Implementing SPAM Block Lists In Microsoft Exchange 2003

Many companies spend hundreds, even thousands of dollars each year attempting to reduce or eliminate SPAM junk email from their inboxes and servers. If you are using a POP3 email provider you are more or less at their mercy of how Spam is handled.  Often this is a digital yes or no option meaning that you can either enable their Spam filtering or not. In most cases you do not have a choice of what filtering methods or systems are used.

Another issue one can encounter along the road to the elimination of Spam is with the many software applications on the market. You typically have options, too many in some cases for most computer users to understand, in the configuration of how effective the Spam filtering will be. Most default settings will help you reduce the Spam in your inbox, but turning the filtering up too much often results in what is called false positive errors meaning that some legitimate email gets filtered as Spam.

There is a dirty little secret in the Spam software business that you should be aware of. A lot of the companies selling you software to filter Spam rely on Spam lists that are available for free to the general public.

If you are a very small organization operating a couple computer workstations in a peer-to-peer environment there is not much you can do and you will most likely have to implement some locally installed software if you need to reduce the Spam you receive. However, if you are a company operating a client-server based network you should consider running your own email server, such as Microsoft Exchange. Running a email server like Microsoft Exchange in your network will give you more flexibility in implementing a Spam defense. Additionally, by implementing a centrally based server solution you will save time and money by not having to install and maintain separate solutions on all your networked computers.

Another benefit of running a server based filtering solution is you will not loose performance at the user workstation level.

This article assumes you are operating a Microsoft based network in a client server environment. I will be talking about Windows Small Business Server 2003, however this implementation also works for all the other Microsoft Windows Server 2003 platforms with Exchange Server 2003 and higher. UNIX and LINUX networks can also implement this Anti-Spam strategy, however we will focus on Microsoft networks because that’s what we do.

Microsoft Exchange Server 2003 and higher have the capability built-in to implement Real Time Block Lists, or RBL’s. There are other acronyms you should be aware of since the jargon is not standardized and some companies intermix them. MAPS for Mail Abuse Prevention System and SBL and XBL are others based on each of their block list generation processes.

We are going to use SPAMHAUS in this article because we like that they basically told the US court in their defense case with e360 Insight LLC to get screwed. e360 Insight LLC is a Spam/bulk mail company.

Before you begin you need to have a functioning Microsoft Exchange Server connected to the Internet. You must be able to send and receive email. You should then test that your domain is not listed in any of the Spam databases. You can test this via any of the online tools such as DNSstuff.com. You should also verify that you are not operating a open relay in your SMTP implementation. Open relays can lead to your server being used by Spammers to distribute bulk email and Spam. You should also consider tar pitting your SMTP server to make it less interesting to Spammers, see our article on tar pitting here.

Once you have verified that you are not operating a open relay and that you are not listed in any Spam databases you can begin the configuration process.

First you will need to select one of the Spam database such as SPAMHAUS, SPAMCop. You will need to set their DNS suffix information (for SPAMHAUS it is sbl-xbl.spamhaus.org for both their combined SBL and XBL zones) you enter this information in your Exchange Server’s global message delivery properties dialog. You can leave the return status code to the default settings.

After completing this configuration you will need to enable the connection filtering for each of your SMTP virtual servers. You do this under your servers virtual SMTP server general tab by clicking advanced then selecting the IP for the virtual SMTP server and then edit. Check the connection filtering checkbox and OK out of all the dialogs.

So how effective is this? I had typically received close to 600 Spam email messages per day. Now I receive under 200. Your results will vary. Keep in mind that if you, or users on your network, are online shopping and/or signing up for lots of newsletter subscriptions these messages will probably not get filtered since the US government protects the rights of bulk mailers and Spammers to send you as much junk mail as they want if you authorized them, or one of their affiliates, to do so.

The bottom line is this: Implementing one, or several, of the online Spam databases is a pretty simple configuration that you can make to your existing infrastructure for free. If you are not comfortable making system changes to your servers most IT consultants can do it for you for a one time fee. Once setup these services are maintained at the remote database level by the service and therefore are maintenance free.

Now go set it up and enjoy a inbox with less Spam.