Ex2010-22 Configure Spam Protection
In this article we’ll talk about the peculiarities of functioning and setting RBL filters in Exchange 2013. Let’s remember what RBL is. RBL (Realtime Blackhole List) is a service that stores the database of IP addresses of mail servers detected as spammers. RBL is the most often accessed over DNS so these services are also called DNSBL (DNS Block Lists).
When getting a letter from an unknown sender, a mail server can automatically check these lists and block the mail from the IP addresses listed in the database. If the sender address match with the value from one of the RBL lists, the server returns an SMTP error message 550 5.x.x as the response to RCPT TO command, and the sender gets a Non delivery report (NDR).
In Exchange 2013, the Connection Filtering agent is responsible for blocking the connections based on the lists of IP addresses. The Connection Filtering agent includes:
The first two lists are static and maintained by the Exchange administrator manually. The list of RBL providers contains the list of third-party RBL resources to be checked when receiving a message.
In Exchange 2007/2010, the antispam filtering could be enabled using install-AntispamAgents.ps1 script. Both filtering agents (Connection Filtering and Content Filtering) installed on the same server with Hub Transport role. In Exchange 2013, the transport role is divided into two components: Front End Transport and Back End Transport, and the feature of the antispam filtering is divided into two parts. The Front End server performs Connection Filtering and the Back End server does the Content Filtering (including the IMF filter – Exchange Intelligent Message Filter and the virus detecting agent – Malware Agent).
In Exchange 2013, if CAS and Mailbox roles are installed on the same server, Install-AntispamAgents.ps1 installs only the Content Filtering agent. It means that RBL filtering won’t be available.
To install Connection Filtering agent, use Install-TransportAgent cmdlet:
Install-TransportAgent -Name "Connection Filtering Agent" -TransportService FrontEnd -TransportAgentFactory "Microsoft.Exchange.Transport.Agent.ConnectionFiltering.ConnectionFilteringAgentFactory" -AssemblyPath "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll"
After the agent is installed, it should be enabled and the Front End Transport service has to be restarted:
Enable-TransportAgent -TransportService FrontEnd -Identity "Connection Filtering Agent"
Restart-Service MSExchangeFrontEndTransport
To make sure that the Connection Filtering agent is installed and running, do the following:
Get-TransportAgent -TransportService FrontEnd
Next you have to specify the RBL providers to be used.
Note. Now the most popular RBL providers are Spamhaus and SpamCop.
Add-IPBlockListProvider -Name zen.spamhaus.org -LookupDomain zen.spamhaus.org -AnyMatch $true -Enabled $True
To change the text of the NDR (failure message), returned to the sender, execute this command:
Set-IPBlockListProvider zen.spamhaus.org -RejectionResponse "Your IP address is listed by Spamhaus Zen. You can delete it on page http://www.spamhaus.org/lookup/”
You can add multiple RBL providers at once, having studied their peculiarities and commercial use policies.You can display the list of currently used RBL as follows:
Get-IPBlockListProvider
You can check if a certain IP address is in the RBL list with the following command:
Test-IPBlockListProvider -Identity zen.spamhaus.org -IPAddress x.x.x.x
By default the logs of the Connection Filter agent are saved toC:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\AgentLog
After the initial information is collected (it depends on the size of the mail traffic, and usually takes up to 2-3 days), the RBL filtering statistics can be displayed using Get-AntispamTopRBLProviders.ps1 cmdlet
.\get-AntispamTopRBLProviders.ps1 -location "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\AgentLog"
After you started using RBL filtering, you have to study the logs carefully to check if there have been false positives.
The RBL lists are quite effective to protect from unwanted mail, but in the most cases they have to be used in combination with other anti spam methods to provide the robust antispam protection.
=======================================================================
from:http://tweaks.com/windows/40003/cut-down-on-spam-with-ip-block-list-providers-rbl/
Cut down on spam with IP Block List Providers (RBL)
Posted in Windows Server by Steve Sinchak
One easy way to make a huge dent in the amount of spam your Exchange organization receives is to configure the IP Block List Providers anti-spam agent. This component checks senders against known databases of spammers, infected computers and open relays. Also known as real-time block lists (RBL), they are provided by a number of non-profit and for profit companies. From my experience I like using the free block lists provided by:
Adding the IP Block List provider to Exchange is very simple, just open up the Exchange Management Shell and run the command below:
Add-IPBlockListProvider -Name SpamHaus -LookupDomain zen.spamhaus.org -AnyMatch $True -Enabled $True -RejectionResponse “Your IP is on the spamhaus.org block list“
For other block list providers just modify the Name, LookupDomain and RejectionRespose.
After you add a IP block list provider you can run get-ipblocklistprovider to list all installed. If you want to delete a provider run Remove-IPBlockListProvider -identity and hit enter.
Some IP Block List providers have test addresses that allow you to see if your block list is working. For SpamHaus Zen just send an e-mail to [email protected] and you will get the results back via e-mail in a few minutes.
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
【Office 365】계층형 주소록의 계층구조를 리스트에 출력하는 PowerShell 스크립트를 작성했다Office 365(Exchange Online)의 계층형 주소록의 계층 구조를 목록에 출력하는 PowerShell 스크립트를 작성했으므로 메모. 가공 용이성 중시의 리스트를 출력하는 스크립트와 확실히 알기 쉬움 중...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.