Share via


Configure IP Block List Providers Properties

Applies to: Exchange Server 2010

IP Block List Providers are part of the connection filtering feature in Exchange. When the IP Block List Providers feature is enabled on a computer, the Connection Filter agent queries the specified IP Block List provider services to determine if the messaging server that has initiated the connection is a host that is known to send spam.

This topic explains how to use the EMC or the Shell to manage the IP Block List Providers.

Note

Connection filtering is part of the suite of anti-spam features in Exchange. The anti-spam features are only available on Edge Transport servers by default. You can enable anti-spam features on a Hub Transport server even though it isn't recommended. To learn more about enabling anti-spam features on a Hub Transport server, see Enable Anti-Spam Functionality on a Hub Transport Server. The procedures listed in this topic are for configuring anti-spam functionality on an Edge Transport server, but the process is identical on Hub Transport servers.

What Do You Want to Do?

  • Use the EMC to manage the IP Block List Providers
  • Use the Shell to manage the IP Block List Providers

Use the EMC to manage IP Block List provider services

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Anti-spam features" entry in the Transport Permissions topic.

  1. In the console tree, click Edge Transport.
  2. In the result pane, click the Edge server you want to configure and then select the Anti-spam tab in the work pane.
  3. Right-click IP Block List Providers and then select Properties.
  4. The General tab displays the following information about the IP Block List Providers feature.
    • Status   Shows whether the IP Block List Providers feature is enabled or disabled.
    • Modified   Shows the date and time when IP Block List Providers properties were last modified.
    • Description   Provides a brief description of the IP Block List Providers feature.
  5. Use the Providers tab to manage the IP Block List provider services for the local computer. We recommend that you put the most reliable IP Block List provider service first to optimize performance. If the Connection Filter agent receives an IP Block List match from one of the providers, it stops querying other IP Block List provider services.
    • Add   Click Add to add a new IP Block List provider service. In the dialog that appears, configure the following options:
      Provider name   Type the name of the IP Block List provider service. This name is for your own use to identify the provider.
      Lookup domain   Type the domain name that the Connection Filter agent queries for updated IP Block list information.
      Return Status codes   This field shows the IP address status code that is returned by the IP Block List provider service. If the IP address of a remote server that is sending a message matches an IP address on an IP Block List provider service's IP Block list, the provider service may return different types of codes. Most IP Block List provider services return either a bitmask or absolute value code type.
      Match any return code   When you select this option, the Connection Filter agent treats any IP Address status code that is returned by the IP Block List provider service as a match.
      Match specific mask and responses   When you select this option, the Connection Filter agent acts only on messages that match the IP Address status code that is returned by the IP Block List provider service.
      Providers that return bitmask status codes may return a status code of **127.0.0.**x, where the integer x is any one of the following values:
      1: The IP address is on an IP Block list.
      2: The Simple Mail Transfer Protocol (SMTP) server is configured to act as an open relay.
      4: The IP address supports a dial-up IP address.
      Providers that return absolute values and the explicit responses may return one of the following responses:
      127.0.0.2: The IP address is a direct spam source
      127.0.0.4: The IP address is a bulk mailer
      127.0.0.5: The remote server that is sending the message is known to support multistage open relays.
      Match to the following mask   Type the bitmask status code you want to use.
      Match any of the following responses   Type the responses you want to use and then click Add. To modify a previously added response, select the response and click Edit. To remove a previously added response, select the response and click Remove icon.
      Error Messages   To configure the message text that will be delivered in the SMTP session to senders whose messages are blocked by the Connection Filter agent when an IP Block List provider service matches the sender's IP address, click Error Messages and configure the following:

      Default error message

      To send a standard SMTP 550 error message to blocked senders, select Default error message.

      Custom error message

      To compose and send a customized error message, select Custom error message, and then type the message text in the text box.

      We recommend that you specify the IP Block List provider service in the response so that legitimate senders can contact the IP Block List provider service, as in the following example: Originating IP addresses matched contoso.com's IP Block List provider service.

    • **Edit   **To view or update settings for an IP Block List provider service, select a provider, and then click Edit.

    • Remove   To delete an IP Block List provider service, select the provider, and then click Remove icon.

    • Enable   To enable a disabled provider service, select the provider, and then click Enable.

    • Disable   To stop using the selected provider service, but retain the provider information, click Disable.

    • Up arrow   To move a provider higher in the Provider name list, select the provider, and then click Up arrow. The up arrow is enabled only when there is more than one provider in the Provider name list.

    • Down arrow   To move a provider lower in the Provider name list, select the provider, and then click Down arrow. The down arrow is enabled only when there is more than one provider in the Provider name list.

  6. Use the Exceptions tab to specify recipients in your organization for which you don't want to use IP Block List provider services. For example, if you have a customer support e-mail alias, you may want to accept all inbound e-mail messages for that address.
    • Do not block messages sent to the following e-mail addresses, regardless of provider feedback   In this field, type the SMTP address for an existing recipient for which you want to create an exception. For example, kim@contoso.com.
    • Add   To add that recipient to the Exceptions list, after you type the recipient's SMTP address, click Add.
    • Edit   To change a previously added SMTP address, select the recipient's SMTP address from the list, and then click Edit.
    • Remove   To delete a recipient from the exceptions list, select the recipient's SMTP address, and then click Remove icon.

Use the Shell to manage IP Block List provider services

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Anti-spam features" entry in the Transport Permissions topic.

You use the Add-IPBlockListProvider, Set-IPBlockListProvider, and Remove-IPBlockListProvider cmdlets to manage the IP Block List Provider services you use in your organization.

The following example adds a new IP Block List provider service called "Contoso IP Block List Provider", and configures it to use bitmask matching for 127.0.0.1 (block messages from IP addresses that are on the block list):

Add-IPBlockListProvider -Name "Contoso IP Block List Provider" -LookupDomain "contoso.com" -BitMaskMatch 127.0.0.1

The following example configures the same IP Block List provider service to use a custom rejection response:

Set-IPBlockListProvider "Contoso IP Block List Provider" -RejectionMessage "Your message was rejected because the IP address of the server sending your message is in the block list of contoso.com IP Block List Provider service"

The following example adds another IP Block List provider service called "Fabrikam IP Block List Provider", and configures it to use explicit response matching for 127.0.0.2 and 127.0.0.5 (the host is a known spam source or is an open relay). The command also adds this new provider as the top preferred provider.

Add-IPBlockListProvider -Name "Fabrikam IP Block List Provider" -LookupDomain "fabrikam.com" -IPAddressesMatch "127.0.0.2","127.0.0.5" -Priority 1

For detailed syntax and configuration information, see the following topics: