Jump to content
Sign in to follow this  
yobbo

[Resolved] Exchange 2003 SP2 Connection Filtering not working

Recommended Posts

I have exchange 2003 SP2 servers that I am trying to configure Connection Filtering for. I have read as much as i could here to do so and it still doesn't work, so I am looking for some help please.

I have added bl.spamcop.net as a dns suffix of provider

I have then configured my Default SMTP virtual server to use connection filtering

I then restarted the SMTP service

I look in the current sessions of the Default SMTP virtual server and there are hundreds of SMTP connections. I check IP's of these and they are listed in SC, yet they are not being blocked.

Am I missing something simple or have something configured wrong for this to not be working.

Any help would be greatly appreciated here.

Share this post


Link to post
Share on other sites

Hi!

...Did you look at the page referenced in the SpamCop FAQ (links to which appear near the top left of every SpamCop Forum page) entry labeled "How do I configure my mailserver to reject mail based on the blocklist?" Look for the link on that page labeled "Microsoft Exchange."

...The content there is pretty terse. If you need more specific information, please post follow-up questions here and hopefully someone else with some experience doing what you are trying to do will read your question and be willing to reply.

...Good luck!

Share this post


Link to post
Share on other sites

Hopefully an exchange user will hop in and help out.

To save time with dotting "i"s and crossing "t"s, some dumb confirmations sought:

  • You have Display Name: set to "spamcop"?
  • Enabled message filtering on your SMTP Virtual Server per MicroSoft Support 823866 ?

(Yes, I know you have enabled it but seeking to verify the process).

Share this post


Link to post
Share on other sites
I have exchange 2003 SP2 servers that I am trying to configure Connection Filtering for. I have read as much as i could here to do so and it still doesn't work, so I am looking for some help please.

Any help would be greatly appreciated here.

If this is a self learning exercise please continue

If you need this for a business might I suggest you enquire about your email needs being set-up for you?

http://www.spamcop.net/ces/contact.shtml

"Please select your type of question:"

Scroll down to

"Need information about protecting my small business from spam"

Google also offer an email account using your own domain name

SpamCop email servers are as good as you can get on the planet and at speeds as fast as you can receive

Fact is I use the Internet for purchases often and nothing shoots the companies toes off is unreliability

Share this post


Link to post
Share on other sites
...Did you look at the page referenced in the SpamCop FAQ (links to which appear near the top left of every SpamCop Forum page) entry labeled "How do I configure my mailserver to reject mail based on the blocklist?" Look for the link on that page labeled "Microsoft Exchange."

...The content there is pretty terse. If you need more specific information, please post follow-up questions here and hopefully someone else with some experience doing what you are trying to do will read your question and be willing to reply.

Yes I did use the instructions to the best of my knowledge. I don't know what terse means but there is only 2 lines of instructions for MSExchange.

Hopefully an exchange user will hop in and help out.

To save time with dotting "i"s and crossing "t"s, some dumb confirmations sought:

  • You have Display Name: set to "spamcop"?
  • Enabled message filtering on your SMTP Virtual Server per MicroSoft Support 823866 ?

(Yes, I know you have enabled it but seeking to verify the process).

How do I verify the process? Do I run logging or something similar?

If this is a self learning exercise please continue

This is more of a, "I have seen so many Exchange servers before, why does this 1 have hundreds of SMTP connections on it."

Share this post


Link to post
Share on other sites
...How do I verify the process? Do I run logging or something similar?...
No, no, just look at the step-by-step instructions in that link to satisfy yourself that's exactly what you did, make sure all the applicable steps were followed. I don't use Exchange, just pointing to where there is more complete documentation than in the SC link.

Share this post


Link to post
Share on other sites

Unfortunately I'm pretty sure I followed all the necessary steps to get this working, it's just not working.

Is there any form of logging I can do or test to see if it should be working?

Share this post


Link to post
Share on other sites
<snip>

I don't know what terse means but there is only 2 lines of instructions for MSExchange.

<snip>

...Now you know (basically) what "terse" means! :) <g>

Share this post


Link to post
Share on other sites

Like others, I was hoping our Exchange 'knows-his-stuff' guy would happen by, but .... in the interim, I'll ask dumb questions. hoping that some other data might be forthcoming.

I have added bl.spamcop.net as a dns suffix of provider

It might just be terminology, but ???? The words "of provider" don't seem right to me. for sure, it doesn't seem to match the data/graphics provided at page 3 of Fighting spam with Exchange and Outlook 2003

I look in the current sessions of the Default SMTP virtual server and there are hundreds of SMTP connections.

I can't really guess at what this is supposed to mean. You've not stated anything about the actual use of this server, so there's no feeling about just what "hundreds of connections" might actually describe. Incoming or outgoing? As compared to what level of traffic prior to your attempted configuration change, one every blue moon or a decrease from thousands?

I check IP's of these and they are listed in SC, yet they are not being blocked.

Am I missing something simple or have something configured wrong for this to not be working.

Is there any form of logging I can do or test to see if it should be working?

I really don't belive that "looking at sessions" is the same as "evaluating the logs" ... specifically, there may br a 'session' when an attempted e-mail transfer is initiated, but the actual 'handling/blocking/whatever' won't happen until that attempted connection and data gets evaluated.

In addition to other previously suggested regerences, I'll add one out of the FAQ here, http://www.slipstick.com/exs/exs2003.htm

Share this post


Link to post
Share on other sites

When you add a connection filtering rule for example bl.spamcop.net you are asked for :-

1. Display name (in this case spam cop)

2. DNS suffix of provider (in this case bl.spamcop.net)

I can't really guess at what this is supposed to mean. You've not stated anything about the actual use of this server, so there's no feeling about just what "hundreds of connections" might actually describe. Incoming or outgoing? As compared to what level of traffic prior to your attempted configuration change, one every blue moon or a decrease from thousands?

This is where it gets difficult to explain unless you are familiar with Microsoft Exchange. When I described hundreds of connections I didn't mention that there is nothing in the Queues, meaning that I am sure that the server is not Open Relay. Hundreds of connections means just that. There are hundreds of connections. If you had a mail server that is getting exploited and there are hundreds of known spamming ip's connected to it, then you would see hundreds of connections. Incoming. And just because they are connected does not mean that they will be sending mail, it just means they are connected and taking up a limited number of slots and therefore stopping legitimate mail coming in. No change before or after the config changes. Well not noticeable over 'hundreds of connections'

Share this post


Link to post
Share on other sites

That behavior is normal. The computer still has to connect and handshake before the connection can be dropped. I don't think exchange actually drops the SMTP connection until after the RCPT TO stage, so it is normal, especially on a high traffic server to show these connections that will eventually be dropped in the current connections list. To really see if it is working or not, check messages you are receiving and see if any of them are from IPs currently listed in spamcop. Also note that any entries in your Global Accept list will override BL entries.

Personally, I use Exchange 2003 SP2 with spamcop, spamhaus, a couple country specific BLs, and an internal BL that I maintain using the built in DNS server in Windows Server, and it works quite well for me.

Share this post


Link to post
Share on other sites

Problem solved!!!!

Believe this or not. bl.spamcop.net could not be resolved. I cannot explain why or how, but after a change to some dns settings it now works fine. I'm down to like no more than 6 or so connections now.

Happy days.

Thanks to everyone that tried to help.

Share this post


Link to post
Share on other sites
Problem solved!!!!

Believe this or not. bl.spamcop.net could not be resolved. I cannot explain why or how, but after a change to some dns settings it now works fine. I'm down to like no more than 6 or so connections now.

Happy days.

Thanks to everyone that tried to help.

Thanks for passing on the good news. Marking 'resolved'.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×