locked
FPE 2010 DNSBL Issue RRS feed

  • Question

  • Hi all,

    I have a question about the FPE2010 DNSBL. We've been getting some legitimate email blocked by it, but I suspect it may be due to our setup and I wonder if anyone has any suggestions.

    We are a departement inside a larger organisation, which maintains the incoming email hubs from the internet and over which we have no control. All mail for our domain is forwarded by these hubs to our hub transport server (running Exchage 2010 Enterprise with the Exchange anti-spam angents installed AND FPE 2010 installed). All the organisation mail hubs and internal SMTP hosts are in the InternalSMTPServers list on the hub transport server. Our users can connect to the organisation mailhubs using authenticated TLS, but those mailhubs relay the email to us anonymously on port 25. There are no edge transport servers in our setup. Port 25 is blocked at the organisation firewall, so the only way we can receive email is via these hubs.

    We were prevously using Forefront for Exchange on Exhcange 2007 SP2 and had enabled sbl-xbl.spamhaus.org and the only DNSBL provider. This worked fine, and we still have it as a setting in the Exchange 2010 anti-spam agents on the hub transport.

    Now, with FPE2010 we have the new aggregated list which seems to be blocking some legitimate connections (authenticated to the organisation mailhubs over TLS) but the connecting machine is on the pbl.spamhaus.org blocklist - in other words it's a home broadband system from one of our users and he's sending email directly from it. The FPE2010 DNSBL is blocking this - the list is 87.blocklist.zap (I guess you might argue legitimately except for the fact he had to authenticate).

    Any suggestions on how to deal with this? If I turn off the FPE2010 DNSBL, will it fall back to using the DNSBL in the exchange anti-spam agents or has FPE2010 turned these off permanently? Or is there some way to skip authenticated TLS connections upstream?

    Cheers,
      Dave

    Friday, June 25, 2010 3:31 PM

Answers

  • Hi Dave,

    In FPE2010 there is an option called "Enable Forefront DNSBL", or something like that, I don't have FPE2010 right in front of me now. If you disable this option then only the entered DNSBL-providers will be used. The "Enable Forefront DNSBL" turns the Forefront DNSBL on.

    Greetings

    Christian

     


    Christian Groebner MVP Forefront
    Friday, June 25, 2010 3:49 PM

All replies

  • Hi Dave,

    In FPE2010 there is an option called "Enable Forefront DNSBL", or something like that, I don't have FPE2010 right in front of me now. If you disable this option then only the entered DNSBL-providers will be used. The "Enable Forefront DNSBL" turns the Forefront DNSBL on.

    Greetings

    Christian

     


    Christian Groebner MVP Forefront
    Friday, June 25, 2010 3:49 PM
  • CREATE CERTIFICATE SP5Certificate WITH SUBJECT = SP5Certificate;
    wFgq83zhfAeoAGVw6LtA8gBAaoEH0_Q2BXrhiXM03oobD-FxumBSDoBB_xAngVtHVOjqmE&num=1&val=ChA5NDU5NWEwMDliMjBmNmNhEN-24vUEGgiVqROVpS4aGyAAKAA&sig=AOD64_28To2tXERJrsTM1oFfMiDnR9I42Q&adurl=http://www.manageengine.com/products/passwordmanagerpro/%E2%80%AC
    • Proposed as answer by мóηêèЯ Friday, December 16, 2011 7:24 AM
    Friday, December 16, 2011 7:24 AM