Exchange 2012 Spam Filtering

Exchange and email servers have a feature that allows the server to check the sender to see if they are a known spammer. This is via a feature known as real time block list, or real time black lists. The technology uses DNS to determine if the sending server is know to send out spam. The systems work like this: someone setups a server to monitor spam. As the unsolicited emails arrive or are reported, they are added to the block list. If you are added to the block list for some reason, the list provider will usually provide details and how to get off the list.

Implementation

the older versions of Exchange provided administration of realtime block lists via the user interface. With newer Microsoft software, alot of the functionality has been moved to the command prompt known as “Power Shell”. The following command will install the selected block lists.

  • add-ipblocklistprovider -name "DNSBL" -LookupDomain DNSBL -RejectionResponse "Email rejected due to beig listed on DNSBL!" -AnyMatch $True

 

The above command will add the list to your server. Next are some examples and well know list providers.

  • add-ipblocklistprovider -name "spamsources.fabel.dk" -LookupDomain spamsources.fabel.dk -RejectionResponse "Email rejected due to IP {0} listed on spamsources.fabel.dk!" -AnyMatch $True
  • add-ipblocklistprovider -name "bl.spamcop.net" -LookupDomain bl.spamcop.net -RejectionResponse "Email rejected due to IP {0} listed on bl.spamcop.net!" -AnyMatch $True
  • add-ipblocklistprovider -name "dnsbl-1.uceprotect.net" -LookupDomain dnsbl-1.uceprotect.net -RejectionResponse "Email rejected due to IP {0} listed on dnsbl-1.uceprotect.net!" -AnyMatch $True
  • add-ipblocklistprovider -name "dnsbl-2.uceprotect.net" -LookupDomain dnsbl-2.uceprotect.net -RejectionResponse "Email rejected due to IP {0} listed on dnsbl-2.uceprotect.net!" -AnyMatch $True
  • add-ipblocklistprovider -name "dnsbl-3.uceprotect.net" -LookupDomain dnsbl-3.uceprotect.net -RejectionResponse "Email rejected due to IP {0} listed on dnsbl-3.uceprotect.net!" -AnyMatch $True
  • add-ipblocklistprovider -name "cbl.abuseat.org" -LookupDomain cbl.abuseat.org -RejectionResponse "Email rejected due to IP {0} listed on cbl.abuseat.org!" -AnyMatch $True
  • add-ipblocklistprovider -name "psbl.surriel.com" -LookupDomain psbl.surriel.com -RejectionResponse "Email rejected due to IP {0} listed on psbl.surriel.com!" -AnyMatch $True
  • add-ipblocklistprovider -name "zen.spamhaus.org" -LookupDomain zen.spamhaus.org -RejectionResponse "Email rejected due to IP {0} listed on zen.spamhaus.org!" -AnyMatch $True
  • add-ipblocklistprovider -name "noptr.spamrats.com" -LookupDomain noptr.spamrats.com -RejectionResponse "Email rejected due to IP {0}  listed on noptr.spamrats.com!" -AnyMatch $True
  • add-ipblocklistprovider -name "dyna.spamrats.com" -LookupDomain dyna.spamrats.com -RejectionResponse "Email rejected due to IP {0}  listed on dyna.spamrats.com!" -AnyMatch $True
  • add-ipblocklistprovider -name "spam.spamrats.com" -LookupDomain spam.spamrats.com -RejectionResponse "Email rejected due to IP {0}  listed on spam.spamrats.com!" -AnyMatch $True
  • add-ipblocklistprovider -name "smtp.dnsbl.sorbs.net" -LookupDomain smtp.dnsbl.sorbs.net -RejectionResponse "Email rejected due to IP {0}  listed on smtp.dnsbl.sorbs.net" -AnyMatch $True
  • add-ipblocklistprovider -name "badconf.rhsbl.sorbs.net" -LookupDomain badconf.rhsbl.sorbs.net -RejectionResponse "Email rejected due to IP {0}  listed on badconf.rhsbl.sorbs.net" -AnyMatch $True
  • add-ipblocklistprovider -name "dul.dnsbl.sorbs.net" -LookupDomain dul.dnsbl.sorbs.net -RejectionResponse "Email rejected due to IP {0}  listed on dul.dnsbl.sorbs.net" -AnyMatch $True
  • add-ipblocklistprovider -name "spam.dnsbl.sorbs.net" -LookupDomain spam.dnsbl.sorbs.net -RejectionResponse "Email rejected due to IP {0}  listed on spam.dnsbl.sorbs.net" -AnyMatch $True