Connection filtering in Exchange 2003 (Full Version)

All Forums >> [Exchange Server Misc] >> 3rd Party Add-ons


panther -> Connection filtering in Exchange 2003 (3.Jan.2005 1:17:00 PM)

To whom it may concern out there

I have tried setting up the connection filtering option in exchange 2003 under global settings and then message delivering when u start system manager...... I got real frustrated before i went on now that i'm back and want to try again, so anybody who knows how it works please help.

I set it up by specifying a name under connection filtering and then in the dns suffix of provider i put the url of the spam blocking house which they say i should use and then leave the rest as default and click apply and then ok. The spam house's name i'm using is "SPAMHAUS" and the url is "" which i place in the DNS suffix for provider section.

The spamhaus people have a way to test the connection and when i test the connection it always fails and they send u a description of why it failed and what it did to test the connection. On our Exchange2003 server they test it by trying to send a mail as a blank sender or "<>" sender and our exchange server accepts the connection and it should'nt accept a connection like that. I think this is where the problem lies and would like to know if anybody knows hows to fix it.

Are we a relay or have we got an open relay???

The help would be apprecaited

catron37 -> RE: Connection filtering in Exchange 2003 (24.Jan.2005 10:03:00 PM)

Hi Panther,

If you want to setup connection filtering in E2K3 this is one of the KBs
If you want to test whether your server is open for relay you can try and provide your domain name(you will get info on the page) and they will test your domain and provide you with a lot of helpfull info.
You can also take a look at the Sender Filtering feature and disable the blank sender but based on your explanation that your server accepts <> message, it does not mean that you are open for relay.

panther -> RE: Connection filtering in Exchange 2003 (25.Jan.2005 6:57:00 AM)

hi Ron37

I would like to thank you for the help and giving me advice on where to test the settings.

I went to and tested our DNS and it came back with a fail on "Reverse DNS Entries for MX Records", now i know MX records are to do with mail but what i would like to know is if that test is searching on our internal DNS behind our firewall or is it going and doing a search on our ISP DNS for the MX record???

What we normally do is forward all our requests to our ISP's DNS server if that helps?!?!?

Coming back to my original query about <> senders, it's starting to make me think with this test i performed that we definitely need a "Reverse DNS MX record" for the connection filtering to work. Look i am speculating here, i'm not sure myself

Otherwise in the mean time i will speak to our ISP make sure they have a reverse MX entry and if they do, then i assume this test is looking on our internal DNS for a MX record???!?!?

Again i'm not sure

And again thanks for the insight

cademetz -> RE: Connection filtering in Exchange 2003 (23.Feb.2005 11:37:00 PM)

Okay, first, you should not need a reverse DNS entry for you IP for connection filtering to work. However, I would HIGHLY recommend it in conjunction with an SPF record to ensure your IP doesn't get blacklisted.

Second, by default, Exchange 2003 is NOT open to relaying. As such, connection filtering is related to INBOUND emails and will have no affect on relaying. If you for some strange reason enable relaying then connection filtering would come into play. Again, Exchange 2003 is NOT open to relaying by default.

To ensure your Exchange 2003 Server is in fact closed to relaying, follow this steps:

- Open System Manager
- Expand the Servers Tree
- Expand which ever server is listed
- Expand the Protocols Tree
- Expand the SMTP Tree
- Right Click on Default SMTP Virtual Server
- Click on Properties
- Click on the Access Tab
- Click on the Relay button

By default, you should see the 'Only the list below' checkmarked and your email server's (internal if on a NAT'ed network) IP and the loopback of If your users all connect through an Exchange profile through Outlook or through Outlook Web Access, there does not need to be ANYTHING in this list. Also, I personally recommend unchecking the "Allow computers which successfully authenticate..." The reason is that if a spammer figures out a user's username and password, they can relay ALL DAY LONG. Again, if your users send email directly from your server, you have NO need for relaying.

Now, unto Connection Filtering. To properly setup Connection Filtering with Exchange 2003 and SpamHaus (using the SBL-XBL combined list) follow these steps:

- Open System Manager
- Expand the Global Settings Tree
- Right Click on Message Delivery
- Click Properties
- Click the Connection Filtering Tab
- Click Add
- Type in a Name: 'SpamHaus SBl-XBL'
- Type in the DNS suffix:
- If you want a custom error message, enter one.
- Click Return Status Code button
- Click the last radio button 'Match rule to following response'
- Click the Add buton
- Add these rules:,,,, These are the return codes the SBL-XBL list will return.
- Click OK Four? Times


- Expand the Servers Tree
- Expand the Protocols Tree
- Expand the SMTP Tree
- Right Click on Default SMTP Virtual Server
- Click on Properties
- Under the General Tab, click Advanced
- Click Edit
- Check mark the box that says: "Connection Filtering."
- Click OK Three times

Connection filtering should now be turned on and configured to use the SBL-XBL list from SpamHaus. To test this, send an email FROM YOUR SERVER to: This will test your connection filtering.

panther -> RE: Connection filtering in Exchange 2003 (24.Feb.2005 12:08:00 PM)

Hi Cade Metz

I would like to really say thank you for helping out with this "Connection filtering".

I set it up previously before i ever used this forum like u said, exactly.....but the only thing i did'nt include was the the "rules" so forth. other than that it was setup perfectly.

If i could ask where would i get info on what these return codes mean and why do u need to add them for "Connection filtering".

Once again thank you so much.... i tested and it comes back with my default block message i added....whereas previously it came back with "oops this is not good" after the mail from:<> line or something along those lines.

Thanks again

cademetz -> RE: Connection filtering in Exchange 2003 (24.Feb.2005 4:57:00 PM)

The return status codes are bascially used as a 'yes' and 'no.' When only using the SBL, the SBL qeury server will return the status code of '' if the server in question is listed. This way your email server knows to drop the connection.

The XBL list is not simply a 'yes' and 'no' list but rather what types of Exploits are known to come from an email server. As such, the XBL list returns status codes of,, depending on which type of exploit has been found. Any of these return status codes indicated a 'bad' server.

If you use the combined SBL and XBL list, the return status codes range from Therefore, any return status code in that range will indicate a 'bad' server.

Page: [1]