Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2011-03-19
IP Block List Providers are part of the connection filtering feature in Exchange. When the IP Block List Providers feature is enabled on a computer, the Connection Filter agent queries the specified IP Block List provider services to determine if the messaging server that has initiated the connection is a host that is known to send spam.
This topic explains how to use the EMC or the Shell to manage the IP Block List Providers.
Note: |
---|
Connection filtering is part of the suite of anti-spam features in Exchange. The anti-spam features are only available on Edge Transport servers by default. You can enable anti-spam features on a Hub Transport server even though it isn't recommended. To learn more about enabling anti-spam features on a Hub Transport server, see Enable Anti-Spam Functionality on a Hub Transport Server. The procedures listed in this topic are for configuring anti-spam functionality on an Edge Transport server, but the process is identical on Hub Transport servers. |
What Do You Want to Do?
Use the EMC to manage IP Block List provider services
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Anti-spam features" entry in the Transport Permissions topic.
- In the console tree, click Edge Transport.
- In the result pane, click the Edge server you want to configure
and then select the Anti-spam tab in the work pane.
- Right-click IP Block List Providers and then select
Properties.
- The General tab displays the
following information about the IP Block List Providers
feature.
- Status Shows whether the IP Block List
Providers feature is enabled or disabled.
- Modified Shows the date and time when
IP Block List Providers properties were last modified.
- Description Provides a brief
description of the IP Block List Providers feature.
- Status Shows whether the IP Block List
Providers feature is enabled or disabled.
- Use the Providers tab to
manage the IP Block List provider services for the local computer.
We recommend that you put the most reliable IP Block List provider
service first to optimize performance. If the Connection Filter
agent receives an IP Block List match from one of the providers, it
stops querying other IP Block List provider services.
- Add Click Add to add a new IP
Block List provider service. In the dialog that appears, configure
the following options:
◊ Provider name Type the name of the IP Block List provider service. This name is for your own use to identify the provider.
◊ Lookup domain Type the domain name that the Connection Filter agent queries for updated IP Block list information.
◊ Return Status codes This field shows the IP address status code that is returned by the IP Block List provider service. If the IP address of a remote server that is sending a message matches an IP address on an IP Block List provider service's IP Block list, the provider service may return different types of codes. Most IP Block List provider services return either a bitmask or absolute value code type.
Match any return code When you select this option, the Connection Filter agent treats any IP Address status code that is returned by the IP Block List provider service as a match.
Match specific mask and responses When you select this option, the Connection Filter agent acts only on messages that match the IP Address status code that is returned by the IP Block List provider service.
Providers that return bitmask status codes may return a status code of 127.0.0.x, where the integer x is any one of the following values:
1: The IP address is on an IP Block list.
2: The Simple Mail Transfer Protocol (SMTP) server is configured to act as an open relay.
4: The IP address supports a dial-up IP address.
Providers that return absolute values and the explicit responses may return one of the following responses:
127.0.0.2: The IP address is a direct spam source
127.0.0.4: The IP address is a bulk mailer
127.0.0.5: The remote server that is sending the message is known to support multistage open relays.
Match to the following mask Type the bitmask status code you want to use.
Match any of the following responses Type the responses you want to use and then click Add. To modify a previously added response, select the response and click Edit. To remove a previously added response, select the response and click .
Error Messages To configure the message text that will be delivered in the SMTP session to senders whose messages are blocked by the Connection Filter agent when an IP Block List provider service matches the sender's IP address, click Error Messages and configure the following:
Default error message
To send a standard SMTP 550 error message to blocked senders, select Default error message.
Custom error message
To compose and send a customized error message, select Custom error message, and then type the message text in the text box.
We recommend that you specify the IP Block List provider service in the response so that legitimate senders can contact the IP Block List provider service, as in the following example: Originating IP addresses matched contoso.com's IP Block List provider service.
- Edit To view or update settings for an
IP Block List provider service, select a provider, and then click
Edit.
- Remove To delete an IP Block List
provider service, select the provider, and then click .
- Enable To enable a disabled provider
service, select the provider, and then click Enable.
- Disable To stop using the selected
provider service, but retain the provider information, click
Disable.
- Up arrow To move a provider higher in
the Provider name list, select the provider, and then click
. The up arrow is enabled only when there is more than
one provider in the Provider name list.
- Down arrow To move a provider lower in
the Provider name list, select the provider, and then click
. The down arrow is enabled only when there is more
than one provider in the Provider name list.
- Add Click Add to add a new IP
Block List provider service. In the dialog that appears, configure
the following options:
- Use the
Exceptions tab to specify recipients in your organization
for which you don't want to use IP Block List provider services.
For example, if you have a customer support e-mail alias, you may
want to accept all inbound e-mail messages for that address.
- Do not block messages sent to the following e-mail
addresses, regardless of provider feedback In
this field, type the SMTP address for an existing recipient for
which you want to create an exception. For example,
kim@contoso.com.
- Add To add that recipient to the
Exceptions list, after you type the recipient's SMTP address, click
Add.
- Edit To change a previously added SMTP
address, select the recipient's SMTP address from the list, and
then click Edit.
- Remove To delete a recipient from the
exceptions list, select the recipient's SMTP address, and then
click .
- Do not block messages sent to the following e-mail
addresses, regardless of provider feedback In
this field, type the SMTP address for an existing recipient for
which you want to create an exception. For example,
kim@contoso.com.
Use the Shell to manage IP Block List provider services
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Anti-spam features" entry in the Transport Permissions topic.
You use the Add-IPBlockListProvider, Set-IPBlockListProvider, and Remove-IPBlockListProvider cmdlets to manage the IP Block List Provider services you use in your organization.
The following example adds a new IP Block List provider service called "Contoso IP Block List Provider", and configures it to use bitmask matching for 127.0.0.1 (block messages from IP addresses that are on the block list):
Copy Code | |
---|---|
Add-IPBlockListProvider -Name "Contoso IP Block List Provider" -LookupDomain "contoso.com" -BitMaskMatch 127.0.0.1 |
The following example configures the same IP Block List provider service to use a custom rejection response:
Copy Code | |
---|---|
Set-IPBlockListProvider "Contoso IP Block List Provider" -RejectionMessage "Your message was rejected because the IP address of the server sending your message is in the block list of contoso.com IP Block List Provider service" |
The following example adds another IP Block List provider service called "Fabrikam IP Block List Provider", and configures it to use explicit response matching for 127.0.0.2 and 127.0.0.5 (the host is a known spam source or is an open relay). The command also adds this new provider as the top preferred provider.
Copy Code | |
---|---|
Add-IPBlockListProvider -Name "Fabrikam IP Block List Provider" -LookupDomain "fabrikam.com" -IPAddressesMatch "127.0.0.2","127.0.0.5" -Priority 1 |
For detailed syntax and configuration information, see the following topics: