Exchange 2003 and RBLs

We have a spam filter in place that I really do like.  It’s intuitive, has nice reports I can pull, and is easy to look at.  After I came into this job I noticed we were still getting more spam than we probably should.  It was getting sent to the quarantine folder, which is what was supposed to happen, but I felt like we shouldn’t have been getting the vast majority of the spam to begin with because the sources were on RBLs.  There is a setting in Sunbelt Email Security to enable RBLs but  if you have a perimeter network setup like we do there is no place to enter the IPs of the servers the mail passes through before hitting the mail server – the RBLs will not work.

The spam filter was working well enough, but well enough isn’t good enough for me when I know it can work better.  It was suggested that I install Exchange server in edge transport mode on the SMTP gateway/firewall and then install another copy of our spam filter on there to only handle the RBL portion of spam blocking.  But that didn’t seem like the best idea to me and my boss wasn’t sure if the licensing agreements we have would even allow that.  I didn’t like the idea of duplicating all of that and teaching myself to set up another version of exchange that would risk breaking mail for everyone here since I don’t have a test server to work on.

Originally I wanted to find out how to stop our firewall/SMTP gateway from stamping its IP address in the headers so that connection filtering would actually work in Email Security.  But endless hours of research did not find anything that worked.  I wanted to use Email Security because of the reports I could pull to find out where the spam was coming from and who it was going to, etc.  I finally gave in and came across information online about how Exchange 2003 has connection filtering.

Configure connection filtering in Exchange 2003

  1. Open Exchange System Manager -> Global Settings -> right-click Message Delivery -> Properties.
  2. The General tab is where you can add to the perimeter IP list if you have that type of network setup.
  3. Connection Filtering tab -> under Block List Service Configuration click Add.  Add any blacklists to this list that you want to use.  I’m using Spamhaus and Spamcop.
  4. I left all other settings as default.  But you could change the error message that a person receives when attempting to send email to you if they are on a blacklist.  See the source at the bottom for directions on how to do that.

Enable connection filtering on the virtual SMTP server

  1. Open Exchange System Manager -> Administrative Groups -> your domain -> Servers -> (server name) -> Protocols -> SMTP -> right-click on the virtual server you want to apply connection filtering to and go to properties.
  2. On the General tab click advanced, then edit and check the box for Apply Connection Filter.  Once you Hit OK on all the boxes and get back to Exchange System Manager you need to restart the virtual server you applied the filter to before it will take affect.  To do that you just right-click the virtual server and choose to stop the server and then do that again to start it.

Immediately after restarting the virtual server I was getting notifications for emails getting bounced because their source was on the blacklists I provided.  I had to disable the notifications so I wouldn’t get flooded, but it’s worth it.  Just in one day we’ve gone from 416 emails deleted or quarantined to 74.

Source: http://support.microsoft.com/kb/823866

, ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: