IP Block List providers -
-
sábado, 16 de janeiro de 2010 10:57Hi Experts,
i am geeting spam mails in my exchange server 2007 . on daily basis.
can you pls let me know the ip blocklist provider names which provide free services ...
and how can i use ..
Rgds,
Balwan Singh
Todas as Respostas
-
sábado, 16 de janeiro de 2010 11:31
To the best of my knowledge, these are free:
Spam and Open Relay Blocking System (SORBS)
http://www.us.sorbs.net/Not Just Another Bogus List (NJABL.ORG)
http://dnsbl.njabl.org/Composite Blocking List (CBL)
http://cbl.abuseat.org/SpamCop Blocking List (SCBL)
http://www.spamcop.net/bl.shtml
MCTS: Messaging | MCSE: S+M | Small Business Specialist -
quinta-feira, 25 de março de 2010 12:38
Hi Jon
I would like to know what will be the entry for Look up Domain in IP Block List Providers.
According to your reply I understand below mentioned.
In Provider Name : SORBS
In Domain Look up : www.us.sorbs.net
Apply and OK.
Kinldy correct me if i'M WRONG.
regards
suman b singh
-
terça-feira, 17 de maio de 2011 19:45
Not exact.
You need to find on that sites article about how to configure mail server and there you'll get link, that can be used in Block List Providers configuration.
For example:
Provider name: spamcop
DNS Suffix: bl.spamcop.net
(http://www.spamcop.net/fom-serve/cache/345.html)
-
sexta-feira, 27 de maio de 2011 07:50 Pls share your Antispam settings.
Regards Suman B. Singh- Sugerido como Resposta N.Ravikumar sexta-feira, 18 de novembro de 2011 09:43
-
sexta-feira, 18 de novembro de 2011 09:45
Hi Suman find the below details.
SpamHaus - zen.spamhaus.org
SpamCop - bl.spamcop.net
Surriel - psbl.surriel.com
SORBS - dnsbl.sorbs.net -
sexta-feira, 18 de novembro de 2011 18:47
Hi Suman find the below details.
SpamHaus - zen.spamhaus.org
SpamCop - bl.spamcop.net
Surriel - psbl.surriel.com
SORBS - dnsbl.sorbs.net
I only use zen.spamhaus.org as IP Block List Provider in Exchange 2003 and Exchange 2007 (I'm not yet using Exchange 2010), because:- using too many IP Block List providers slows down Exchange and saturates the network of many DNS requests
- because zen.spamhaus.org is good enough by itself
- because Google also uses the Block List of Spamhaus.org project.
- Editado Mulita sexta-feira, 18 de novembro de 2011 18:48
-
terça-feira, 22 de novembro de 2011 16:00
I only use zen.spamhaus.org as IP Block List Provider in Exchange 2003 and Exchange 2007 (I'm not yet using Exchange 2010), because:
- using too many IP Block List providers slows down Exchange and saturates the network of many DNS requests
- because zen.spamhaus.org is good enough by itself
- because Google also uses the Block List of Spamhaus.org project.
Let me start by saying that resurrecting a discussion from Jan. 2010 isn't exactly a good idea; it would have been a better idea starting a new thread... given that someone ASKED for infos, which doesn't seem the case; it sounds like someone randomly found this discussion and without even looking at the date, carried it on
That said, the DNSBL (and DNSWL since exchange 2010 supports those too) lookups won't "saturate" anything, assuming you have a decent connection and assuming you are using your own, caching resolvers; the DNS traffic is quite limited and further reduced by caching, also, using a single DNSBL won't help you at all; you wont' spare bandwidth (DNS queries take up very little bandwitdh) and, on the other hand, will impose MORE load on your server since it will need to waste more computational power to check the incoming messages
My suggestion is to use the following blacklists
zen.spamhaus.org bb.barracudacentral.org ix.dnsbl.manitu.net bl.spamcop.net combined.njabl.org
and, if you are using Exchange 2010 which supports DNS whitelists, to also use the following whitelists
swl.spamhaus.org iadb.isipp.com query.bondedsender.org hul.habeas.com
then, ensure to enable the Exchange recipient filtering and tarpitting (here is how to do it in exchange 2003, newer versions use different methods but HAVE such a feature, so enable it) as described at the linked article (or as applies to your version - e.g. using a cmdlet) and to configure the sender-id (aka SPF) checks (and possibly publish your SPF/SenderID records); set your SCL values to (as a start) 5 and 7 and then fine tune them as needed, also, absolutely, positively ensure to NOT generate bounces (e.g. NDRs, "virus" notices and so on), the reason is explained here quite well; also, add a decent AV scanner to your exchange and ensure that not only it won't generate bounces (see the other note) but that it will also scan both incoming and outgoing emails
For further informations, please see this, also, please, avoid resurrecting such old discussions "just because you think to know the answer", first of all you won't help people, second, if you have any new questions, it will be a better idea starting a fresh new discussion and, if desired, adding a pointer to the old one.
- Editado ObiWan terça-feira, 22 de novembro de 2011 16:26
- Sugerido como Resposta Kirly_hurricane terça-feira, 28 de fevereiro de 2012 18:45
-
quarta-feira, 23 de novembro de 2011 03:39On Tue, 22 Nov 2011 16:00:26 +0000, ObiWan wrote:>>>I only use zen.spamhaus.org as IP Block List Provider in Exchange 2003 and Exchange 2007 (I'm not yet using Exchange 2010), because: using too many IP Block List providers slows down Exchange and saturates the network of many DNS requests because zen.spamhaus.org is good enough by itself because Google also uses the Block List of Spamhaus.org project.>>Let me start by saying that resurrecting a discussion from Jan. 2010 isn't exactly a good idea; it would have been a better idea starting a new thread... given that someone ASKED for infos, which doesn't seem the case; it sounds like someone randomly found this discussion and without even looking at the date, carried it on>>That said, the DNSBL (and DNSWL since exchange 2010 supports those too) lookups won't "saturate" anything, assuming you have a decent connection and assuming you are using your own, caching resolvers; the DNS traffic is quite limited and further reduced by caching, also, using a single DNSBL won't help you at all; you wont' spare bandwidth (DNS queries take up very little bandwitdh) and, on the other hand, will impose MORE load on your server since it will need to waste more computational power to check the incoming messagesIt's true that DNS queries and their responses don't occupy very muchof a network's capacity. However, waiting for those DNS replies can(and does) increase the amount of time it takes to process themessage. Using as few DNSBLs as possible is prudent.---Rich MatheisenMCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP -
quarta-feira, 23 de novembro de 2011 15:30
It's true that DNS queries and their responses don't occupy very much of a network's capacity. However, waiting for those DNS replies can (and does) increase the amount of time it takes to process the message. Using as few DNSBLs as possible is prudent.
That's for sure, and, in fact, I didn't suggest using some gazillion DNSBLs, but some, well selected ones which won't "overlap" and will cover different kind of "issues" will allow to issue straight rejects on "bad messages" without wasting computational power (and bandwidth) to receive and parse them :) and sincerely, receiving some avalanche of emails, waiting to get them all just to analyze and then reject them, is in my opinion, worse than just "waiting" (really a little bit, DNSBLs use multiple redundant and balanced servers and then your local DNS resolvers have their cache and replies from them are fast) for a DNS query :) the basic idea when it comes to email filtering and especially if you need to process quite a bunch of messages (and I mean ANY message, including junk ones... which raise the total quite a lot) is to try placing the "less costly" checks at beginning and using the most costly ones (e.g. AV scanning) at the bottom of the "pipeline" so allowing the server to deal with a quite high load and avoid wasting bandwidth and processing power :)
-
quinta-feira, 5 de abril de 2012 13:05
Thanks for the Lists ObiWan...
Do you have any recommendations on configuring the [Exchange 2007/2010] 'Return status code' setting? Should it be set to 'Match any return code' or 'Match specific mask and response'?
Thanks for any help you can provide!
-
quinta-feira, 5 de abril de 2012 15:21
Thanks for the Lists ObiWan...
You're welcome
Do you have any recommendations on configuring the [Exchange 2007/2010] 'Return status code' setting? Should it be set to 'Match any return code' or 'Match specific mask and response'?
Well... it depends from you :) see, some of those lists (not all) may return some "special" return codes (other than the "standard" 127.0.0.2); those codes have different meaning depending from each list so... the choice is totally up to you; for example you may decide to accept any code from the blacklists and only accept some specific codes from the whitelists or fine tune everything or just some lists... again, up to your personal preferences or, better said it all depends from how much you want to push your customization :)
At any rate, the lists returning different codes, list them on their respective websites, for example the codes related to the SpamHaus ZEN can be found here other infos can be found on each list website (given that a given list DOES return different return codes, which isn't always the case); another example is the "dnswl" (which is a whitelist which I didn't include above); queries to such a list (that is to list.dnswl.org) will return a "combined value" whose meanings are listed here but given the mechanism used, adopting it in exchange isn't easy that's why I left it out from the suggested providers list
.png)
