Announcement

Collapse
No announcement yet.

How exactly does exchange spam prevention work?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How exactly does exchange spam prevention work?

    I have already posted a similar question on experts-exchange, but I know Petri.co.il is an authority on exchange server - I use your resources all the time!!

    Anyway, I was wondering if someone could explain exactly how exchange deals with spam prevention - namely RBL lists and reverse DNS checks.

    The reason I ask, is that a client of ours is working from a small office and uses BT Pop/smtp email for his companies correspondance - this is setup in Outlook 2003.

    They are having trouble sending email to a particular address - I have checked validity of the address using telnet and I know it is valid. In my explorations I have found that the company we work for has got their IP address (a dynamic one provided by their ISP - BT in this case) onto a couple of blacklists - as I understand it, with a dynamic IP, this can be becuase of direct spam, or because of spam being sent from ANY IP in the block that they have been assigned, or purely because it is a dynamic block - as email shouldnt be sent directly from a dynamic block.

    The problem is, I don't see why, if they are sending all mail through BTs SMTP servers, their IP should even be checked - surely if an exchange server is receiving email from BTs SMTP servers, it shouldn't be blocked...??

    So Im wondering if exchange does in fact block mail based on the originating IP - even if its being sent through a certified SMTP server - and if so doesnt this cause a massive issue - for example pretty much anyone who is a home-user and has their ISPs mail setup through Outlook, could be blacklisted purely because they are on a dynamic IP block!!

    I dont understand how this wouldn't cause massive issues of non-communication, and I wonder if anyone can explain/shed some light???

    Thanks in advance

    Dave
    David Silvester
    Systems Administrator

  • #2
    Re: How exactly does exchange spam prevention work?

    Exchange doesn't use either reverse DNS or blacklists as part of its antispam configuration.
    While Exchange can do reverse DNS lookups, it is unable to do anything with the results.
    Exchange can also be configured to use a blacklist, but that is separate to the antispam functionality of the product and has to be configured manually - it doesn't do it out of the box.

    Therefore the problem is unlikely to be the fact that you are on a dynamic IP address, particularly if you are routing email through another server.

    Furthermore, the kind of deep checking for the originating host is a fairly new thing and is only done by a few products, Exchange isn't going to do it, the antispam provision is very basic.

    The most likely cause of the message being blocked is due to the content.
    If you get an NDR that will help. No NDR, and it is almost certainly content based. If it was host based then the email should be rejected at the point of delivery.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: How exactly does exchange spam prevention work?

      You will find that alot of block lists block subnets that contain dynamic IP address's. I know SORBS and also SPAMHAUS use this practice. As already said Exchange doesnt do this natively and it must be configured. The same is true of rDNS. Exchange can do a reverse look up but it only appends the reverse record to the headers so by all intents the feature is fairly useless. Your issue is more than likely going to be upstream with the BT gateway that may be using some form of blocklist to check inbound mail. If you recieve an NDR that will more than likely give you a good indication of the issue.
      Additonally is Exchange "POPing" your email? If so why not get it changed over to SMTP as that would give you more granular control over your mail delivery.

      Comment


      • #4
        Re: How exactly does exchange spam prevention work?

        Thanks for the response, and sorry - I didnt read the NDR:

        [email protected] on Tue, 17 Aug 2010 11:00:59 +0100
        The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
        < xxx.btconnect.com #5.1.1 SMTP; 550-rejected because
        xxx.xxx.xxx.xxx is in a black list at>

        !! that pointed out the problem, it was the ISPs smtp server that was on a blacklist! I take it they will sort that sort of thing out themselves...???
        David Silvester
        Systems Administrator

        Comment


        • #5
          Re: How exactly does exchange spam prevention work?

          scurlaruntings thanks for the input - no exchange isnt pop'ing our email, in this scenario, we are actually on a standard pop/smtp setup - provided by our ISP.

          I prefer running things from exchange (more control).
          David Silvester
          Systems Administrator

          Comment


          • #6
            Re: How exactly does exchange spam prevention work?

            Originally posted by davids355 View Post
            Thanks for the response, and sorry - I didnt read the NDR:

            [email protected] on Tue, 17 Aug 2010 11:00:59 +0100
            The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
            < xxx.btconnect.com #5.1.1 SMTP; 550-rejected because
            xxx.xxx.xxx.xxx is in a black list at>

            !! that pointed out the problem, it was the ISPs smtp server that was on a blacklist! I take it they will sort that sort of thing out themselves...???
            Dont take it for granted that they will. But yes your right they'll have to get themselves delisted. Slightly off topic: i remember when Tiscali got blacklisted some years back. It was an absolutely nightmare for a number of clients i was supporting at the time.

            Comment


            • #7
              Re: How exactly does exchange spam prevention work?

              I suppose its obvious really, but I didnt think ISPs would get blacklisted - or that they would keep on top of it enough that people wouldn't notice...

              Its a nightmare really - obviously we have no control over it - I suppose that highlights one of the benefits from running exchange
              David Silvester
              Systems Administrator

              Comment


              • #8
                Re: How exactly does exchange spam prevention work?

                Originally posted by davids355 View Post
                I suppose its obvious really, but I didnt think ISPs would get blacklisted - or that they would keep on top of it enough that people wouldn't notice...

                Its a nightmare really - obviously we have no control over it - I suppose that highlights one of the benefits from running exchange
                Any mail server can be compromised including Exchange. The key to a good hardened messaging enviroment is the experience of the SA, "how" your messaging infrastructure is designed and deployed, and the policys in place to ensure risk's to the enviroment are dealt with swiftly before they become a known vulnerability. You would expect service providers to be on top of this but iv seen many ISP's compromised in my years of supporting Windows and Linux infrastructure(s)

                Comment


                • #9
                  Re: How exactly does exchange spam prevention work?

                  It's happened to us in the past with BT Smart Hosts being blacklisted. As I recall it got sorted within a couple of days, but it's worth a phone call to BT to at least make sure they are aware of the issue.
                  BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                  sigpic
                  Cruachan's Blog

                  Comment


                  • #10
                    Re: How exactly does exchange spam prevention work?

                    To be honest I cant bare to phone BT - its too hard finding someone that knows what they're talking about!! I think Il wait until tomorrow, if the problem persists, then Ill give them a call.

                    Thanks for all the help guys
                    David Silvester
                    Systems Administrator

                    Comment


                    • #11
                      Re: How exactly does exchange spam prevention work?

                      Originally posted by davids355 View Post
                      To be honest I cant bare to phone BT - its too hard finding someone that knows what they're talking about!!
                      Aye, they're not the best in general. We've had some rare arguments with them over the "routers" they supply for business broadband, which comes with 5 static IPs, 4 more than the routers can handle.
                      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                      sigpic
                      Cruachan's Blog

                      Comment

                      Working...
                      X