Jump to content
Sign in to follow this  
epgeek

Using the SC Blocklist with Exchange 2003

Recommended Posts

I want to try the spam Cop BL on my MS Exchange 2003 Server. I have instructions that say: "Fill in the display name of the DNSBL you are configuring and put the lookup zone in the DNS Suffix of Provider field." This is probably a rookie question but what is the "display name of the DNSBL"? Is it <bl.spamcop.net> or <bl.spamcop> ??? and what is the DNS Suffix of Provider field? Is it <.net> or <spamcop.net> or ? Also has anyone (any enduser and not an ISP) had recent experience running the SCBL with Exchange2003?

Any help would be greatly appreciated.

Share this post


Link to post
Share on other sites

Hi epgeek

I use the SCBL with Exchange 2003 and have been very happy with the results.

As for your questions:

The display name is simply a name that you will see in the list. I use "spamcop"

The DNS Suffix is the what is added to the end of the IP address and then resolved to determine if an address is listed. for spamcop, the DNS Suffix is "bl.spamcop.net" (without the quotes of course).

You may also want to consider using a couple other lists with spamcop. I use sbl-xbl.spamhaus.org and dnsbl.sorbs.net in addition to the spamcop list and find the results to be excellent.

I have also recently added several country blocklists for China, Korea, Nigeria, Russia, Brazil, and several other countries that we simply have no reason to do business with, and that has improved my spam blocking even more.

Also, make sure to install SP2, as it contains some important updates for Intelligent Message Filtering.

Share this post


Link to post
Share on other sites

Thanks Telarin ... e-mail kicked upstream asking for an update to the 'official' FAQ .... noting that the single-page-access-expanded version 'here' simply points back to that FAQ at present .... Looks like an opportunity for yet another SCWiki page entry, but thinking that a bit more data might be required to make that page stand alone ....????

Share this post


Link to post
Share on other sites

Thanks to all for the help. I have followed your suggestions for implementing the SC block list, and have cut out at least 50% of the spam. I followed Telarin's instructions for creating a connection filter. Then I had to "apply the connection filter to the SMTP virtual server according to MS KB 823866. I intend to add the additional blocking lists that Telarin suggested, but I thought I'd observe the effects of the SC blocking list for several days prior to adding any more BL's. Again my sincere thanks to Telarin and Wazoo and the SC Forum for helping me win the battle against the spammer hordes.

Share this post


Link to post
Share on other sites

Another suggestion that will help make false positives and whitelisting easier to resolve.

In the connection filtering window, click the Exceptions button, and add you postmaster address (or a less spammed address such as whitelist[at]yourdomain.com, though technically the postmaster address really shouldn't be filtered). Then configure your custom message on the blocklist screen to something like:

Your mail server %0, has been prevented from sending mail to yourdomain.com because it is listed on the SpamCop block list. To be whitelisted, please send an email from the same account to postmaster[at]yourdomain.com

That gives a user that is blocked all the import information they need:

Who blocked them (yourdomain.com)

Their connecting IP address (Exchange puts this in place of the %0 automatically)

Why they were blocked (on the SCBL)

And most importantly, what to do about it (contact postmaster[at]yourdomain.com)

By having the postmaster[at]yourdomain.com listed in your exceptions, their email to that address should bypass the connection filtering, allowing you to look at the headers, and whitelist their mail server if you feel it is appropriate. Yes, this means that you will have to deal with spam on the postmaster account, but most spammers seem to auto-listwash postmaster and abuse addresses as they know we will report them as a matter of course.

When this happens, I generally tell them that the whitelisting will be temporary, and that they will still need to deal with the problem of getting of the BL, that seems to encourage them to get their IT department involved and get things fixed.

Share this post


Link to post
Share on other sites

I have now added the spamhaus blocklist, and spam has slowed to a trickle. There are several countries that I would like to block, but I can't remember where to find them. To block out an entire country in Exchange 2003 can I use a known blocklist? Must I instead block some range of addresses? What I would like to avoid is having to build an inhouse custom block list as we are a small not for profit, and I don't have the resources for such a venture.

Share this post


Link to post
Share on other sites
... To block out an entire country in Exchange 2003 can I use a known blocklist? Must I instead block some range of addresses? What I would like to avoid is having to build an inhouse custom block list as we are a small not for profit, and I don't have the resources for such a venture.
Does Will's (Telarin's) post there are a number of them out there for almost any country you can think of. help?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×