Sunday, December 14, 2014


I had a customer that didn’t know who was hosting their website.  It wasn’t immediately obvious by looking at the DNS records, whois details, or the website itself.
The website (new window) was able to help with this.

Saturday, December 6, 2014

Adding and checking RBL and DNSBL in Exchange 2010

Open To add a RBL and DNSBL to Exchange 2010 using EMC:

Open the EMC, expand Microsoft Exchange On-Premises –> Organization Configuration –> Hub Transport.

Select the Anti-Spam tab.

Right click on IP Block List Providers and select Properties

Select the Providers tab, and click Add…

Enter the details of the block list provider.  EG:

Some basic providers you can use are:

To do the same thing in Exchange Management Shell:

Add-IPBlockListProvider -Name '%NAME%' -LookupDomain '%LOOKUPDOMAIN%' -Enabled $true -BitmaskMatch $null -IPAdressesMatch @0 -AnyMatch $true -Priority '%PRI%' -RejectionResponse ''

%NAME% is the name you wish to give the DNSBL (Eg: Spamhaus, sorbs, etc);
%LOOKUPDOMAIN% is the domain that is queried (the DNSBL domain) (,, etc); and
%PRI% is priority, 1, 2, 3, etc

Add-IPBlockListProvider -Name 'Spamhaus' -LookupDomain '' -Enabled $true -BitmaskMatch $null -IPAdressesMatch @0 -AnyMatch $true -Priority '1' -RejectionResponse ''

To check if the RBL is working, or to check if it is rejecting legitimate emails, you can use the following commands from the Exchange Management Shell (mm/dd/yyyy date format, regardless of regional settings):

Get-Agentlog –StartDate “08/22/2014” | where {$_.Reason –eq “BlockListProvider”}

This will list all emails that failed due to Block List Provider from 22/08/2014 to current.
Using Get-Member we can see the properties: Action; Agent; Diagnostics; Event; IPAddress; MessageID; P1FromAddress; P2FromAddresses; Reason; ReasonData; Recipients; SessionID; SMTPResponse; and TimeStamp.

This will list all emails that were rejected that came from *

Get-Agentlog –StartDate “08/22/2014” | where {$_.Reason –eq “BlockListProvider” –AND $_.P1FromAddress –like “*”}

This will list all emails that were rejected that were addressed to

Get-Agentlog –StartDate “08/22/2014” | where ($_.Reason –eq “BlockListProvider” –AND $_.recipients –like “”}

Show all originating IP addresses that were blocked by a rule called SpamHaus:

Get-Agentlog –StartDate “08/22/2014” | where {$_.ReasonData –eq “SpamHaus} | select-object IPAddress