Pat
Thu Sep 18 17:18:08 CDT 2003
Does Exchange 03 improve upon this (spam blocking)? I thought I read that
it does.
"Mariette Knap [SBS MVP]" <mariette@smallbizserver.net> wrote in message
news:eZ3RC3ifDHA.2356@TK2MSFTNGP12.phx.gbl...
> In news:06eb01c37e27$401a5e00$a101280a@phx.gbl,
> darrin <none@none.com> wrote:
>
> > Recently I have noticed a lot of ISPs using reverse dns
> > lookups to block spammers.
>
> This is not a good idea at all. Just an example to explain this. I own
> several domains but only have one static IP address from my ISP and I
cannot
> get more or I have to choose Business DSL which is very expensive here.
With
> one IP address and multiple mail domains I can only have one PTR record
for
> one domain; I would need more static IP addresses and create for each
domain
> a PTR record to be able to serve a reverse lookup.
>
> > I know I can perform a reverse lookup in exchange
> > manager. But doesn't this just identify if it resolved
> > correctly or not? How do I set up my exchange server to
> > REJECT emails that don't resolve correctly.
>
> How to Use Reverse DNS Lookup
> -----------------------------
> If you are receiving messages directly from other domains on the Internet,
> you can configure your SMTP virtual server to perform a reverse DNS lookup
> on the incoming e-mail messages. This configuration makes sure that the
> sending e-mail messages server's IP address (and its fully qualified
domain
> name) matches the message sender's domain name. Reverse lookup helps to
> prevent address spoofing. However, reverse lookup adds an additional load
on
> your Exchange Server computer. See the "Troubleshooting" section for more
> information. This technique also requires that your Exchange Server
computer
> can contact the reverse lookup zones for the sending domain.
>
> NOTE: If you only configuring your SMTP virtual server to perform DNS
> reverse lookup, you do not block the non-matching domainname/ipaddress
> messages. The DNS reverse lookup will resolve the DNS name from the IP
> address and will replace the DNS name in the header with the name that
> resulted from the DNS reverse lookup.
>
> 1. Click Start, point to Programs, point to Microsoft Exchange, and then
> click System Manager.
> 2. In the left pane of Exchange System Manager, double-click Servers, and
> then expand the Exchange Server computer that you want to configure.
> 3. Expand Protocols, and then expand SMTP.
> 4. Right-click Default SMTP Virtual Server, and then click Properties.
> 5. To configure reverse DNS lookup on incoming messages, click the
Delivery
> tab.
> 6. Click the Advanced button, and then click the Perform reverse DNS
lookup
> on incoming messages check box.
> 7. Click OK, and then click OK.
>
> So, now you turned on reverse DNS lookup but it does not do anything
because
> the header is replaced with the result of the lookup. You need to write an
> OnArrival sink to effectively delete the mail before it enters the
Exchange
> Store. More information on OnArrival event sinks van be found on MSDN. A
> good example of an OnArrival sink which deletes all mail with the word
virus
> in it:
>
>
http://support.microsoft.com/default.aspx?scid=kb;en-us;313404
>
> I have written several event sinks which deletes all Blaster and Sobig
mails
> even before it hits the Exchange Store (very secure and safe)
>
> > I already block domains using exchange manager and the
> > rest with GFI MailEssentials. They both work great.
> > However, I would prefer to reject the emails that don't
> > resolve, too.
>
> GFI MailEssentials does practically everything you need. The only drawback
> is that you define only one DNSBL. ORF (www.vamsoft.com) is more flexible
> and offers better features IMHO. ORF can do reverse DNS lookup and block
the
> mail.
>
> --
> Mariette Knap [SBS MVP]
> www.smallbizserver.net
>
>