LrdKanien
asked on
Exchange 2007 edge anti spam configuration
I have an Exchange 2007 edge server that is the 2nd mail server in a mail server chain. It has to accept the hand off from another mail server on the perimiter.
Perimiter Email Server ---> Edge Server ---> Hub Server
My problem is that the IP Block List always adds the IP of the perimiter mail server to its rules. I've had to disable that option, but I'd like to use it. My questions are:
1. Can I add the perimiter email servers IP to the allowed IP list and still gain Anti spam functionality?
2. What can I do to correct this?
3. What suggestions do you have to increase the anti-spam functionality of our exchange setup?
Perimiter Email Server ---> Edge Server ---> Hub Server
My problem is that the IP Block List always adds the IP of the perimiter mail server to its rules. I've had to disable that option, but I'd like to use it. My questions are:
1. Can I add the perimiter email servers IP to the allowed IP list and still gain Anti spam functionality?
2. What can I do to correct this?
3. What suggestions do you have to increase the anti-spam functionality of our exchange setup?
ASKER
When I set the perimeter email server as an allowed IP address I see a lot of email in the queue with an scl of -1 that is obviously spam.
Yeah ... so i think you need to remove them from the queue.
ASKER
what can I do about this? people are reporting they are not getting all of their mail. with antigen 2k3 I could view what it quaratined and choose to deliver it. How can I do the same with edge?
Next Hop Domain Delivery Type Status Message Count Next Retry Time Last Error
222-nero.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:25:46 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
bar-plate.com DnsConnectorDelivery Retry 2 Tuesday, May 26, 2009 1:25:45 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
bmnagano.com.hk DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:25:59 AM 421 4.4.0 Remote server response was not RFC conformant
bmoscooters.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:29:10 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
copypspgames.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:27:24 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
daiyuhousing.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:25:41 AM 451 4.4.0 Primary target IP address responded with: "421 4.4.2 Connection dropped." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
digicellintl.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:25:40 AM 451 4.4.0 Primary target IP address responded with: "421 Insufficient System Storage.(IMail 8.05)." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
djsession.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:26:44 AM 451 4.4.0 DNS query failed
exoticwoodfloor.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:27:24 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
filersjetskis.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:27:25 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
filerskawasaki.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:27:24 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
filerssleds.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:27:24 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
forefront.abacus-corp.com DnsConnectorDelivery Retry 9 Tuesday, May 26, 2009 1:27:24 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
go2gstaad.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:27:24 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
hotmai.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:29:09 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
husson-tcx.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:27:25 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
lapurajungla.com DnsConnectorDelivery Ready 1
lelioran.com DnsConnectorDelivery Ready 1
liebregts.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:24:28 AM 451 4.4.0 Primary target IP address responded with: "421 4.4.2 Connection dropped." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
longboard.com DnsConnectorDelivery Ready 1
maadionline.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:26:44 AM 451 4.4.0 DNS query failed
mailfb.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:25:59 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
mefilatin-plc.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:25:40 AM 451 4.4.0 DNS query failed
menuts.net DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:32:40 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
millionairematch.com DnsConnectorDelivery Ready 1
mimilk.com DnsConnectorDelivery Ready 1
nbase.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:25:39 AM 451 4.4.0 Primary target IP address responded with: "554 No SMTP service here." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
nerotek.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:27:24 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
netversys.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:27:25 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
nikommktg.com DnsConnectorDelivery Active 1
oati1.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:25:43 AM 451 4.4.0 Primary target IP address responded with: "421 4.4.2 Connection dropped." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
opportunityrover.com DnsConnectorDelivery Retry 3 Tuesday, May 26, 2009 1:25:39 AM 451 4.4.0 DNS query failed
overstockspas.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:25:59 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
potluckrecipe.com DnsConnectorDelivery Retry 2 Tuesday, May 26, 2009 1:27:26 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
raidguru.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:26:44 AM 451 4.4.0 DNS query failed
royalautos.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:32:39 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
royalcircle.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:27:24 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
rsys1.net DnsConnectorDelivery Active 1
slb.ru DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:27:24 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
stathersk.freeserve.co.uk DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:25:39 AM 451 4.4.0 DNS query failed
Submission Undefined Ready 0
surfingnicaragua.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:27:24 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
um.poznan.pl DnsConnectorDelivery Retry 10 Tuesday, May 26, 2009 1:27:26 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
whasp.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:27:24 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
xcelindia.com DnsConnectorDelivery Ready 1
yourbuilding.com DnsConnectorDelivery Retry 1 Tuesday, May 26, 2009 1:27:24 AM 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
[216.55.150.67] SmartHostConnectorDelivery Ready 0
Truely spaking no idea ........
ASKER
anyone know how to view the logs of the filters? You can use the message tracking, but that seems to only show mail that is delivered, how can I view mail that has been filtered for whatever reason?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm getting this same error at a location .... have disabled receive side scaling, DNS isn't an issue (can telnet, etc.) ... anti-virus not even installed on the server. Works from a different Exchange 2003 server.
Thoughts/ideas?
Thoughts/ideas?
http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning-architecture/uncovering-exchange-2007-edge-transport-server-part4.html
https://www.experts-exchange.com/questions/23941177/Deploying-Edge-transport-server-using-Hypervisor-or-VMWare.html?cid=236&anchorAnswerId=23053532#a23053532
http://technet.microsoft.com/en-us/library/bb123883(EXCHG.80).aspx
http://technet.microsoft.com/en-us/library/aa996008(EXCHG.80).aspx
http://msexchangeteam.com/archive/2006/11/17/431555.aspx