Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2011-03-19

IP Block List is part of the connection filtering feature in Exchange. When the IP Block List feature is enabled on a computer, the Connection Filter agent analyzes all messages that come through all Receive connectors on that computer and it block all incoming messages from addresses specified in the IP Block list.

This topic explains how to use the EMC or the Shell to manage the IP Block list.

Note:
Connection filtering is part of the suite of anti-spam features in Exchange. The anti-spam features are only available on Edge Transport servers by default. You can enable anti-spam features on a Hub Transport server even though it isn't recommended. To learn more about enabling anti-spam features on a Hub Transport server, see Enable Anti-Spam Functionality on a Hub Transport Server. The procedures listed in this topic are for configuring anti-spam functionality on an Edge Transport server, but the process is identical on Hub Transport servers.

What Do You Want to Do?

Use the EMC to manage the IP Block list

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Anti-spam features" entry in the Transport Permissions topic.

  1. In the console tree, click Edge Transport.

  2. In the result pane, click the Edge server you want to configure and then select the Anti-spam tab in the work pane.

  3. Right-click IP Block List and then select Properties.

  4. The General tab displays the following information about the IP Block List feature.

    • Status   Shows whether the IP Block List feature is enabled or disabled.

    • Modified   Shows the date and time when IP Block List properties were last modified.

    • Description   Provides a brief description of the IP Block List feature.

  5. Use the Blocked Addresses tab to manage a list of specific IP addresses for which e-mail messages are always blocked by the Connection Filter agent. If an originating IP address matches an IP address or IP address range on the IP Block list, the Connection Filter agent disconnects the SMTP session after all RCPT TO: headers in the message are processed.

    • Add - IP Address   To enter an IP address without a subnet mask, or to specify the subnet mask by using Classless Interdomain Routing (CIDR) notation, click Add or the drop-down arrow located next to Add and select IP Address. In the Add Blocked IP Address - CIDR dialog, enter the IP address directly or specify a subnet using the CIDR notation. For example, if you enter 192.168.1.1, only that host will be added to the IP Block list, but if you specify 192.168.1.0/24, the entire class C subnet of 192.168.1.0 will be added to the IP Block list.

      Add - IP and Mask   To enter an IP address or subnet together with a subnet mask in dotted decimal notation, click the drop-down arrow located next to Add and select IP and Mask. In the Add Blocked IP Address - IP and Mask dialog, specify the IP address and the subnet mask.

      Add - IP Range   To specify an IP address range by using the first IP address and the last IP address in the range, click the drop-down arrow located next to Add and select IP Range. In the Add Blocked IP Address - IP Range dialog, specify the start and end addresses of the IP range.

      Regardless of the method you choose to add an IP address, the dialog also gives you the option to specify an expiration date. By default, the Never let this address expire option is selected and messages from this address are blocked permanently. However, if you want to specify an expiration date, select Block until date and time and specify a date. Messages from this IP address will no longer be blocked after the date you specified.

    • Remove   To remove an existing entry from the IP Block list, select the entry, and then click Remove icon.

Use the Shell to manage the IP Block list

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Anti-spam features" entry in the Transport Permissions topic.

You use the Add-IPBlockListEntry and Remove-IPBlockListEntry cmdlets to manage the addresses in the IP Block list. You can specify individual IP addresses, IP subnets using the CIDR notation, or IP ranges.

The following example adds the IP address 192.168.0.100 to the IP Block list.

Copy Code
Add-IPBlockListEntry -IPAddress 192.168.0.100

The following example adds the IP subnet 192.168.1.1/24 to the IP Block list.

Copy Code
Add-IPBlockListEntry -IPRange 192.168.1.1/24

The following example adds the IP range 10.0.0.100-10.0.0.255 to the IP Block list.

Copy Code
Add-IPBlockListEntry -IPRange 10.0.0.100-10.0.0.255

As you add entries to the IP Block list, Exchange automatically assigns IDs to the entries. To remove an address from the IP Block list using the Shell, you must specify this ID. However, an easier way to remove an address is to pipeline the output of the Get-IPBlockListEntry cmdlet to the Remove-IPBlockListEntry cmdlet. For example, if you want to remove the IP address 192.168.0.100 from your IP Block list, run the following command:

Copy Code
Get-IPBlockListEntry -IPAddress 192.168.0.100 | Remove-IPBlockListEntry

If you want to remove a range, specify an IP address that is within that range for the IPAddress parameter of the Get-IPBlockListEntry cmdlet. The following example shows how you can remove the subnet 192.168.1.1/24:

Copy Code
Get-IPBlockListEntry -IPAddress 192.168.1.1 | Remove-IPBlockListEntry

When using the Shell to add an address to the IP Block list, you can also specify an expiration date and time. After the specified date and time, messages received from the specified address will no longer be blocked. The following example adds the IP address 10.0.10.25 to the IP Block list and configures it to expire on January 1, 2010 at 10:00 AM.

Copy Code
Add-IPBlockListEntry -IPAddress 10.0.10.25 -ExpirationTime "1/1/2010 10:00"

For detailed syntax and configuration information, see the following topics: