I have been inspired by this thread to re-attempt to get RBL filtering working on my Exchange 2007 server. I tried before and couldn't get it to work.
I have added zen.spamhaus.org as an IP Block List provider and enabled it. But spam is still delivered! I studied a spam message that arrived this morning and got the source IP address. I confirmed on the spamhaus website that this ip address is on their list. I tried this script: get-ipblocklistprovider | test-ipblocklistprovider -ipaddress 115.138.46.65 and it seems to work! Exchange says that spamhaus reports this IP address as being a spam source. But then I try "get-antispamtoprblproviders" and it comes up blank. And when I send an email to spamhaus' "nelson-sbl-t...@crynwr.com" email address (which sends a reply from a black listed IP address), the email reply is received when it should be blocked. Have I forgotten to do something? Regards, Andrew From: Steve Szabo [mailto:steve...@gmail.com] Sent: 23 July 2010 01:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 Spam Filtering Have you thought about teaching him unsubscribe, or is he too high on the food chain to learn something like that? \\Steve// From: Brown, Larry [mailto:larry.br...@dplinc.com] Sent: Thursday, July 22, 2010 9:35 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 Spam Filtering Well, I have yet to find a message in his Junk email folder (he moves it there, and has about 500 addresses in his blocked senders list) that hasn't gone through our Edge transport according to the Header info. I have figured out that about 50% of what he gets are trade related 'newsletters' and 'news-bulletins'. He has either signed up for them and forgotten, or someone has signed him up without his knowledge. I could see someone signing him up as a form of aggravation since he is an executive that has been here for a long time. Since we are a publicly traded company, guessing or finding his address isn't that hard. And he refuses to discuss changing his email address. <sigh> FYI, adding b.barracudacentral.org<http://b.barracudacentral.org> to the other three RBL's we were already using, Zen.spamhaus.org Bl.spamcop.net Combined.njable.org Has dropped the amount of SPAM delivered to our quarantine folder by about 50%, and to his mailbox by 20%. There has only been one full day to check, but its apparent already that it has helped a great deal. Larry From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Wednesday, July 21, 2010 10:24 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 2007 Spam Filtering It looks like you know what you are doing and have done more work to stop spam than a lot of guys. With ZEROS getting through have you verified, as MBS suggested at the start of this thread, that in fact these messages are going through your edge servers? This looks like what you get when SPAM finds its way directly through a secondary MX pointer that may not be filtered on the same level.... On Tue, Jul 20, 2010 at 10:16 PM, Kurt Buff <kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>> wrote: My RBL of choice is zen.spamhaus.org<http://zen.spamhaus.org> But, it's running on a Maia Mailguard box. Cost was hardware and time. On Tue, Jul 20, 2010 at 09:00, Brown, Larry <larry.br...@dplinc.com<mailto:larry.br...@dplinc.com>> wrote: > Exchange 2007, SPAM SCL set to 7. > > > > To save money our company elected to rely on Exchange's native SPAM > filtering on the Exchange Edge servers. However, now we are getting > complaints about the high level of SPAM getting through to users. One user > is getting as many as 100 SPAM emails a day...and of course he is a VIP. > > > > He does not want to change his email address. But he does want us to "fix" > this problem without spending money. > > > > We are considering blocking Asian and Eastern European domains, as we don't > do business with those parts of the world. > > > > We also use free Real Time Black Lists (remember, can't spend money), Sender > ID check, and the open proxy test. > > > > Sadly, when reviewing a lot of the SPAM our user has received we have found > way too many SCL's of 0 for emails that are obviously SPAM. > > > > Oh, and lowering the SCL to 6 is also not an option, and it doesn't look > like it would make much of a difference anyway. > > > > Can anyone think of anything we have missed? Is there a way to tweak the > native anti-spam filtering to make it work better? Or is this as good as it > gets? > > > > > >
