Install the Anti-Spam Components
Run the following commands in the Exchange Management Shell:
[PS] C:\Windows\System32>
[PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>
Close EMS, Restart the MSExchangeTransport service, and then re-open EMS.
Configure an RBL
PS: Google's DNS Servers + Spamhaus = Fail
Exchange 2007 and 2010
Exchange 2013
IPBlockListProvider1
IPBlockListProvider2
Configure Content Filtering
Go into Content Filtering, Action tab, tick the first two. Really safe defaults are:
Delete: 9
Reject: 7
But we usually use 8 and 6.
Checking that the Anti-Spam is working
This script shows how many messages are matched by the different SCLs:
[PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>
And you can make sure the RBL is dropping spammers connections with the following command:
[PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>
Run the following commands in the Exchange Management Shell:
[PS] C:\Windows\System32>
Code:
cd 'C:\Program Files\Microsoft\Exchange Server\V14\Scripts'
Code:
.\install-AntispamAgents.ps1
Configure an RBL
PS: Google's DNS Servers + Spamhaus = Fail
Exchange 2007 and 2010
- Click Start, All Programs, Microsoft Exchange Server 2007, Exchange Management Console and accept the UAC prompt
- Expand Organization Configuration and select Hub Transport
- In the Anti-Spam tab, open the IP Block List Providers feature
- On the Providers tab, click Add
- Enter "Spamhaus" as the provider name and "zen.spamhaus.org" as the lookup domain - I also do one for bl.spamcop.net
- Select Match any return code and click OK
Exchange 2013
IPBlockListProvider1
Code:
Add-IPBlockListProvider -Name "SpamHaus IPBlockListProvider" -LookupDomain "zen.spamhaus.org" -BitMaskMatch 127.0.0.1
Code:
Set-IPBlockListProvider "SpamHaus IPBlockListProvider" -RejectionResponse "Your message was rejected because the IP address of the server sending your message is in the block list."
Code:
Add-IPBlockListProvider -Name "SpamCop IPBlockListProvider" -LookupDomain "bl.spamcop.net" -IPAddressesMatch "127.0.0.2","127.0.0.5" -Priority 1
Code:
Set-IPBlockListProvider "SpamCop IPBlockListProvider" -RejectionResponse "Your message was rejected because the IP address of the server sending your message is in the block list."
Go into Content Filtering, Action tab, tick the first two. Really safe defaults are:
Delete: 9
Reject: 7
But we usually use 8 and 6.
Checking that the Anti-Spam is working
This script shows how many messages are matched by the different SCLs:
[PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>
Code:
.\get-AntispamSCLHistogram.ps1 -startDate 1/20/2013 | sort name
Code:
Name Value
---- -----
0 142
1 21
2 8
3 2
4 5
5 23
6 65
7 53
8 63
not available: content filtering was bypassed. 1
not available: policy is disabled. 11
[PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>
Code:
.\get-AntispamTopRBLProviders.ps1
Code:
Name Value
---- -----
bl.spamcop.net 359