• Home
  • About
  • Blog
  • Training
  • Books
  • Contact
    • Email
    • Facebook
    • Twitter
    • RSS

Practical 365

  • Office 365
  • Exchange 2019
  • Exchange 2016
  • Exchange 2013
  • Hybrid
  • Certificates
  • PowerShell
  • Migration
You are here: Home / Exchange Server / Add an IP Block List Provider to Exchange Server 2013 Edge Transport

Add an IP Block List Provider to Exchange Server 2013 Edge Transport

August 14, 2014 by Paul Cunningham 12 Comments

One of the transport agents that is installed on the Exchange 2013 Edge Transport server is the connection filter agent.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[PS] C:\>Get-TransportAgent
 
Identity                                           Enabled         Priority
--------                                           -------         --------
Connection Filtering Agent                         True            1
Address Rewriting Inbound Agent                    True            2
Edge Rule Agent                                    True            3
Content Filter Agent                               True            4
Sender Id Agent                                    True            5
Sender Filter Agent                                True            6
Recipient Filter Agent                             True            7
Protocol Analysis Agent                            True            8
Attachment Filtering Agent                         True            9
Address Rewriting Outbound Agent                   True            10

The connection filter agent looks at the IP address of a server that is making an SMTP connection to the Edge Transport server and decides whether to block or allow the connection. It makes the decision by looking up the IP address in a block list, allow list, or by querying a block/allow list provider.

When your Exchange organization is receiving spam you can add the IP addresses of the spammers to an IP block list on the Edge Transport server. However this is quite inefficient, as you'll constantly be adding new IP addresses to the list.

A more effective approach is to use one or more IP block list providers, such as Spamhaus (my personal favourite) or SpamCop.

To add Spamhaus to your connection filter agent run the follow Exchange Management Shell command on the Edge Transport server.

1
[PS] C:\>Add-IPBlockListProvider -Name Spamhaus -LookupDomain zen.spamhaus.org -AnyMatch $true -Enabled $true -RejectionResponse "IP address is listed by Spamhaus"

Note you can change the rejection message that it sent back to the sender.

1
[PS] C:\>Set-IPBlockListProvider Spamhaus -RejectionResponse "IP address is listed by Spamhaus Zen."

You can add multiple providers, just make sure you check their guidance on whether there are issues adding multiple lookup domains from the same provider. Also make sure you check their terms and conditions and comply with any commercial usage policies they have.

1
2
3
4
5
6
[PS] C:\>Get-IPBlockListProvider
 
Name                                    LookupDomain                            Priority
----                                    ------------                            --------
Spamhaus                                zen.spamhaus.org                        1
SpamCop                                 bl.spamcop.net                         2

After the block list provider has been in place for a day or two you can see the results by running the Get-AntispamTopRBLProviders.ps1 script that ships with Exchange.

1
2
3
4
5
[PS] C:\Program Files\Microsoft\Exchange Server\V15\scripts>.\get-AntispamTopRBLProviders.ps1
 
Name     Value
----     -----
Spamhaus    12

Paul Cunningham

Paul is a Microsoft MVP for Office Apps and Services and a Pluralsight author. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server.

Exchange Server Antispam, Edge Transport, Exchange 2013

Comments

  1. Teet Saar says

    April 2, 2015 at 1:07 am

    Shouldn’t the lookup domain for SpamCop be “bl.spamcop.net”, not “bl.spamcopy.net”?

    Teet Saar.

    Reply
  2. Barry says

    January 30, 2016 at 7:19 am

    Great tutorial, thanks! However my default location for the transport logs is on a different disk, so when I run get-AntispamTopRBLProviders, it returns the error:

    The location “C:Program FilesMicrosoftExchange ServerV15TransportRolesLogsHubAgentLog” does not exist. Please specify a valid file or directory to look for agent logs using the -Location parameter.

    The parameter seems obvious, but what file or directory should I be pointing it to if my transport logs on on volume T: ?

    Reply
  3. Seth says

    March 15, 2016 at 1:50 am

    I got the same thing as Barry. I looked at the directory and sure enough it is not there.

    Reply
    • Paul Cunningham says

      March 15, 2016 at 9:14 am

      This just sounds like a simple case of the script having a hard coded dependency on the default log path. Look in the script code and adjust it if you need to.

      Reply
  4. Shota Tadumadze says

    May 30, 2016 at 5:41 pm

    Hello

    Can I use IPBlockList providers without Exchange Edge Transport role? I Have 1 Server With MBX and CAS roles installed.

    Reply
    • kyle says

      November 28, 2016 at 5:50 pm

      From Exchange cmdlet’sTechnet site:

      Add-IPAllowListProvider
      Applies to: Exchange Server 2013
      This cmdlet is available or effective only on Edge Transport servers in on-premises Exchange Server 2013.

      Maybe you can enable some antispam feature on MBX role like senderid or senderfilter to prevent some spoof mail.

      Reply
  5. JP says

    August 18, 2016 at 3:30 pm

    Hi,
    upon running .Get-AntispamTopRBLProviders.ps1 under “C:Program FilesMicrosoftExchange ServerV15scripts” path,, it doesn’t show anything,, neither an error message, Is there something wrong? because we still receive tons of spam from a specific user only

    Reply
    • kyle says

      November 28, 2016 at 6:02 pm

      If “the specific user” ‘s IP doesn’t list in the RBL(like spamhaus or spamcop),you will still receive its email.

      Maybe you can:
      1,block its IP address on the firewall
      2, setting “mailflow”->”rules” on ECP to delete or reject specific sender by IP/Domain/Subject etc
      3, setting set-senderfilterconfig’s blockeddomain option on the MBX server.

      Reply
  6. Ronald Brouwer says

    January 3, 2017 at 1:54 pm

    Hello Paul,

    Is there any way to configure and use a IP blocklist provider on a mailbox server?

    Kind regards,
    Ronald Brouwer

    Reply
  7. Cyrus says

    June 9, 2017 at 4:08 pm

    How can I make sure either of the anti-spam works?

    Reply
  8. Julien says

    June 21, 2017 at 2:18 pm

    Great Tutorial.
    Thank you sir.
    when I run
    C:Program FilesMicrosoftExchange ServerV15scripts>.get-AntispamTopRBLProviders.ps1

    I get the error

    [PS] C:\Windows\system32>C:Program FilesMicrosoftExchange ServerV15scripts>.get-AntispamTopRBLProviders.ps1
    At line:1 char:50
    + C:Program FilesMicrosoftExchange ServerV15scripts>.get-AntispamTopRBLProvider …
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
    quotation marks (“&”) to pass it as part of a string.
    + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : AmpersandNotAllowed

    Reply

Leave a Reply Cancel reply

You have to agree to the comment policy.

Recent Articles

  • How to configure custom branding for Office 365 Message Encryption
  • The clock is ticking on Exchange Server 2010
  • How to licence Exchange Hybrid servers
  • How to use the Azure Content Moderator in Office 365
  • Hybrid Agent & Exchange Modern Hybrid now available as a public preview
Practical 365

Training Courses

  • Configuring and Managing Office 365 Security
  • Office 365 Admin Playbook
  • Exchange 2016 Exam 70-345
  • Managing Exchange Mailboxes and Distribution Groups in PowerShell
  • More Training Courses...

Recommended Resources

  • Office 365 Security Resources
  • Office 365 Books
  • Exchange Server Books
  • Exchange Server Migrations
  • Exchange Analyzer
  • Digicert SSL Certificates

About This Site

Practical 365 is a leading site for Office 365 and Exchange Server news, tips and tutorials. Read more...
  • Email
  • Facebook
  • Twitter
  • RSS

Copyright © 2019 Quadrotech Solutions AG · Disclosure · Privacy Policy
Alpenstrasse 15, 6304 Zug, Switzerland

We are an Authorized DigiCert™ SSL Partner.