none
IP Block List providers giving false positives

    Question

  • Earlier this week, my Exchange 2013 environment stopped receiving any external email.  This was very confusing as everything appeared to be running, internal mail was flowing OK, and outgoing mail was OK.

    I discovered that the Connection Filtering Agent on my Edge Transport Server was rejecting every connection, and dropping it straight away.  After a bit of digging, I found that I was getting a false positive by the IP Block List Providers I have configured.  When I disabled the first provider, the connections were getting blocked by the second provider, and then by the third.  I checked with Spamhaus' utility (https://www.spamhaus.org/lookup/), and the sender IP (in this case, I was using the Microsoft Remote Connectivity Analyser to test) was not in any of their blacklists.  I didn't check the other providers, but I'm sure it's not listed.

    I used the Test-IPBlockListProvider cmdlet against all the Providers I have listed, with the following results:

    Provider          ProviderResult   Matched
    --------          --------------   -------
    SpamHaus          {198.101.242.72}    True
    Barracuda Central {198.101.242.72}    True
    SpamCop           {198.101.242.72}    True

    At the moment, I have the Connection Filtering Agent disabled, and email is coming through OK again, but I'd like to figure out what's going on, so I can enable it again.

    Does anyone have any idea why it would start returning false positives for everything out of the blue?  Is the fact that the ProviderResult the same (and not the input IP I provided) relevant?


    • Edited by GBurch1 Thursday, May 5, 2016 10:38 PM Missed some details out
    Thursday, May 5, 2016 10:35 PM

All replies

  • Hi,

    Please post the result of the following command for troubleshooting

    Get-IPBlockListProvider | fl

    Get-IPBlockListConfig | fl

    And I suggest to re-add that three provider one by one to check this issue.

    Best Regards.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Lynn-Li
    TechNet Community Support

    Friday, May 6, 2016 8:24 AM
    Moderator
  • Hi,

    Is there any update for this thread?

    If the above suggestions are helpful to you, please mark it as answer so that someone who has similar issue could find this thread as soon as possible.

    Best Regard


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Lynn-Li
    TechNet Community Support

    Tuesday, May 10, 2016 8:41 AM
    Moderator