Providing you have Enabled Exchange 2010 Anti Spam and Enabled Exchange 2013 Anti Spam the read on!

IP Blocklist providers are a special type of DNS service provider that email admins can use to help reduce the amount of spam they must process on their systems. Exchange admins can configure their Edge Transport servers to use an IP Blocklist provider. Each time the Edge server processes a connection request from an external system it will send a DNS query to the IP Blocklist provider to see whether or that source is a known spammer.

If you want to use an IP Blocklist provider, you should look at the way each one develops and maintains their lists to make sure you are comfortable with how a system gets on the list, and how it can get off the list. You should also whitelist critical business partners, just in case they get on a list by mistake. That happens far more often than you’d think it would and it can take weeks to get off a list once you are on it. White listing ensures your choice of Blocklist provider won’t lead to any negative impact on the business.

You can use either the Exchange Management Console or the Exchange Management Shell to setup and configure an IP Blocklist provider. The EMS is much faster so we will cover it here. There are three cmdlets that are used when working with IP Blocklist providers; Add-IPBlockListProvider, Set-IPBlockListProvider, and Remove-IPBlockListProvider cmdlets. The following lines show examples of how to configure IP Blocklist providers. Enter each as single line of text in the EMS.

The following example adds a new IP Block List provider service called “SpamHaus IP Block List Provider,” and configures it to use bitmask matching for 127.0.0.1 (block messages from IP addresses that are on the block list):

Add-IPBlockListProvider -Name "SpamHaus IP Block List Provider" -LookupDomain "zen.spamhaus.org" -BitMaskMatch 127.0.0.1

The following example configures the same IP Block List provider service to use a custom rejection response:

Set-IPBlockListProvider "SpamHaus IP Block List Provider" -RejectionResponse "Your message was rejected because the IP address of the server sending your message is in the block list of contoso.com IP Block List Provider service. No soup for you."

The following example adds another IP Block List provider service called “SpamCop IP Block List Provider”, and configures it to use explicit response matching for 127.0.0.2 and 127.0.0.5 (the host is a known spam source or is an open relay). The command also adds this new provider as the top preferred provider.

Add-IPBlockListProvider -Name "SpamCop IP Block List Provider" -LookupDomain "bl.spamcop.net" -IPAddressesMatch "127.0.0.2","127.0.0.5" -Priority 1

If you want to remove a provider, you can go into the EMC to delete them, or use the

Remove-IPBlockListProvider

command in the EMS. When you set up a custom response messages, consider adding contact information so that is a legitimate admin is trying to debug an issue, they will know what is wrong, and how to contact you. No spammer will ever read these responses.

Exchange 2010 can make use of IP Blocklist providers, but you still have to select the one you want to use, and are dependent upon that provider to keep an essentially free service up to date. If you find IP Blocklists particularly valuable, you might also want to consider an anti-spam solution that takes advantage of these services. The subscription based IP Blocklists may cost a little bit each month, but can be far more reliable in the long run.

Tags: emc, ems

• Next
• Prev