Nowadays spam emails are a big problem for a company. The employees are spending a lot of time every morning having a look in their inbox and filtering on their own, determining what is spam and what is not. According to a survey of the Gartner Group within the US every employee spends about 49 minutes each day for that. This is a lot of time that could be used better. Therefore every company is implementing or planning to implement Spam filtering software which easily blocks every email that has been received if it is considered as Spam.
But Spam filtering software based on keywords, etc. is only one brick in the wall guarding against Spam; another one is to implement black- or block-list support within your messaging and collaboration environment. With the new release of Exchange, Microsoft implemented the functionality to filter every incoming email whether the sender is on a blacklist or not.
Within this article you will learn how blacklists work and how you can configure support with Exchange Server 2003.
What are blacklists and how do they work?
If you perform a search with an internet search engine you will find lots of blacklist providers throughout the world. This means, the first thing you have to do is consider what blacklist provider you want to use. Nobody can say this or that blacklist provider is the best, you should make your own experiences but if you have a look at the recommendations of the IT press and testing results published in these magazines one of the following blacklist providers may be a good choice.
- relays.ordb.org
- relays.visi.com
- bl.spamcop.net
- blackholes.wirehub.net
- list.dsbl.org
If you have a look at one of these blacklist provider’s websites you will find an explanation on how blacklists work.
Each blacklist server is a special kind of service that can be compared with DNS services. If the SMTP-domain is on the blacklist it reports return status codes back to the checking messaging system providing special IP addresses.
Here is a list of the codes and what they mean:
127.0.0.2 è Open relay
127.0.0.3 è Dialup spam source
127.0.0.4 è Confirmed spam source
127.0.0.5 è Smarthosts
127.0.0.6 è Spamware software developer or spamvertized site (spamsites.org)
127.0.0.7 è Listserver that automates opts users in without confirmation
127.0.0.8 è Insecure formail.cgi script
127.0.0.9 è Open proxy server
By default, Exchange Server 2003 blocks all mails with one of these codes, but you can also configure the behavior as you want.
Configuring blacklist support with Exchange 2003
In Exchange Server 2003 you can find the feature for blacklist support within the global settings of your organization.
Figure 1: Configuring block list service in Exchange Server 2003
As seen above, you can implement multi-blacklist provider rules and put them in your own sequence. Exchange Server 2003 then checks every configured blacklist before it reroutes the email.
If you choose the button “Add” the following window opens:
Figure 2: Adding your blacklist filtering rules
In the field “Display Name” you should put in a brief description of the rule, in the second field you have to put in the DNS suffix of the blacklist provider itself. And by default, every return status code means a blocking of that email. If you are having trouble with your blacklist provider, just disable the rule by choosing the appropriate button.
If you want to configure a customized return status code behavior, make your choice and the following window will open and will provide your customized configuration.
Figure 3: Customizing return status code behavior
“Match Filter Rule to any return code” is the default setting and provides a blocking of every email that has a return status code. If you choose “Match Filter Rule to the Following Mask”, you can implement your own status code mask, provided by the blacklist company. If you need to implement customized return status codes, you have to choose the third radio button and then add your codes as shown below:
Figure 4: Customizing Return Status Codes
No rule without exceptions … Therefore you have a way to put in your exceptions by choosing the appropriate button. If you want to configure global IP accept and/or deny lists, this is possible, too. Just choose the “Accept” or “Deny” button.
The next step is now to check if everything runs. If it does not, in general the reason is not your Exchange Server 2003; check your DNS- and firewall settings. The Event log may be your friend, too.
But which servers in your messaging environment should have blacklist blocking enabled? Well, that is quite easy to say: that ones that receive email directly from the internet or via a smart- or relayhost within your DMZ. It should be a server that reroutes every incoming email in your organization, and if there is more than one “front-end” server in your environment, you should configure all of them. In addition, don’t forget to check the filtering directory, if there are mails from companies that are on blacklists by accident. In general their entries will be deleted within 24 hours, but within that time window your users do not receive any email from that company.
Final Conclusion
Spam filtering by using blacklist providers is a good brick in your wall against spam in your company. But it is only one brick and does not build a wall. That means in addition you should consider implementing Anti-Spam software that queries the whole email and checks specific words or phrases in it. But be careful, Spam filtering means that a small percentage of email that may be lost if your spam filtering software is not configured properly. So prepare yourself with a good plan and check your configuration in a test lab before bringing it on your live servers. If your plans and test labs are working properly, do not hesitate to implement Spam filtering within your email organization. It will minimize the time of your users dealing with spam emails every day. And this will lead to a higher productivity range in your company.
Spam filtering by using blacklists with Exchange Server 2003 is a quick, easy and cheap way to reduce spam emails in your company and may be a first step for proactive messaging systems even for small and medium sized companies. Spam filtering software requires an investment and therefore is primarily used in bigger companies.
If you still have any further questions, do not hesitate to contact me directly via my contact page: http://www.www.mklein-it.com/aboutme/feedback.htm
