Link to home
Start Free TrialLog in
Avatar of Member_2_6582184
Member_2_6582184Flag for Germany

asked on

How to configure and test RBLs in Exchange 2013 EMS?

Hello Experts,

I have an Exchange server with AntiSpam tools installed. I also configured Spamhaus as RBL provider:
[PS] C:\Windows\system32>Get-IPBlockListProvider spamhaus|fl

RunspaceId        : c643d126-7eef-4c63-9f0c-ac95345affc5
RejectionResponse :
LookupDomain      : zen.spamhaus.org
Enabled           : True
AnyMatch          : True
BitmaskMatch      :
IPAddressesMatch  : {}
Priority          : 3
AdminDisplayName  :
ExchangeVersion   : 0.1 (8.0.535.0)
Name              : Spamhaus
...

Open in new window

When I test it, I get no result, though at the moment of wrting this IP is listed in zen.spamhaus.org:
[PS] C:\Windows\system32>Test-IPBlockListProvider -IPAddress 186.128.36.149 -Identity spamhaus

RunspaceId     : c643d126-7eef-4c63-9f0c-ac95345affc5
Provider       : Spamhaus
ProviderResult : {}
Matched        : False

Open in new window

Since I just got mail from this IP, I figure the test is correct and RBLs are not working.
How can I get them to work?

Thanks!

PS: My Content filter config:
[PS] C:\Windows\system32>Get-ContentFilterConfig|fl


RunspaceId                            : c643d126-7eef-4c63-9f0c-ac95345affc5
Name                                  : ContentFilterConfig
RejectionResponse                     : Message rejected as spam by Content Filtering.
OutlookEmailPostmarkValidationEnabled : True
BypassedRecipients                    : {}
QuarantineMailbox                     :
SCLRejectThreshold                    : 7
SCLRejectEnabled                      : True
SCLDeleteThreshold                    : 9
SCLDeleteEnabled                      : False
SCLQuarantineThreshold                : 9
SCLQuarantineEnabled                  : False
BypassedSenders                       : {}
BypassedSenderDomains                 : {}
Enabled                               : True
ExternalMailEnabled                   : True
InternalMailEnabled                   : False
AdminDisplayName                      :

Open in new window

Avatar of arnold
arnold
Flag of United States of America image

The following are dnsbl test sites.


Mxtoolbox.com has an RBL test tool
RBL-check.com
Dnsbl.info


Run nslookup 186.128.36.149.zen.sapmhaus.org to see if it is or is not listed.
Test 127.0.0.2.zen.spamhaus.org to see how it works.
Then try test-ipblocklistprovider -ipaddress 127.0.0.2 -identity spamhaus to confirm the same result I.e. That it is listed.
Avatar of Member_2_6582184

ASKER

Strange; I ran the exact command today and there you go, a match:
[PS] C:\Windows\system32>nslookup 127.0.0.2.zen.spamhaus.org

Non-authoritative answer:
DNS request timed out.
    timeout was 2 seconds.
Name:    127.0.0.2.zen.spamhaus.org
Address:  127.0.0.11

[PS] C:\Windows\system32>Test-IPBlockListProvider -IPAddress 186.128.36.14 -Identity spamhaus
Creating a new session for implicit remoting of "Test-IPBlockListProvider" command...

RunspaceId     : 7e599ce9-3c5f-415a-a92d-aae8fc7e327a
Provider       : Spamhaus
ProviderResult : {127.0.0.11}
Matched        : True

Open in new window


I think this may be spamhaus in the end?:

[PS] C:\Windows\system32>Get-IPBlockListProvider|Test-IPBlockListProvider -ip 127.0.0.2

RunspaceId     : 9fb0b5c1-7cb0-4ea6-9102-bef6709a5cb1
Provider       : Spamhaus
ProviderResult : {}
Matched        : False

RunspaceId     : 9fb0b5c1-7cb0-4ea6-9102-bef6709a5cb1
Provider       : UCE protect lvl 2
ProviderResult : {127.0.0.2}
Matched        : True

RunspaceId     : 9fb0b5c1-7cb0-4ea6-9102-bef6709a5cb1
Provider       : Sorbs
ProviderResult : {127.0.0.10, 127.0.0.5, 127.0.0.7, 127.0.0.2, 127.0.0.3, 127.0.0.9, 127.0.0.14, 127.0.0.4, 127.0.0.6,
                 127.0.0.8}
Matched        : True

RunspaceId     : 9fb0b5c1-7cb0-4ea6-9102-bef6709a5cb1
Provider       : UCE Protect backscatter
ProviderResult : {127.0.0.2}
Matched        : True

RunspaceId     : 9fb0b5c1-7cb0-4ea6-9102-bef6709a5cb1
Provider       : UCE protect lvl 1 konservativ
ProviderResult : {127.0.0.2}
Matched        : True

RunspaceId     : 9fb0b5c1-7cb0-4ea6-9102-bef6709a5cb1
Provider       : UCE protect lvl 3 superkrass
ProviderResult : {127.0.0.2}
Matched        : True

RunspaceId     : 9fb0b5c1-7cb0-4ea6-9102-bef6709a5cb1
Provider       : junkemailfilter.com
ProviderResult : {127.0.0.2, 127.0.0.1, 127.0.0.3, 127.0.0.4, 127.0.0.5, 127.0.1.1, 127.0.1.2, 127.0.1.3, 127.0.2.3}
Matched        : True

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Arnold, thanks a lot.
Turns out to be Spamhaus; I lowered the priority of this Block List Provider in Exchange.