Cry Exchange 2010 How To...

---

How to add an IP block list to Exchange 2010

---

Contents

• What is an IP block list?
• IP block list providers
• Install anti-spam features (if necessary)
• Add an IP block list

What is an IP block list?

An IP block list (also known as a DNSBL or DNS-black-hole-list) is a list of IP addresses which are known to be used by spammers to send SPAM emails. The idea is that if you block servers that are known to be used to generate SPAM then you will reduce the amount of SPAM that enters your Exchange server.

Using IP block lists can be a very effective way of blocking a considerable amount of spam.

A disadvantage of IP block lists is that occasionally a server may get onto a block list which is also used to generate legitimate emails.

IP block list providers

There are many companies and organisations which provide IP block lists. Some of these allow you to user their block lists provided your total number of queries (i.e. incoming emails) is less than a given number. However, please check their terms and conditions.

You can find a list of IP block lists here: http://www.moensted.dk/spam/ although I am sure that there are other lists of IP block lists available on the Internet.

The block lists which I personally use are:

• NIXSPAM (ix.dnsbl.manitu.net)
• Spanhaus (specifically zen.spamhaus.org, see www.spamhaus.org/zen)
• spamcop.net (specifically bl.spamcop.net, see http://www.spamcop.net/bl.shtml).

Install anti-spam features (if necessary)

The anti-spam agents available in Exchange are visible using Exchange Management Console. Navigate down to: Microsoft Exchange > Microsoft Exchange On-Premises (server name) > Organization Configuration > Hub Transport and then select the "Anti-spam" tab. You should then see the following agents listed:

• Content Filtering
• IP Allow List
• IP Allow List Providers
• IP Block List
• IP Block List Providers
• Recipient Filtering
• Sender Filtering
• Sender ID
• Sender Reputation

If you don't see these then you will need to install them. For a complete walkthrough of how to install these antispam agents see: http://social.technet.microsoft.com/wiki/contents/articles/13918.how-to-install-antispam-agents-in-exchange-2010.aspx or in summary:

1. Open Exchange Management Shell
2. type: "& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1" and hit return.
3. type: "Restart-Service MSExchangeTransport" and hit return.

Add an IP block list

IP block lists should be configured on your Exchange Edge Transport server if you have one, or the Exchange server which is used to receive emails from the internet.

Whilst it is not required in order to configure an IP block list, I would recommend that you also Turn on recipient filtering to prevent RNDR spam (follow the link for notes on how).

To add an IP block list:

1. Open Exchange Management Console
2. Navigate to: Microsoft Exchange > Microsoft Exchange On-Premises (server name) > Organization Configuration > Hub Transport
3. Select the tab "Anti-spam".

   If you don't see the tab "Anti-spam" then refer to "Install the necessary Anti-Spam features" above.

4. In the "Anti-spam" tab there will be a list of features listed, open the properties for the feature "IP Block List Providers".
5. In the "IP Block List Providers Properties" dialog, select the tab "Providers". This is where you will add any IP block lists that you intend to use.
6. For each IP block list you want to add click [Add ...] and enter the details in the dialog which opens.

   For example, to add Spamhaus I would enter "Spamhaus" as the provider name, and "zen.spamhaus.org" as the "lookup domain". Leaving the "return status codes" at their default of "Match any return code".

   Whilst you can configure the error message that a user sees should their email be blocked if their email server is on the block list, I tend to leave this set to the default error message.

   Repeat for each IP block list you intend to add.

---

These notes have been tested with Exchange Server 2010.