How to configure connection filtering to use Realtime Block Lists (RBLs) and how to configure recipient filtering in Exchange 2003 (823866)


The information in this article applies to:

  • Microsoft Exchange Server 2003 Enterprise Edition
  • Microsoft Exchange Server 2003 Standard Edition

SUMMARY

You can use the connection filtering and recipient filtering features in Microsoft Exchange Server 2003 to help reduce unwanted mass e-mail or unsolicited commercial e-mail (UCE) in your organization.

Connection filtering is used to configure Exchange Server to contact a Realtime Block List (RBL) provider to determine whether the computer that an e-mail message is sent from appears in a list of "blacklisted" computers. You can also configure exceptions to these connection filters.

Additionally, you can configure recipient filters to prevent e-mail from being delivered to certain members of your organization or to recipients who are not members of your organization.

This article describes how to configure these filters and how to assign them to a particular SMTP virtual server. Additionally, this article contains a sample mail-flow process to describe where each filter is applied during the mail flow conversation.

IN THIS TASK

INTRODUCTION

This step-by-step article discusses the configuration options for connection filtering and for recipient filtering in Microsoft Exchange Server 2003. This article also discusses the mail flow process that occurs when Realtime Block List (RBL) connection filtering or recipient filtering is enabled.

back to the top

How connection filtering works

Connection filtering is a rule that the Simple Mail Transfer Protocol (SMTP) uses to determine whether a sending computer's Internet Protocol (IP) address appears on a Realtime Block List (RBL). An RBL is a database that is created by an entity to record potential sources of unsolicited commercial e-mail (UCE) or of bulk e-mail. UCE is also known as spam. Some of the potential sources of UCE or of bulk e-mail include e-mail servers that are configured as "open" relays or dial-up accounts.

SMTP uses connection filtering to perform a Domain Name System (DNS) query for the IP address of the sending mail server. Exchange Server 2003 sends the query to the RBL provider to see whether the host record (also known as the A record) of the sending mail server appears in the RBL. The RBL provider checks its DNS records for the existence of the sending mail server's host record. The RBL provider looks for this host record in the following format:

Reverse IP address of the sending mail server.DNS suffix of the RBL provider

For example, if the sending mail server's IP address is 172.16.21.5 and if the RBL provider's DNS suffix is contoso.com, Exchange 2003 queries for 5.21.16.172.contoso.com.

The RBL provider returns one of the following responses:
  • "Host Not Found": The RBL provider returns this response if the requested IP address does not exist in the provider's DNS.
  • "127.0.0.Status code": The RBL provider returns this response if the requested IP address is present in the provider's DNS. Status code indicates the type of offense. This status code may vary among providers because no current standard exists.
If the IP address is present in the RBL provider's DNS, SMTP returns the following error message in response to the sending mail server's RCPT TO command:
550 5.x.x
You can use several connection filters to prioritize the order that each filter is applied in. If multiple RBL providers are used, each provider is queried in the order that they appear in Exchange 2003. Exchange Server does not query other RBL providers in the list if it obtains a match from a previous provider.

back to the top

Create a connection filter

To create a connection filter in Exchange 2003, follow these steps:
  1. Start Exchange System Manager.
  2. Expand Global Settings, right-click Message Delivery, and then click Properties.
  3. Click the Connection Filtering tab.
  4. To create a connection filter rule, click Add.
  5. In the Display Name box, type a name for the connection filter.
  6. In the DNS Suffix of Provider box, type the DNS suffix that the provider appends to the IP address.
  7. In the Custom Error Message to Return box, type a custom error message to return to the sender.

    Leave this field blank if you want to use the default error message. The default error message is:
    IP address has been blocked by Rule name of the connection filter
    You can generate a custom message by using the following variables:
    • %0: IP address of the sending mail server
    • %1: Rule name of the connection filter
    • %2: The RBL provider
    For example, if you type The IP address %0 was rejected by the Realtime Block List provider %2. in the Custom Error Message to Return box, the following custom error message is generated:
    The IP address IP address was rejected by the Realtime Block List provider RBL provider.
  8. To configure the return status codes that are received from the RBL provider that you want to match in this connection filter, click Return Status Code, and then do one of the following:
    • Click Match Filter Rule to Any Return Code to set the default value that matches the connection filter to any return status.
    • Click Match Filter Rule to the Following Mask, and then type the bit mask that you want to filter against. Base the bit mask on the bit masks that your providers use.

      Note A bit mask only checks against a single value. If you set a bit mask value that is returned when an IP address appears on two lists, the bit mask only matches IP addresses that match both settings.
    • Click Match Filter Rule to Any of the Following Responses, and then type the return codes that you want to filter with.
    When you are finished configuring the items in the Return Status Code dialog box, click OK.
  9. Click OK two times.
  10. When you receive the following message, click OK:Connection, Recipient, and Sender Filtering must be manually enabled on specific SMTP virtual server IP address assignments as they are not enabled by default. For more information on how to enable any of the above filtering types, read their associated help.
back to the top

Exceptions to the connection filter

You can create exceptions to the connection filter rule in the following ways:
  • Allow delivery based on the IP address of the sending mail server.
  • Deny delivery based on the IP address of the sending mail server.
This functionality permits you to override the RBL settings. This is helpful when you want to permit a domain that has just been removed from an RBL site to send e-mail to the local domain.

To permit delivery based on the IP address of the sending mail server, follow these steps:
  1. On the Connection Filtering tab, click Accept, and then click Add.
  2. Click Single IP Address to add one IP address, or click Group of IP Addresses to add a whole subnet.
To deny delivery based on the IP address of the sending mail server, follow these steps:
  1. On the Connection Filtering tab, click Deny, and then click Add.
  2. Click Single IP Address to add one IP address, or click Group of IP Addresses to add a whole subnet.

    Note The global accept list overrides the global deny list. If you use the global accept list or the global deny list in combination with a provider service, Exchange 2003 appropriately accepts or denies the connection and does not check any connection filter rules.
back to the top

Create a recipient filter

When you use recipient filtering, you can prevent messages from being delivered to e-mail addresses that exist in your organization, and you can filter messages that are directed to e-mail addresses that do not exist in your organization. Recipient filtering only applies to messages that come from anonymous connections.

To create a recipient filter, follow these steps:
  1. Start Exchange System Manager.
  2. Expand Global Settings, right-click Message Delivery, and then click Properties.
  3. Click the Recipient Filtering tab.
  4. To filter e-mail based on a particular e-mail address, click Add, type the e-mail address, and then click OK.
  5. To filter messages that are directed to e-mail addresses that do not exist in your organization, click to select the Filter recipients who are not in the directory check box.
back to the top

Apply the connection filter or the recipient filter or both to the appropriate SMTP virtual servers

You must enable the connection filters and the recipient filters on each SMTP virtual server where you want these settings to be applied. To apply a filter to a SMTP virtual server, follow these steps:
  1. Start Exchange System Manager.
  2. Expand Servers, expand Server Name, expand Protocols, and then expand SMTP.
  3. Right-click the SMTP virtual server where you want to apply the filter, and then click Properties.
  4. On the General tab, click Advanced.
  5. Click the IP address that you want to apply the filter to, and then click Edit.
  6. In the Identification dialog box, click to select either the Apply Connection Filter check box or the Apply Recipient Filter check box.
  7. Click OK, click OK, click Apply, and then click OK.
  8. Restart the SMTP virtual server where you applied the filter.
  9. Repeat steps 2 through 8 for each virtual server where you want to apply the filter.
back to the top

Mail flow process when connection filtering or recipient filtering is enabled

The following sample SMTP session illustrates the mail flow process that occurs when you enable the RBL connection filter or the recipient filter. This sample shows the process that occurs in response to the SMTP client commands:
  • SMTP command:

    telnet mail1.contoso.org 25

    Mail flow process that occurs:

    Exchange Server determines whether the sender's computer is permitted access to the SMTP virtual server. If the accessing computer appears in the list of computers that are denied access to the SMTP virtual server, Exchange Server closes the connection. To view this list, follow these steps:
    1. Start Exchange System Manager.
    2. Expand Administrative Groups, expand Servers, expand your Exchange Server computer, expand Protocols, expand SMTP, right-click your SMTP virtual server, and then click Properties.
    3. Click the Access tab, and then click Connection.
    4. Where the All except the list below option is selected, view the IP addresses that appear in the Computers list.
  • SMTP command:

    EHLO domain.com
  • SMTP command:

    MAIL FROM: joe@domain.com

    Mail flow process that occurs:
    1. Exchange Server checks the Global Accept and Deny List Configuration settings on the Connection Filtering tab of the Message Delivery Properties dialog box:
      • If the sender's IP address appears in the Accept List dialog box, the message is flagged as having passed the Deny list and the RBL.
      • If the sender's IP address appears in the Deny List dialog box, Exchange Server closes the connection, and then returns the following error message to the sender:
        550 5.7.0 Access Denied
    2. Exchange Server checks the Senders list on the Sender Filtering tab of the Message Delivery Properties dialog box. If the sender appears in this list, Exchange Server closes the connection, and then returns the following error message to the sender:
      554 5.1.0 Sender Denied
  • SMTP command:

    RCPT TO: sally@contoso.org

    Mail flow process that occurs:
    1. Exchange Server checks the SMTP addresses in the exceptions list to the block list service rules. To view this list, click Exceptions on the Connection Filtering tab of the Message Delivery Properties dialog box. If the sender's SMTP address appears in this list, Exchange Server bypasses the RBL.
    2. Exchange Server checks the recipients that appear in the Recipients list on the Recipient Filtering tab of the Message Delivery Properties dialog box. If the message recipient appears in this list, Exchange Server returns the following error message to the sender:
      550 5.7.1 Requested action not taken: mailbox not available
    3. Exchange Server checks the RBL. If the sender is from a blocked domain, Exchange Server closes the connection, and then returns the following error message to the sender:
      550 5.7.1 169.254.1.253 has been blocked by default.
    4. Exchange Server determines whether the Filter recipients who are not in the Directory check box is selected on the Recipient Filtering tab of the Message Delivery Properties dialog box. If this check box is selected, and if the recipient does not appear in the Active Directory directory service, Exchange Server returns the following error message to the sender:
      550 5.1.1 User unknown
      In this scenario, Exchange Server does not close the connection, and the sender can continue to try to deliver mail to other e-mail addresses.
  • SMTP command:

    DATA <CRLF>.<CRLF>

    Note In this command, <CRLF> stands for a carriage return together with a line feed. Typically, a carriage return together with a line feed is manually generated when you press ENTER.

    Mail flow process that occurs:

    Exchange Server checks the SMTP addresses that appear in the Senders list on the Sender Filtering tab of the Message Delivery Properties dialog box. If the sender appears in this list, Exchange Server closes the connection, and then returns the following error message to the sender:
    554 5.1.0 Sender Denied
  • SMTP command:

    QUIT

    Mail flow process that occurs:

    If the message meets all criteria, the message is accepted by Exchange. Exchange Server then delivers the message to the appropriate mailbox.
back to the top
Modification Type:MinorLast Reviewed:2/14/2006
Keywords:kbHOWTOmaster KB823866 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.