Member_2_6582184
asked on
How to configure and test RBLs in Exchange 2013 EMS?
Hello Experts,
I have an Exchange server with AntiSpam tools installed. I also configured Spamhaus as RBL provider:
How can I get them to work?
Thanks!
PS: My Content filter config:
I have an Exchange server with AntiSpam tools installed. I also configured Spamhaus as RBL provider:
[PS] C:\Windows\system32>Get-IPBlockListProvider spamhaus|fl
RunspaceId : c643d126-7eef-4c63-9f0c-ac95345affc5
RejectionResponse :
LookupDomain : zen.spamhaus.org
Enabled : True
AnyMatch : True
BitmaskMatch :
IPAddressesMatch : {}
Priority : 3
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Spamhaus
...
When I test it, I get no result, though at the moment of wrting this IP is listed in zen.spamhaus.org:[PS] C:\Windows\system32>Test-IPBlockListProvider -IPAddress 186.128.36.149 -Identity spamhaus
RunspaceId : c643d126-7eef-4c63-9f0c-ac95345affc5
Provider : Spamhaus
ProviderResult : {}
Matched : False
Since I just got mail from this IP, I figure the test is correct and RBLs are not working. How can I get them to work?
Thanks!
PS: My Content filter config:
[PS] C:\Windows\system32>Get-ContentFilterConfig|fl
RunspaceId : c643d126-7eef-4c63-9f0c-ac95345affc5
Name : ContentFilterConfig
RejectionResponse : Message rejected as spam by Content Filtering.
OutlookEmailPostmarkValidationEnabled : True
BypassedRecipients : {}
QuarantineMailbox :
SCLRejectThreshold : 7
SCLRejectEnabled : True
SCLDeleteThreshold : 9
SCLDeleteEnabled : False
SCLQuarantineThreshold : 9
SCLQuarantineEnabled : False
BypassedSenders : {}
BypassedSenderDomains : {}
Enabled : True
ExternalMailEnabled : True
InternalMailEnabled : False
AdminDisplayName :
ASKER
Strange; I ran the exact command today and there you go, a match:
I think this may be spamhaus in the end?:
[PS] C:\Windows\system32>nslookup 127.0.0.2.zen.spamhaus.org
Non-authoritative answer:
DNS request timed out.
timeout was 2 seconds.
Name: 127.0.0.2.zen.spamhaus.org
Address: 127.0.0.11
[PS] C:\Windows\system32>Test-IPBlockListProvider -IPAddress 186.128.36.14 -Identity spamhaus
Creating a new session for implicit remoting of "Test-IPBlockListProvider" command...
RunspaceId : 7e599ce9-3c5f-415a-a92d-aae8fc7e327a
Provider : Spamhaus
ProviderResult : {127.0.0.11}
Matched : True
I think this may be spamhaus in the end?:
[PS] C:\Windows\system32>Get-IPBlockListProvider|Test-IPBlockListProvider -ip 127.0.0.2
RunspaceId : 9fb0b5c1-7cb0-4ea6-9102-bef6709a5cb1
Provider : Spamhaus
ProviderResult : {}
Matched : False
RunspaceId : 9fb0b5c1-7cb0-4ea6-9102-bef6709a5cb1
Provider : UCE protect lvl 2
ProviderResult : {127.0.0.2}
Matched : True
RunspaceId : 9fb0b5c1-7cb0-4ea6-9102-bef6709a5cb1
Provider : Sorbs
ProviderResult : {127.0.0.10, 127.0.0.5, 127.0.0.7, 127.0.0.2, 127.0.0.3, 127.0.0.9, 127.0.0.14, 127.0.0.4, 127.0.0.6,
127.0.0.8}
Matched : True
RunspaceId : 9fb0b5c1-7cb0-4ea6-9102-bef6709a5cb1
Provider : UCE Protect backscatter
ProviderResult : {127.0.0.2}
Matched : True
RunspaceId : 9fb0b5c1-7cb0-4ea6-9102-bef6709a5cb1
Provider : UCE protect lvl 1 konservativ
ProviderResult : {127.0.0.2}
Matched : True
RunspaceId : 9fb0b5c1-7cb0-4ea6-9102-bef6709a5cb1
Provider : UCE protect lvl 3 superkrass
ProviderResult : {127.0.0.2}
Matched : True
RunspaceId : 9fb0b5c1-7cb0-4ea6-9102-bef6709a5cb1
Provider : junkemailfilter.com
ProviderResult : {127.0.0.2, 127.0.0.1, 127.0.0.3, 127.0.0.4, 127.0.0.5, 127.0.1.1, 127.0.1.2, 127.0.1.3, 127.0.2.3}
Matched : True
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Arnold, thanks a lot.
Turns out to be Spamhaus; I lowered the priority of this Block List Provider in Exchange.
Turns out to be Spamhaus; I lowered the priority of this Block List Provider in Exchange.
Mxtoolbox.com has an RBL test tool
RBL-check.com
Dnsbl.info
Run nslookup 186.128.36.149.zen.sapmhau
Test 127.0.0.2.zen.spamhaus.org
Then try test-ipblocklistprovider -ipaddress 127.0.0.2 -identity spamhaus to confirm the same result I.e. That it is listed.