none
IP Block List providers -

    Pergunta

  • Hi Experts,

    i am geeting spam mails in my exchange server 2007 . on daily basis.

    can you pls let me know the ip blocklist provider names which provide free services ...

    and how can i use ..

    Rgds,
    Balwan Singh
    sábado, 16 de janeiro de 2010 10:57

Respostas

Todas as Respostas

  • To the best of my knowledge, these are free:

    Spam and Open Relay Blocking System (SORBS)
    http://www.us.sorbs.net/

    Not Just Another Bogus List (NJABL.ORG)
    http://dnsbl.njabl.org/

    Composite Blocking List (CBL)
    http://cbl.abuseat.org/

    SpamCop Blocking List (SCBL)
    http://www.spamcop.net/bl.shtml


    MCTS: Messaging | MCSE: S+M | Small Business Specialist
    • Sugerido como Resposta Mike Shen segunda-feira, 18 de janeiro de 2010 08:20
    • Marcado como Resposta Mike Shen sexta-feira, 22 de janeiro de 2010 08:37
    sábado, 16 de janeiro de 2010 11:31
  • Hi Jon

    I would like to know what will be the entry for Look up Domain in IP Block List Providers.

    According to your reply I understand below mentioned.

    In Provider Name :  SORBS

    In Domain Look up : www.us.sorbs.net

     

    Apply and OK.

    Kinldy correct me if i'M WRONG.

    regards

    suman b singh

     

     

     

     

     

    quinta-feira, 25 de março de 2010 12:38
  • Not exact.

    You need to find on that sites article about how to configure mail server and there you'll get link, that can be used in Block List Providers configuration.

    For example:

    Provider name: spamcop

    DNS Suffix: bl.spamcop.net

    (http://www.spamcop.net/fom-serve/cache/345.html)


    terça-feira, 17 de maio de 2011 19:45
  • Pls share your Antispam settings.
    Regards Suman B. Singh
    • Sugerido como Resposta N.Ravikumar sexta-feira, 18 de novembro de 2011 09:43
    sexta-feira, 27 de maio de 2011 07:50
  • Hi Suman find the below details.

    SpamHaus - zen.spamhaus.org
    SpamCop  - bl.spamcop.net
    Surriel  - psbl.surriel.com
    SORBS    - dnsbl.sorbs.net

     

    sexta-feira, 18 de novembro de 2011 09:45
  • Hi Suman find the below details.

    SpamHaus - zen.spamhaus.org
    SpamCop  - bl.spamcop.net
    Surriel  - psbl.surriel.com
    SORBS    - dnsbl.sorbs.net

     


    I only use zen.spamhaus.org as IP Block List Provider in Exchange 2003 and Exchange 2007 (I'm not yet using Exchange 2010), because:

    • using too many IP Block List providers slows down Exchange and saturates the network of many DNS requests
    • because zen.spamhaus.org is good enough by itself
    • because Google also uses the Block List of Spamhaus.org project.

    • Editado Mulita sexta-feira, 18 de novembro de 2011 18:48
    sexta-feira, 18 de novembro de 2011 18:47

  • I only use zen.spamhaus.org as IP Block List Provider in Exchange 2003 and Exchange 2007 (I'm not yet using Exchange 2010), because:

    • using too many IP Block List providers slows down Exchange and saturates the network of many DNS requests
    • because zen.spamhaus.org is good enough by itself
    • because Google also uses the Block List of Spamhaus.org project.

    Let me start by saying that resurrecting a discussion from Jan. 2010 isn't exactly a good idea; it would have been a better idea starting a new thread... given that someone ASKED for infos, which doesn't seem the case; it sounds like someone randomly found this discussion and without even looking at the date, carried it on

    That said, the DNSBL (and DNSWL since exchange 2010 supports those too) lookups won't "saturate" anything, assuming you have a decent connection and assuming you are using your own, caching resolvers; the DNS traffic is quite limited and further reduced by caching, also, using a single DNSBL won't help you at all; you wont' spare bandwidth (DNS queries take up very little bandwitdh) and, on the other hand, will impose MORE load on your server since it will need to waste more computational power to check the incoming messages

    My suggestion is to use the following blacklists

     

    zen.spamhaus.org
    bb.barracudacentral.org
    ix.dnsbl.manitu.net
    bl.spamcop.net
    combined.njabl.org
    

     

    and, if you are using Exchange 2010 which supports DNS whitelists, to also use the following whitelists

     

    swl.spamhaus.org
    iadb.isipp.com
    query.bondedsender.org
    hul.habeas.com
    
     

     

    then, ensure to enable the Exchange recipient filtering and tarpitting (here is how to do it in exchange 2003, newer versions use different methods but HAVE such a feature, so enable it) as described at the linked article (or as applies to your version - e.g. using a cmdlet) and to configure the sender-id (aka SPF) checks (and possibly publish your SPF/SenderID records); set your SCL values to (as a start) 5 and 7 and then fine tune them as needed, also, absolutely, positively ensure to NOT generate bounces (e.g. NDRs, "virus" notices and so on), the reason is explained here quite well; also, add a decent AV scanner to your exchange and ensure that not only it won't generate bounces (see the other note) but that it will also scan both incoming and outgoing emails

    For further informations, please see this, also, please, avoid resurrecting such old discussions "just because you think to know the answer", first of all you won't help people, second, if you have any new questions, it will be a better idea starting a fresh new discussion and, if desired, adding a pointer to the old one.

     




    • Editado ObiWan terça-feira, 22 de novembro de 2011 16:26
    • Sugerido como Resposta Kirly_hurricane terça-feira, 28 de fevereiro de 2012 18:45
    terça-feira, 22 de novembro de 2011 16:00
  • On Tue, 22 Nov 2011 16:00:26 +0000, ObiWan wrote:
     
    >
    >
    >I only use zen.spamhaus.org as IP Block List Provider in Exchange 2003 and Exchange 2007 (I'm not yet using Exchange 2010), because: using too many IP Block List providers slows down Exchange and saturates the network of many DNS requests because zen.spamhaus.org is good enough by itself because Google also uses the Block List of Spamhaus.org project.
    >
    >Let me start by saying that resurrecting a discussion from Jan. 2010 isn't exactly a good idea; it would have been a better idea starting a new thread... given that someone ASKED for infos, which doesn't seem the case; it sounds like someone randomly found this discussion and without even looking at the date, carried it on
    >
    >That said, the DNSBL (and DNSWL since exchange 2010 supports those too) lookups won't "saturate" anything, assuming you have a decent connection and assuming you are using your own, caching resolvers; the DNS traffic is quite limited and further reduced by caching, also, using a single DNSBL won't help you at all; you wont' spare bandwidth (DNS queries take up very little bandwitdh) and, on the other hand, will impose MORE load on your server since it will need to waste more computational power to check the incoming messages
     
    It's true that DNS queries and their responses don't occupy very much
    of a network's capacity. However, waiting for those DNS replies can
    (and does) increase the amount of time it takes to process the
    message. Using as few DNSBLs as possible is prudent.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    quarta-feira, 23 de novembro de 2011 03:39
  • It's true that DNS queries and their responses don't occupy very much of a network's capacity. However, waiting for those DNS replies can (and does) increase the amount of time it takes to process the message. Using as few DNSBLs as possible is prudent.

    That's for sure, and, in fact, I didn't suggest using some gazillion DNSBLs, but some, well selected ones which won't "overlap" and will cover different kind of "issues" will allow to issue straight rejects on "bad messages" without wasting computational power (and bandwidth) to receive and parse them :) and sincerely, receiving some avalanche of emails, waiting to get them all just to analyze and then reject them, is in my opinion, worse than just "waiting" (really a little bit, DNSBLs use multiple redundant and balanced servers and then your local DNS resolvers have their cache and replies from them are fast) for a DNS query :) the basic idea when it comes to email filtering and especially if you need to process quite a bunch of messages (and I mean ANY message, including junk ones... which raise the total quite a lot) is to try placing the "less costly" checks at beginning and using the most costly ones (e.g. AV scanning) at the bottom of the "pipeline" so allowing the server to deal with a quite high load and avoid wasting bandwidth and processing power :)

     

    quarta-feira, 23 de novembro de 2011 15:30
  • Thanks for the Lists ObiWan...

    Do you have any recommendations on configuring the [Exchange 2007/2010] 'Return status code' setting?  Should it be set to 'Match any return code' or 'Match specific mask and response'?

    Thanks for any help you can provide!

    quinta-feira, 5 de abril de 2012 13:05
  • Thanks for the Lists ObiWan...

    You're welcome

    Do you have any recommendations on configuring the [Exchange 2007/2010] 'Return status code' setting?  Should it be set to 'Match any return code' or 'Match specific mask and response'?

    Well... it depends from you :) see, some of those lists (not all) may return some "special" return codes (other than the "standard" 127.0.0.2); those codes have different meaning depending from each list so... the choice is totally up to you; for example you may decide to accept any code from the blacklists and only accept some specific codes from the whitelists or fine tune everything or just some lists... again, up to your personal preferences or, better said it all depends from how much you want to push your customization :)

    At any rate, the lists returning different codes, list them on their respective websites, for example the codes related to the SpamHaus ZEN can be found here other infos can be found on each list website (given that a given list DOES return different return codes, which isn't always the case); another example is the "dnswl" (which is a whitelist which I didn't include above); queries to such a list (that is to list.dnswl.org) will return a "combined value" whose meanings are listed here but given the mechanism used, adopting it in exchange isn't easy that's why I left it out from the suggested providers list

    quinta-feira, 5 de abril de 2012 15:21
  • Hi- just an FYI to anyone reading this great post. The combined.njabl.org block list is being shut down so you don't want to use it any more. Here's the post from their site http://njabl.org/:

    March 1, 2013: NJABL is in the process of being shut down. The DNSBL zones have been emptied. After "the Internet" has had some time to remove NJABL from server configs, the NS's will be pointed off into unallocated space (192.0.2.0/24 TEST-NET-1) to hopefully make the shutdown obvious to those who were slower to notice.

    quarta-feira, 26 de junho de 2013 15:45
  • Thanks for letting us know about this, I was copying the servers from above for our exchange setup on SBS 2011, and then noticed your post.

    Thank You!

    segunda-feira, 18 de novembro de 2013 18:54