• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Connection filtering in Exchange 2003

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Exchange Server Misc] >> 3rd Party Add-ons >> Connection filtering in Exchange 2003 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Connection filtering in Exchange 2003 - 3.Jan.2005 1:17:00 PM   
panther

 

Posts: 9
Joined: 3.Jan.2005
From: South Africa
Status: offline
To whom it may concern out there

I have tried setting up the connection filtering option in exchange 2003 under global settings and then message delivering when u start system manager...... I got real frustrated before i went on leave......so now that i'm back and want to try again, so anybody who knows how it works please help.

I set it up by specifying a name under connection filtering and then in the dns suffix of provider i put the url of the spam blocking house which they say i should use and then leave the rest as default and click apply and then ok. The spam house's name i'm using is "SPAMHAUS" and the url is "sbl.spamhaus.org" which i place in the DNS suffix for provider section.

The spamhaus people have a way to test the connection and when i test the connection it always fails and they send u a description of why it failed and what it did to test the connection. On our Exchange2003 server they test it by trying to send a mail as a blank sender or "<>" sender and our exchange server accepts the connection and it should'nt accept a connection like that. I think this is where the problem lies and would like to know if anybody knows hows to fix it.

Are we a relay or have we got an open relay???

The help would be apprecaited
Post #: 1
RE: Connection filtering in Exchange 2003 - 24.Jan.2005 10:03:00 PM   
catron37

 

Posts: 136
Joined: 19.Jan.2005
From: Mississauga - Canada
Status: offline
Hi Panther,

If you want to setup connection filtering in E2K3 this is one of the KBs http://support.microsoft.com/?id=823866.
If you want to test whether your server is open for relay you can try www.dnsreport.com and provide your domain name(you will get info on the page) and they will test your domain and provide you with a lot of helpfull info.
You can also take a look at the Sender Filtering feature and disable the blank sender but based on your explanation that your server accepts <> message, it does not mean that you are open for relay.

(in reply to panther)
Post #: 2
RE: Connection filtering in Exchange 2003 - 25.Jan.2005 6:57:00 AM   
panther

 

Posts: 9
Joined: 3.Jan.2005
From: South Africa
Status: offline
hi Ron37

I would like to thank you for the help and giving me advice on where to test the settings.

I went to DNSreports.com and tested our DNS and it came back with a fail on "Reverse DNS Entries for MX Records", now i know MX records are to do with mail but what i would like to know is if that test is searching on our internal DNS behind our firewall or is it going and doing a search on our ISP DNS for the MX record???

What we normally do is forward all our requests to our ISP's DNS server if that helps?!?!?

Coming back to my original query about <> senders, it's starting to make me think with this test i performed that we definitely need a "Reverse DNS MX record" for the connection filtering to work. Look i am speculating here, i'm not sure myself

Otherwise in the mean time i will speak to our ISP make sure they have a reverse MX entry and if they do, then i assume this test is looking on our internal DNS for a MX record???!?!?

Again i'm not sure

And again thanks for the insight

(in reply to panther)
Post #: 3
RE: Connection filtering in Exchange 2003 - 23.Feb.2005 11:37:00 PM   
cademetz

 

Posts: 36
Joined: 13.Jan.2005
From: Harker Heights, TX
Status: offline
Okay, first, you should not need a reverse DNS entry for you IP for connection filtering to work. However, I would HIGHLY recommend it in conjunction with an SPF record to ensure your IP doesn't get blacklisted.

Second, by default, Exchange 2003 is NOT open to relaying. As such, connection filtering is related to INBOUND emails and will have no affect on relaying. If you for some strange reason enable relaying then connection filtering would come into play. Again, Exchange 2003 is NOT open to relaying by default.

To ensure your Exchange 2003 Server is in fact closed to relaying, follow this steps:

- Open System Manager
- Expand the Servers Tree
- Expand which ever server is listed
- Expand the Protocols Tree
- Expand the SMTP Tree
- Right Click on Default SMTP Virtual Server
- Click on Properties
- Click on the Access Tab
- Click on the Relay button

By default, you should see the 'Only the list below' checkmarked and your email server's (internal if on a NAT'ed network) IP and the loopback of 127.0.0.1. If your users all connect through an Exchange profile through Outlook or through Outlook Web Access, there does not need to be ANYTHING in this list. Also, I personally recommend unchecking the "Allow computers which successfully authenticate..." The reason is that if a spammer figures out a user's username and password, they can relay ALL DAY LONG. Again, if your users send email directly from your server, you have NO need for relaying.

Now, unto Connection Filtering. To properly setup Connection Filtering with Exchange 2003 and SpamHaus (using the SBL-XBL combined list) follow these steps:

- Open System Manager
- Expand the Global Settings Tree
- Right Click on Message Delivery
- Click Properties
- Click the Connection Filtering Tab
- Click Add
- Type in a Name: 'SpamHaus SBl-XBL'
- Type in the DNS suffix: sbl-xbl.spamhaus.org
- If you want a custom error message, enter one.
- Click Return Status Code button
- Click the last radio button 'Match rule to following response'
- Click the Add buton
- Add these rules: 127.0.0.2, 127.0.0.3, 127.0.0.4, 127.0.0.5, 127.0.0.6. These are the return codes the SBL-XBL list will return.
- Click OK Four? Times

YOU ARE NOT DONE YET

- Expand the Servers Tree
- Expand the Protocols Tree
- Expand the SMTP Tree
- Right Click on Default SMTP Virtual Server
- Click on Properties
- Under the General Tab, click Advanced
- Click Edit
- Check mark the box that says: "Connection Filtering."
- Click OK Three times

Connection filtering should now be turned on and configured to use the SBL-XBL list from SpamHaus. To test this, send an email FROM YOUR SERVER to: nelson-sbl-test@crynwr.com. This will test your connection filtering.

(in reply to panther)
Post #: 4
RE: Connection filtering in Exchange 2003 - 24.Feb.2005 12:08:00 PM   
panther

 

Posts: 9
Joined: 3.Jan.2005
From: South Africa
Status: offline
Hi Cade Metz

I would like to really say thank you for helping out with this "Connection filtering".

I set it up previously before i ever used this forum like u said, exactly.....but the only thing i did'nt include was the the "rules" 127.0.0.2.....and so forth. other than that it was setup perfectly.

If i could ask where would i get info on what these return codes mean and why do u need to add them for "Connection filtering".

Once again thank you so much.... i tested and it comes back with my default block message i added....whereas previously it came back with "oops this is not good" after the mail from:<> line or something along those lines.

Thanks again

(in reply to panther)
Post #: 5
RE: Connection filtering in Exchange 2003 - 24.Feb.2005 4:57:00 PM   
cademetz

 

Posts: 36
Joined: 13.Jan.2005
From: Harker Heights, TX
Status: offline
The return status codes are bascially used as a 'yes' and 'no.' When only using the SBL, the SBL qeury server will return the status code of '127.0.0.2.' if the server in question is listed. This way your email server knows to drop the connection.

The XBL list is not simply a 'yes' and 'no' list but rather what types of Exploits are known to come from an email server. As such, the XBL list returns status codes of 127.0.0.4, 127.0.0.5, 127.0.0.6 depending on which type of exploit has been found. Any of these return status codes indicated a 'bad' server.

If you use the combined SBL and XBL list, the return status codes range from 127.0.0.2-6. Therefore, any return status code in that range will indicate a 'bad' server.

(in reply to panther)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Exchange Server Misc] >> 3rd Party Add-ons >> Connection filtering in Exchange 2003 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter