How to set up an IP Blocklist Provider in Exchange 2010 and 2013

Written by Allen White on. Posted in Exchange 2010

Providing you have Enabled Exchange 2010 Anti Spam and Enabled Exchange 2013 Anti Spam the read on!

IP Blocklist providers are a special type of DNS service provider that email admins can use to help reduce the amount of spam they must process on their systems. Exchange admins can configure their Edge Transport servers to use an IP Blocklist provider. Each time the Edge server processes a connection request from an external system it will send a DNS query to the IP Blocklist provider to see whether or that source is a known spammer.

If you want to use an IP Blocklist provider, you should look at the way each one develops and maintains their lists to make sure you are comfortable with how a system gets on the list, and how it can get off the list. You should also whitelist critical business partners, just in case they get on a list by mistake. That happens far more often than you’d think it would and it can take weeks to get off a list once you are on it. White listing ensures your choice of Blocklist provider won’t lead to any negative impact on the business.

You can use either the Exchange Management Console or the Exchange Management Shell to setup and configure an IP Blocklist provider. The EMS is much faster so we will cover it here. There are three cmdlets that are used when working with IP Blocklist providers; Add-IPBlockListProvider, Set-IPBlockListProvider, and Remove-IPBlockListProvider cmdlets. The following lines show examples of how to configure IP Blocklist providers. Enter each as single line of text in the EMS.

The following example adds a new IP Block List provider service called “SpamHaus IP Block List Provider,” and configures it to use bitmask matching for 127.0.0.1 (block messages from IP addresses that are on the block list):

Add-IPBlockListProvider -Name "SpamHaus IP Block List Provider" -LookupDomain "zen.spamhaus.org" -BitMaskMatch 127.0.0.1

The following example configures the same IP Block List provider service to use a custom rejection response:

Set-IPBlockListProvider "SpamHaus IP Block List Provider" -RejectionResponse "Your message was rejected because the IP address of the server sending your message is in the block list of contoso.com IP Block List Provider service. No soup for you."

The following example adds another IP Block List provider service called “SpamCop IP Block List Provider”, and configures it to use explicit response matching for 127.0.0.2 and 127.0.0.5 (the host is a known spam source or is an open relay). The command also adds this new provider as the top preferred provider.

Add-IPBlockListProvider -Name "SpamCop IP Block List Provider" -LookupDomain "bl.spamcop.net" -IPAddressesMatch "127.0.0.2","127.0.0.5" -Priority 1

If you want to remove a provider, you can go into the EMC to delete them, or use the

Remove-IPBlockListProvider

command in the EMS. When you set up a custom response messages, consider adding contact information so that is a legitimate admin is trying to debug an issue, they will know what is wrong, and how to contact you. No spammer will ever read these responses.

Exchange 2010 can make use of IP Blocklist providers, but you still have to select the one you want to use, and are dependent upon that provider to keep an essentially free service up to date. If you find IP Blocklists particularly valuable, you might also want to consider an anti-spam solution that takes advantage of these services. The subscription based IP Blocklists may cost a little bit each month, but can be far more reliable in the long run.

 
 
Allen White
Allen is a Consultant for ITPS in the North East of England and holds the following accreditations. MCSA, MCSE, MCTS, MCITP, CCA, CCSP, VCP 4,5 and HP ASE, AIS - Network Infrastructure.

ITPS provides strategic IT consultancy, implementation, data centre provision and unified communications, as well as support services and workspace and disaster recovery. If you require a consultation then please contact me via the contacts section or direct on 07931222991, add me on linkedin. https://uk.linkedin.com/in/allenwhiteconsultant0001

Tags: ,

Comments (3)

  • mollet

    |

    Hey thanks for youre help on this, but its not -RejectionMessage, its -RejectionResponse

    bye

    Reply

    • Allen White

      |

      Hi, thanks, the article was a guest post from GFI, ive updated accordingley. Thanks again!

      Reply

  • Andy

    |

    Am I reading this right? The BitMaskMatch for zen.spamhaus.org doesn’t follow the 127.* return codes. If I understand their documentation, code 127.0.0.1 means the site is “known to be not listed” https://www.spamhaus.org/faq/section/DNSBL%20Usage#200

    zen.spamhaus.org returns 127.0.0.2-11 depending on which of the combined lists it is contained in.

    I used the following command to implement:
    Add-IPBlockListProvider -Name “SpamHaus IP Block List Provider” -LookupDomain zen.spamhaus.org -AnyMatch $true -Enabled $true

    Thank you for your articles. I enjoyed them very much.

    Reply

What Do You Think?

Search Solutions

Categories

(c) Techieshelp.com. Please be aware, all information is provided freely, any information used is done so at your risk and Techieshelp will not be held responsible for any issue that may occur.