Saturday, December 6, 2014

Adding and checking RBL and DNSBL in Exchange 2010

Open To add a RBL and DNSBL to Exchange 2010 using EMC:

Open the EMC, expand Microsoft Exchange On-Premises –> Organization Configuration –> Hub Transport.

Select the Anti-Spam tab.

Right click on IP Block List Providers and select Properties

Select the Providers tab, and click Add…

Enter the details of the block list provider.  EG:

Some basic providers you can use are:

To do the same thing in Exchange Management Shell:

Add-IPBlockListProvider -Name '%NAME%' -LookupDomain '%LOOKUPDOMAIN%' -Enabled $true -BitmaskMatch $null -IPAdressesMatch @0 -AnyMatch $true -Priority '%PRI%' -RejectionResponse ''

%NAME% is the name you wish to give the DNSBL (Eg: Spamhaus, sorbs, etc);
%LOOKUPDOMAIN% is the domain that is queried (the DNSBL domain) (,, etc); and
%PRI% is priority, 1, 2, 3, etc

Add-IPBlockListProvider -Name 'Spamhaus' -LookupDomain '' -Enabled $true -BitmaskMatch $null -IPAdressesMatch @0 -AnyMatch $true -Priority '1' -RejectionResponse ''

To check if the RBL is working, or to check if it is rejecting legitimate emails, you can use the following commands from the Exchange Management Shell (mm/dd/yyyy date format, regardless of regional settings):

Get-Agentlog –StartDate “08/22/2014” | where {$_.Reason –eq “BlockListProvider”}

This will list all emails that failed due to Block List Provider from 22/08/2014 to current.
Using Get-Member we can see the properties: Action; Agent; Diagnostics; Event; IPAddress; MessageID; P1FromAddress; P2FromAddresses; Reason; ReasonData; Recipients; SessionID; SMTPResponse; and TimeStamp.

This will list all emails that were rejected that came from *

Get-Agentlog –StartDate “08/22/2014” | where {$_.Reason –eq “BlockListProvider” –AND $_.P1FromAddress –like “*”}

This will list all emails that were rejected that were addressed to

Get-Agentlog –StartDate “08/22/2014” | where ($_.Reason –eq “BlockListProvider” –AND $_.recipients –like “”}

Show all originating IP addresses that were blocked by a rule called SpamHaus:

Get-Agentlog –StartDate “08/22/2014” | where {$_.ReasonData –eq “SpamHaus} | select-object IPAddress

No comments:

Post a Comment