Configuring Anti-Spam Protection on Exchange 2013, 2016 – RBL Providers

In this text we’ll have a look at the best way to configure RBL filters on Exchange 2016 and 2013. Let’s bear in mind what RBL is. RBL (Realtime Blackhole List) is a service that shops the database containing a listing of IP addresses of mail servers marked as spammers. RBL is essentially the most usually accessed over DNS protocol so these providers are additionally known as DNSBL (DNS Block Lists).

When receiving an e-mail from an unknown sender, the e-mail server can robotically verify these lists and block the e-mail from the IP addresses listed within the RBL service database. If the sender’s deal with match with the worth from one of many RBL lists, your Exchange server returns an SMTP error message 550 5.x.x because the response to the RCPT TO command, and the sender will obtain a Non supply report (NDR).

In Exchange 2013 and 2016, the Connection Filtering agent is accountable for blocking the connections based mostly on the lists of IP addresses. The Connection Filtering agent consists of:

  • IP Block Lists – a black checklist of IP addresses from which the e-mail should not be accepted (blocked senders);
  • IP Allow Lists – a white checklist of IP addresses (allowed senders);
  • RBL Providers – the checklist of RBL suppliers.

The first two lists are static and configured by the Exchange administrator manually. The checklist of RBL suppliers comprises the checklist of third-party RBL providers to be checked when receiving an e-mail message.

In Exchange 2023/2010, the anti-spam filtering could possibly be enabled utilizing the Install-AntispamAgents.ps1 script. Both filtering brokers (Connection Filtering and Content Filtering) put in on the identical server with Hub Transport function. In Exchange 2013, the transport function is split into two elements: Front End Transport and Back End Transport, and the anti-spam filtering characteristic is split into two elements. The Front End server performs Connection Filtering and the Back End server does the Content Filtering (together with the IMF filter – Exchange Intelligent Message Filter and the virus-detecting agent – Malware Agent).

In Exchange 2013, if the CAS and Mailbox roles are put in on the identical server, the Install-AntispamAgents.ps1 script installs solely the Content Filtering agent. It implies that the RBL filtering received’t be out there.

To set up the Connection Filtering agent, use the Install-TransportAgent cmdlet:

Install-TransportAgent -Name "Connection Filtering Agent" -TransportService FrontEnd -TransportAgentManufacturing facility "Microsoft.Exchange.Transport.Agent.ConnectionFiltering.ConnectionFilteringAgentManufacturing facility" -AssemblyPath "C:Program InformationMicrosoftExchange ServerV15TransportRolesagentsHygieneMicrosoft.Exchange.Transport.Agent.Hygiene.dll"

Because in Exchange 2016, all roles (apart from Edge Transport) are merged, so in the event you don’t have a devoted server with the Edge Transport function, you’ll have to set up antispam brokers utilizing the install-AntispamAgents.ps1 script on all servers. Then for the Exchange Transport service it’s essential to specify the addresses of inside SMTP servers, which needs to be ignored when checking for spam:

Set-TransportConfig -InternalSMTPServers @

After the agent is put in, it’s essential to allow it and restart the Front End Transport service:
Enable-TransportAgent -TransportService FrontEnd -Identity "Connection Filtering Agent"
Restart-Service MSExchangeFrontEndTransport

To make it possible for the Connection Filtering agent is put in and working, do the next:
Get-TransportAgent -TransportService FrontEnd

Next it’s essential to specify a listing of RBL suppliers for use.

Note. Now the preferred RBL suppliers are Spamhaus and SpamCop.

Add-IPBlockListSupplier -Name -LookupDomain -AnyMatch $true -Enabled $True
To change the textual content of the NDR message returned to the sender, execute this command:
Set-IPBlockListSupplier -RejectionResponse "Your IP deal with is listed by Spamhaus Zen. You can delete it on web page"
You can add a number of RBL suppliers without delay, having studied their peculiarities and business use insurance policies.
You can show the checklist of presently used RBL as follows:

You can verify if a sure IP deal with is within the RBL checklist with the next command:
Test-IPBlockListSupplier -Identity -IPAddress x.x.x.x
By default the Connection Filter agent logs are saved to the folder
C:Program InformationMicrosoftExchange ServerV15TransportRolesLogsFrontEndAgentLog.

You can get details about which of the RBL suppliers rejected the e-mail by performing a search on * .log recordsdata on this listing. To discover the log file with the required e-mail deal with, open the elevated cmd and run the instructions:

Cd “C:Program InformationMicrosoftExchange ServerV15TransportRolesLogsFrontEndAgentLog”
discover /c "[email protected]" *.log | discover ":" | discover /v ": zero"

Then open the discovered *.log file in any textual content editor. Search for the rejected e-mail deal with to detect the RBL supplier that blocked the e-mail and the blocking time.

This instance exhibits that the e-mail from [email protected] was rejected on your Exchnage server by the RBL supplier

[email protected],,[email protected],1,Connection Filtering Agent,OnRcptCommand,RejectCommand,”550 5.7.1 Recipient not approved, your IP has been discovered on a block checklist”,BlockLictProvider,,,,

After the preliminary info is collected (it relies upon on the scale of the SMTP site visitors, and often takes as much as 2-Three days), the RBL filtering statistics will be displayed utilizing the Get-AntispamTopRBLProviders.ps1 cmdlet:
.get-AntispamTopRBLProviders.ps1 -location "C:Program InformationMicrosoftExchange ServerV15TransportRolesLogsFrontEndAgentLog"

The first time you begin utilizing RBL filtering, it’s essential to fastidiously study the filtering logs for false positives in order to not block emails out of your companions. You can add such a trusted e-mail addresses or domains to bypass spam filtering:

Set-ContentFilterConfig -BypassedSenderDomains, contoso2.web,

Or add the IP deal with of a particular SMTP server to the trusted ones:

IPAllowListEntry -IPAddress x.x.x.x

In addition, the next pre-installed PowerShell scripts can be utilized to acquire e-mail filtering statistics by the Connection Filtering Agent:

  • get-AntispamFilteringReport.ps1
  • get-AntispamSCLHistogram.ps1
  • get-AntispamTopBlockedSenderDomains.ps1
  • get-AntispamTopBlockedSenderIPs.ps1
  • get-AntispamTopBlockedSenders.ps1
  • get-AntispamTopRBLProviders.ps1
  • get-AntispamTopRecipients.ps1

To disable incoming e-mail filtering, it’s essential to disable the Connection Filtering Agent:

Disable-TransportAgent -TransportService FrontEnd -Identity “Connection Filtering Agent”

The RBL lists are fairly efficient to guard from undesirable e-mail (spam), however in essentially the most circumstances they’ve for use together with different anti-spam strategies to supply the strong anti-spam safety. In addition to RBL, you may manually .

Check Also

How to Backup Active Directory Domain Controller?

In this text we’ll speak about Active Directory area controller backup and find out how …

Leave a Reply

Your email address will not be published. Required fields are marked *