Start Free TrialLog in
Avatar of Jer
JerFlag for United States of America

asked on 

Exchange IP Block List Logging - Identify blocked senders?

I had this question after viewing Exchange 2010 Log Spam E-mail.

Greetings,

As part of my spam protection effort, I utilize Exchange Anti-Spam.  As I get spam email, I identify the sending server IP (aaa.bbb.ccc.ddd) and then go into IP Block List and add aaa.bbb.ccc.0/24.  For the most part, this works fine.  However, on occasion, we're having legitimate senders being blocked due to their sending server being part of the aaa.bbb.ccc.0/24 network.  If I go into the agent log, I get:

2016-03-23T15:13:08.32TG445,xxx.xxx.xxx.xxx:25,54.ccc.bbb.aaa:50443,54.ccc.bbb.aaa,,01000153a40952d0-322376de-9565-f572c6-000000@domain.com,,,0,Connection Filtering Agent,OnMailCommand,RejectCommand,550 5.7.1 External client with IP address aaa.bbb.ccc.54 does not have permissions to submit to this server.,LocalBlockList,entry created by administrator,

Unfortunately, this is not very useful in identifying who the sender is.  Is there a way to configure the IP Block to state the sender?  Basically, I need a way to tell sender@email.com to send me an email and I can look at a log and see that sender@email.com was rejected.  They often get NDRs that just say the sending server gave up after so many tries.

Any assistance would be great.

Thanks,

Jeremy
ExchangeAntiSpamEmail Servers
Avatar of undefined
Last Comment
Jer
ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Jer
Jer
Flag of United States of America image

ASKER

Yeah, technically, the IP blocking has been my last resort with my current products.  We have a SonicWALL firewall that initially inspects the traffic, then to a single Exchange server with all roles.  The Exchange server has Trend Micro ScanMail on it.  We are now looking into implementing an edge server and/or an additional 3rd-party cloud-based or appliance AV/Anti-spam product.  But, I was just hoping that there was something that I could do with the logging, as it is not always easy for rejected senders to  get us the sending server IP info.
Avatar of Jer
Jer
Flag of United States of America image

ASKER

David at least provided an answer.  I just wish it was better.  Just want to close this question.
Exchange
Exchange

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent