none
DNSBL overtakes IP Allow

    Question

  • Hi,

    I'm trying to setup an IP allow as I have some senders being on RBL lists. However, selecting both IP Allow list (and entering the IP) and enabling the DNSBL in forefront still results in a messages from that IP being blocked by the DNSBL.

    Is this behavior expected, configuration issue?

    R


    WORK FOR AVANADE!

    Thursday, June 14, 2012 8:21 AM

Answers

All replies

  • Hi,

    have you configred it this way?

    http://technet.microsoft.com/en-us/library/dd639381

    Greetings

    Christian


    Christian Groebner MVP Forefront

    Thursday, June 14, 2012 8:24 AM
  • Yes indeed. Followed the same way.. I see the IP Allow lists also coming back to Exchange and when querying it with Get-IPAllowListEntry it also shows up there. But only disabling the DNSBL will allow the message through..

    R

    Thursday, June 14, 2012 8:34 AM
  • Hi,

    are you running the latest build?

    http://support.microsoft.com/kb/2619883/en-us

    Greetings

    Christian


    Christian Groebner MVP Forefront

    Thursday, June 14, 2012 9:09 AM
  • Not running the latest build.. but did not see any reference to this on the release notes of the latest update.

    But just for my piece of mind.. the IP Allow list should override any DNSBL listing right?

    R

    Thursday, June 14, 2012 1:10 PM
  • Hi,

    you are right, the ip allowlist should override the DNSBL.

    AFAIK there was a fix in some of the rollups, so you should update your installation to the latest build and see if it works.

    Greetings

    Christian


    Christian Groebner MVP Forefront

    Thursday, June 14, 2012 1:15 PM
  • will try to implement latest updates.. will report back soon
    Thursday, June 14, 2012 1:49 PM
  • Hi,

    Thank you for the post.

    What is Exchange version in your scenario? As far as I know, this issue may occurred when FPE in conjunction with Exchange 2007 sp1. And you have a workaround: add ip address directly into the Exchange IP Allow list. When you upgrade to Exchange 2007 SP2, you will be able to enter IP Allow/Block entries through FPE and they will then be reflected both in the FPE Administrator console and the Exchange Management Console.

    Regards,


    Nick Gu - MSFT

    Wednesday, June 20, 2012 9:27 AM
  • To clarify, the Exchange and Forefront IP allow and block lists are the same thing.  When you are configuring them in FPE you're really configuring them in Exchange, it's just a way to unify it in the FPE UI.  That is why you see the entries reflected in Exchange.

    The IP's added to the IP allow lists should bypass the DNSBL.  You do see the correct IP's reflected in the IP allow list, correct?  If you add the domain(s) for the IP's in question to the Content Allow Lists in FPE those domains should bypass the DNSBL as well.

    Wednesday, June 20, 2012 6:58 PM