The Exchange Server 2010 Edge Transport server role is automatically enabled for the built-in anti-spam features when it is installed. However some of the features require configuration before they can begin blocking spam.
The IP Block List Providers anti-spam feature is one example. It is enabled by default, but no block list providers are included in the configuration.
IP block list providers are an effective way to block the majority of spam, because they maintain comprehensive databases of IP addresses on the internet that are known and suspected spam sources. This allows an Exchange server to determine whether or not to block an incoming email during the initial stages of the SMTP connection, based on the IP address of the sending host.
Blocking spam at such an early stage of the communication sequence uses less bandwidth and processor resources than email content filtering, because the full email message is never transmitted to the Exchange server.
One of the best IP block list providers is Spamhaus. You can configure an Edge Transport server to use Spamhaus as an IP block list provider by following these steps.
Log on to your Edge Transport server and launch the Exchange Management Console. In the Anti-spam tab right-click IP Block List Providers and select Properties.
Select the Providers tab and then click Add.
Enter the Provider Name of Spamhaus and the Lookup Domain of zen.spamhaus.org.
Click OK and OK again to apply the change.
The Edge Transport server will now lookup the IP address of connecting hosts to determine whether or not to accept mail from them.
Can Spamhaus (SBL) and FEP 2010 for Microsoft Exchange both configured on Edge Server at same time?.If yes then how they both work together.
Pingback: Exchange Server being SPAM'd non stop! GGRRR
Any suggestions for IP white list providers to be used with Exchange 2010, my customer is a large supermarket chain with over 200 mailboxes and I find them being blacklisted quite often.
That isn’t how whitelist providers work.
If your customer is getting blacklisted they need to stop their bad sending behaviour.
Thanks Paul
We have a Fortigate appliance which does UTM as well, I guess we will log a call with them
Hi,
My case is we cannot send email to the a domain but we can received emails from their domain.
How i can check if there is blocked in EDGE server ?
Pingback: Report Top Sender IP's on Exchange Server 2010 using Log Parser
Hi Paul,
Just pondering whether it is possible to set a condition or process up that automatically removes values from a block list a certain time after creating, either through automatically settiong an expiry value, or through automatic deletion.
Cheers,
Jirik
Hi Paul,
After the configuration of Spamhaus on our Edge Server, all incoming mail traffic was blocked and all the senders received an undeliverable message from our server…
Franco
Hi Franco, does your Edge server receive mail directly from the internet or does it first go via another MTA?
Franco, just spotted this item on the SpamHaus website. If you’re located in that region of the Europe is it possible this is why you saw incoming mail getting blocked?
http://www.spamhaus.org/news.lasso?article=673
Uh Uh… I wrote the wrong Address: spamhouse.org … (shame on me!). Sorry. Now is all right, it works fine…
I’m glad it turned out to be something simple like that 🙂
Pingback: Email Fundamentals: What is an Open Relay?
Is there a cost associated with using Spamhaus in this configuration?
Bill, you should check the Spamhaus usage terms on their site to work out if you quality for free use.
would you recommend always putting this on the edge server or is it just as fine on the cas and hib server etc as seen here
It can go on either, whichever one is receiving internet mail for your org. If you’re putting it on a Hub Transport you’ll need to install the antispam agents first using the script Microsoft supplies.