RBL not blocking all the emails that is on the blacklist (Network Steve Forum)

RBL not blocking all the emails that is on the blacklist

Hello everyone,

I have zen.spamhaus.org setup on the edge server and it seems to be blocking a lot of spams. However, some emails is still passing through the blaklist even though on the test-ipblocklistprovider show that the IP is on the blacklist.

Please, see the email below that was supposed to be blocked but it was not:

2015-03-27T20:46:34.219Z,08D236728F26DC58,192.168.5.31:25,107.158.253.253:38235,107.158.253.253,<,NewConspiracyAlerts@info.getallthenew-conspiracyalerts.us,ConstitutionalProtectionAgency@getallthenew-conspiracyalerts.us;,goodman@nhautism.org,1,Content" style="font-family:Calibri, Arial, Helvetica, sans-serif;font-size:16px;line-height:normal;" target="_blank">myem@domain.com Filter Agent,OnEndOfData,AcceptMessage,,SCL,1,,a9765756-c29b-49ab-2014-08d236e63413,,Incoming

[PS] C:\>test-ipblocklistprovider zen.spamhaus.org -ipaddress 107.158.253.253

Provider                                ProviderResult                                                          Matched
--------                                --------------                                                          -------
zen.spamhaus.org                        {127.0.0.3}                                                                True

March 27th, 2015 5:29pm

Hello

tip: check log: C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\AgentLog

Free Windows Admin Tool Kit Click here and download it now

March 27th, 2015 6:09pm

Hi Sneeff_Gabor,

Actually, the information above was taken from the AgentLog, which show "AcceptMessage". However, on the test-ipblocklistprovider shows that the IP should have been blocked.

Thanks,

March 27th, 2015 7:19pm

Hi Flavio,

Please check if this IP address is included IP Allow list entry which is used by the Connection Filtering agent on Edge Transport servers:

Get-IPAllowListEntry -IPAddress 107.158.253.253

Best regards,

Free Windows Admin Tool Kit Click here and download it now

March 30th, 2015 5:07am

Hello Niko, I didn't setup ipallowlistentry neither ipallowlistprovider.

Please, see the example below where the same IP was blocked and was skipped by the ipblocklistprovider:

2015-03-31T03:03:46.962Z,08D236728F27FFA8,192.168.5.30:25,46.166.129.10:56627,46.166.129.10,,your.secret.lover@fhua10.silentideal.us,,john@mydomain.com,1,Connection Filtering Agent,OnRcptCommand,RejectCommand,"550 5.7.1 Recipient not authorized, your IP has been found on a block list",BlockListProvider,zen.spamhaus.org,,,,Undefined
2015-03-31T02:59:31.604Z,08D236728F27FF4D,192.168.5.30:25,46.166.129.10:60995,46.166.129.10,<your.secret.lover@fhua10.silentideal.us>,your.secret.lover@fhua10.silentideal.us,your.secret.lover@fhua10.silentideal.us;boby@mydomain.com,1,ContentFilter Agent,OnEndOfData,AcceptMessage,,SCL,5,,d06a45d3-f162-486d-2d79-08d23975d84a,,Incoming

March 30th, 2015 10:23am

Someone has an idea?

Free Windows Admin Tool Kit Click here and download it now

April 10th, 2015 7:08pm

This topic is archived. No further replies will be accepted.