Category Archives: RBL

Adding and checking RBL and DNSBL in Exchange 2010

Open To add a RBL and DNSBL to Exchange 2010 using EMC:

Open the EMC, expand Microsoft Exchange On-Premises –> Organization Configuration –> Hub Transport.

Select the Anti-Spam tab.

Right click on IP Block List Providers and select Properties


Select the Providers tab, and click Add…


Enter the details of the block list provider.  EG:

Some basic providers you can use are:

zen.spamhaus.org
dnsbl.sorbs.net

To do the same thing in Exchange Management Shell:

Add-IPBlockListProvider -Name ‘%NAME%’ -LookupDomain ‘%LOOKUPDOMAIN%’ -Enabled $true -BitmaskMatch $null -IPAdressesMatch @0 -AnyMatch $true -Priority ‘%PRI%’ -RejectionResponse ”


Where:
%NAME% is the name you wish to give the DNSBL (Eg: Spamhaus, sorbs, etc);
%LOOKUPDOMAIN% is the domain that is queried (the DNSBL domain) (zen.spamhaus.org, dnsbl.sorbs.net, etc); and
%PRI% is priority, 1, 2, 3, etc

eg:
Add-IPBlockListProvider -Name ‘Spamhaus’ -LookupDomain ‘zen.spamhaus.org’ -Enabled $true -BitmaskMatch $null -IPAdressesMatch @0 -AnyMatch $true -Priority ‘1’ -RejectionResponse ”

To check if the RBL is working, or to check if it is rejecting legitimate emails, you can use the following commands from the Exchange Management Shell (mm/dd/yyyy date format, regardless of regional settings):

Get-Agentlog –StartDate “08/22/2014” | where {$_.Reason –eq “BlockListProvider”}


This will list all emails that failed due to Block List Provider from 22/08/2014 to current.
Using Get-Member we can see the properties: Action; Agent; Diagnostics; Event; IPAddress; MessageID; P1FromAddress; P2FromAddresses; Reason; ReasonData; Recipients; SessionID; SMTPResponse; and TimeStamp.


This will list all emails that were rejected that came from *example.org:

Get-Agentlog –StartDate “08/22/2014” | where {$_.Reason –eq “BlockListProvider” –AND $_.P1FromAddress –like “*example.org”}


This will list all emails that were rejected that were addressed to anonit@example.com:

Get-Agentlog –StartDate “08/22/2014” | where ($_.Reason –eq “BlockListProvider” –AND $_.recipients –like “anonit@example.com”}


Show all originating IP addresses that were blocked by a rule called SpamHaus:

Get-Agentlog –StartDate “08/22/2014” | where {$_.ReasonData –eq “SpamHaus} | select-object IPAddress