Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Is it possible to set SCL using an RBL in Exchange 2010?

Posted on 2014-09-03
3
Medium Priority
?
315 Views
Last Modified: 2014-09-18
I have been seeing an increased amount of spam come through my Edge server. I currently utilize IP Block List/RBLs, content filtering and sender filtering to reject/redirect suspected spam messages. I would like to enable a few more IP Block Lists because they are the most effective at finding spammers in my opinion.

When I have done this in the past I would notice a significant decrease in spam but our email server would bounce some legitimate messages. When this happens the user at the other organization would have to reach out to me in order to have their mail server's IP added to our IP Allow List. This takes some time because often I need to get in touch with their IT staff in order to get the information I need (If a WhoIs doesn't provide it for me).

I would like to be able to use an RBL subscription to set the SCL value of a message when it arrives. This way rather than bouncing the message, it will just be redirected to the spam/quarantine box (Which is checked and cleared daily).

Is there anyway I can use an RBL to set the SCL?
I am comfortable with the Exchange Shell (EMS) in Exchange 2010 if it is necessary to use it.
0
Comment
Question by:kpurchase
  • 2
3 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1500 total points
ID: 40301450
Cannot be done with Exchange natively. You would need to use a third party tool to do that for you - perhaps tag the messages, then use a transport rule to set the SCL value.

Although you have pointed out the number one reason not to use blacklists. They reject too much legitimate email. They are not a set and forget solution and that is the main reason I don't use them.

Simon.
0
 

Author Comment

by:kpurchase
ID: 40301457
Hi Simon,

Thanks for your fast response.
Could you suggest a third party tool to tag the messages using a blacklist, I'm not opposed to a transport rule sending them to spam.

Thanks.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40301506
You should probably check with your AV vendor to begin with.
My usual tool of choice is Vamsoft ORF. I have been using that for years.
I do actually do blacklisting with that tool, but I don't use a public blacklist. Instead it builds its own based on previous behaviour trying to send to my server.

Simon.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Microsoft Jet database engine errors can crop up out of nowhere to disrupt the working of the Exchange server. Decoding why a particular error occurs goes a long way in determining the right solution for it.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question