Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Blocking Spam Domains In Exchange 2000
Combatting Spam
Here's what you need to know about blocking Spam in Exchange 2000 I'll go over them in the following order:
1. The GUI
2. Bypassing the GUI using ADSIEdit (can it be done?)
3. Finding a good block-list
-------------------
1. The GUI
To set up domain blocking, open the Exchange System Manager and expand the Global Settings container. Get properties on Message Delivery and choose the Filtering tab. You can manually enter domains or user accounts that you want blocked using the Senders option. If you want to block all mail from, for example, "narstygurls.com" you would enter the string "@narstygurls.com". If you want to block mail from "venom@boyscoutcabal.net" you would just type in that address.
I would also advise blocking mail in which the sender (From
field is blank. There's an option (Filter messages with blank sender) on this screen for doing that.
In addition I would also suggest that you select the Accept messages without notifying sender of filtering option. The reason why is that most spammers use false reply addresses anyway, and your queue will end up being full of undeliverable NDR's if this option isn't selected. These NDR's in the outbound queue often fool inexperienced admins into thinking their servers are being used as relays when, in fact, they are not, so keep an eye on this setting.
But there are easier ways to enter all the domains you'd want to block, and I'll show you how to do this now.
----------------
Bypassing the GUI
Rather than typing the hundreds of addresses in to the GUI individually, it would be best to be able to paste a whole list in.
**** You were able to do this in Exchange 5.5, but it may be more difficult, if not impossible in Exchange 2000. I've been told that one can do the following, but I haven't been able to myself:
Supposedly, to paste the block list, you will need to use ADSIEdit and find the following attribute, then paste the list into the Value field.
ms-Exch-Turf-List-Names Attribute
Attribute Value
adminDescription ms-Exch-Turf-List-Names
adminDisplayName ms-Exch-Turf-List-Names
attributeID 1.2.840.113556.1.4.7000.102.12534
attributeSyntax 2.5.5.12
isMemberOfPartialAttributeSet FALSE
isSingleValued FALSE
lDAPDisplayName msExchTurfListNames
cn ms-Exch-Turf-List-Names
oMSyntax 64
objectCategory CN=Attribute-Schema,<SchemaContainerDN>
objectClass attributeSchema
schemaIdGuid oG2DCyA70xGqbwDAT47t2A==
searchFlags 0
---------------------------
In addition, if you manually enter a name into the GUI and then search using ADSIEdit for the data that you inserted, you will find it in a different location: Configuation Container - Cn=Global settings - Cn=Message Delivery. You can enter addresses one-by-one there, but you can't paste in a whole list. Sorry.
---------------------------
For a good block-list you can check thread10-203769 for a list to copy or go to the black list that Shane Scanlon put together at http://www.msu.edu/~scanlon3/spam_black_list.txt
For a good real-time spam-blocking tool, I recommend IHateSpam, which Sunbelt Software sells. I think they have a trial version available.
Hope this was helpful.
ShackDaddy
1. The GUI
2. Bypassing the GUI using ADSIEdit (can it be done?)
3. Finding a good block-list
-------------------
1. The GUI
To set up domain blocking, open the Exchange System Manager and expand the Global Settings container. Get properties on Message Delivery and choose the Filtering tab. You can manually enter domains or user accounts that you want blocked using the Senders option. If you want to block all mail from, for example, "narstygurls.com" you would enter the string "@narstygurls.com". If you want to block mail from "venom@boyscoutcabal.net" you would just type in that address.
I would also advise blocking mail in which the sender (From
field is blank. There's an option (Filter messages with blank sender) on this screen for doing that.In addition I would also suggest that you select the Accept messages without notifying sender of filtering option. The reason why is that most spammers use false reply addresses anyway, and your queue will end up being full of undeliverable NDR's if this option isn't selected. These NDR's in the outbound queue often fool inexperienced admins into thinking their servers are being used as relays when, in fact, they are not, so keep an eye on this setting.
But there are easier ways to enter all the domains you'd want to block, and I'll show you how to do this now.
----------------
Bypassing the GUI
Rather than typing the hundreds of addresses in to the GUI individually, it would be best to be able to paste a whole list in.
**** You were able to do this in Exchange 5.5, but it may be more difficult, if not impossible in Exchange 2000. I've been told that one can do the following, but I haven't been able to myself:
Supposedly, to paste the block list, you will need to use ADSIEdit and find the following attribute, then paste the list into the Value field.
ms-Exch-Turf-List-Names Attribute
Attribute Value
adminDescription ms-Exch-Turf-List-Names
adminDisplayName ms-Exch-Turf-List-Names
attributeID 1.2.840.113556.1.4.7000.102.12534
attributeSyntax 2.5.5.12
isMemberOfPartialAttributeSet FALSE
isSingleValued FALSE
lDAPDisplayName msExchTurfListNames
cn ms-Exch-Turf-List-Names
oMSyntax 64
objectCategory CN=Attribute-Schema,<SchemaContainerDN>
objectClass attributeSchema
schemaIdGuid oG2DCyA70xGqbwDAT47t2A==
searchFlags 0
---------------------------
In addition, if you manually enter a name into the GUI and then search using ADSIEdit for the data that you inserted, you will find it in a different location: Configuation Container - Cn=Global settings - Cn=Message Delivery. You can enter addresses one-by-one there, but you can't paste in a whole list. Sorry.
---------------------------
For a good block-list you can check thread10-203769 for a list to copy or go to the black list that Shane Scanlon put together at http://www.msu.edu/~scanlon3/spam_black_list.txt
For a good real-time spam-blocking tool, I recommend IHateSpam, which Sunbelt Software sells. I think they have a trial version available.
Hope this was helpful.
ShackDaddy