by Rule name of the connection filter
| > | >
| > | > You can generate a custom message by using the following variables:
| > | >
| > | > %0 : IP address of the sending mail server
| > | > %1 : Rule name of the connection filter
| > | > %2 : The RBL provider
| > | >
| > | > For example, if you type The IP address %0 was rejected by the
Realtime
| > | > Block List provider %2. in the Custom Error Message to Return box,
the
| > | > following custom error message is generated:
| > | >
| > | > The IP address IP address was rejected by the Realtime Block List
| > provider
| > | > RBL provider .
| > | >
| > | > 8. To configure the return status codes that are received from the
RBL
| > | > provider that you want to match in this connection filter, click
Return
| > | > Status Code, and then do one of the following:
| > | > a. Click Match Filter Rule to Any Return Code to set the default
value
| > | > that
| > | > matches the connection filter to any return status.
| > | > b. Click Match Filter Rule to the Following Mask, and then type the
bit
| > | > mask that you want to filter against. Base the bit mask on the bit
masks
| > | > that your providers use.
| > | >
| > | > Note A bit mask only checks against a single value. If you set a
bit
| > mask
| > | > value that is returned when an IP address appears on two lists, the
bit
| > | > mask only matches IP addresses that match both settings.
| > | >
| > | > c. Click Match Filter Rule to Any of the Following Responses, and
then
| > | > type
| > | > the return codes that you want to filter with.
| > | >
| > | > When you are finished configuring the items in the Return Status
Code
| > | > dialog box, click OK.
| > | >
| > | > 9. Click OK two times.
| > | > 10. When you receive the following message, click OK:
| > | >
| > | > Connection, Recipient, and Sender Filtering must be manually
enabled on
| > | > specific SMTP virtual server IP address assignments as they are not
| > | > enabled
| > | > by default. For more information on how to enable any of the above
| > | > filtering types, read their associated help.
| > | >
| > | > II. Apply the connection filter or the recipient filter or both to
the
| > | > appropriate SMTP virtual servers
| > | >
| > | > You must enable the connection filters and the recipient filters on
each
| > | > SMTP virtual server where you want these settings to be applied. To
| > apply
| > | > a
| > | > filter to a SMTP virtual server, follow these steps:
| > | > 1. Start Exchange System Manager.
| > | > 2. Expand Servers, expand Server Name , expand Protocols, and then
| > expand
| > | > SMTP.
| > | > 3. Right-click the SMTP virtual server where you want to apply the
| > | > filter,
| > | > and then click Properties.
| > | > 4. On the General tab, click Advanced.
| > | > 5. Click the IP address that you want to apply the filter to, and
then
| > | > click Edit.
| > | > 6. In the Identification dialog box, click to select either the
Apply
| > | > Connection Filter check box or the Apply Recipient Filter check box.
| > | > 7. Click OK, click OK, click Apply, and then click OK.
| > | > 8. Restart the SMTP virtual server where you applied the filter.
| > | > 9. Repeat steps 2 through 8 for each virtual server where you want
to
| > | > apply the filter.
| > | >
| > | > For more detail information, you can refer to the following KB:
| > | >
| > | > How to configure connection filtering to use Realtime Block Lists
(RBLs)
| > | > and how to configure recipient filtering in Exchange 2003
| > | > http://support.microsoft.com/?id=823866
| > | >
| > | > I hope these steps will give you some help.
| > | >
| > | > Thanks and have a nice day!
| > | >
| > | > Best regards,
| > | >
| > | > Terence Liu(MSFT)
| > | >
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > =====================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
check
| > | > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
|

.