exchangefreaks.com Forum Index
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Connection Filtering

 
Post new topic   Reply to topic    exchangefreaks.com Forum Index -> MS Exchange Admin
Author Message
John



Joined: 05 Aug 2007
Posts: 78
PostPosted: Tue Feb 26, 2008 5:41 pm    Post subject: Connection Filtering Reply with quote
zen.spamhaus.org is one of block list services that I'm using on my Exchange
2003 SP2. An email from IP 88.239.32.124 comes in to my junk mail folder
(note: I got the IP from email header). When I query the IP at
http://www.mxtoolbox.com/blacklists.aspx, it says that it's listed at
zen.spamhaus.org

I then issued the following command from my PC:
nslookup 124.32.239.88.zen.spamhaus.org

It times out. The second attempt, times out again. After the 4th or 5th
attempt, I got a result:

C:\>nslookup 124.32.239.88.zen.spamhaus.org
Server: WIN2003SRV1.ourdomain.com
Address: 192.168.2.11

Non-authoritative answer:
Name: 124.32.239.88.zen.spamhaus.org
Address: 127.0.0.10

Am I right to assume that the message got thru because Exchange connection
filtering fails to query DNSBL services? How can I speed things up? There
are quite a few messages that come from blacklisted IP addresses (at
zen.spamhaus.org) but they manage to get thru my connection filtering.

Archived from group: microsoft>public>exchange>admin
Back to top
View user's profile Send private message
Rich Matheisen [MVP]



Joined: 05 Aug 2007
Posts: 797
PostPosted: Wed Feb 27, 2008 1:50 am    Post subject: Re: Connection Filtering Reply with quote
"John" wrote:

[ snip ]

>Am I right to assume that the message got thru because Exchange connection
>filtering fails to query DNSBL services?

Yes. And that's a good thing, too. If it didn't "fail open" you'd
reject every connection -- good or bad.

>How can I speed things up?

Looking at the result you go from you DNS query I'd look at your DNS.
Here's what I got:

Non-authoritative answer:
Name: 124.32.239.88.zen.spamhaus.org
Addresses: 127.0.0.10, 127.0.0.4

>There
>are quite a few messages that come from blacklisted IP addresses (at
>zen.spamhaus.org) but they manage to get thru my connection filtering.

Either your DNS is borked or you've got connectivity problems. Restart
DNS and see if it makes a difference. If not, try using bitsy.mit.edu
in your NSLOOKUP and see if you still get timeouts.

--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
Back to top
View user's profile Send private message
John



Joined: 05 Aug 2007
Posts: 78
PostPosted: Wed Feb 27, 2008 2:15 pm    Post subject: Re: Connection Filtering Reply with quote
"Rich Matheisen [MVP]" wrote in message @4ax.com...
>
> Looking at the result you go from you DNS query I'd look at your DNS.

If I may ask you, what needs to be tweaked on my DNS? I have 2 IPs (ISP DNS)
in the forwarder list. (As far as I can remember) I didn't make any other
changes other than the default settings.

> Here's what I got:
>
> Non-authoritative answer:
> Name: 124.32.239.88.zen.spamhaus.org
> Addresses: 127.0.0.10, 127.0.0.4

Yes, I got the above result as well when I did another query today. Spamhaus
added a new entry. It's kinda weird because not all queries time out. Some
queries come back with a result almost instantly.

> If not, try using bitsy.mit.edu
> in your NSLOOKUP and see if you still get timeouts.

How do I do this? Also, can I tell Exchange box to use external DNS (instead
of my Win2003 DNS) for DNSBL queries?

Thanks much.
Back to top
View user's profile Send private message
Rich Matheisen [MVP]



Joined: 05 Aug 2007
Posts: 797
PostPosted: Thu Feb 28, 2008 1:43 am    Post subject: Re: Connection Filtering Reply with quote
"John" wrote:

>
>"Rich Matheisen [MVP]" wrote in message
>@4ax.com...
>>
>> Looking at the result you go from you DNS query I'd look at your DNS.
>
>If I may ask you, what needs to be tweaked on my DNS? I have 2 IPs (ISP DNS)
>in the forwarder list. (As far as I can remember) I didn't make any other
>changes other than the default settings.

Is there a reason you're using forwarders instead of doing your own
lookups? Using a forwarder means you have to wait on them to do the
work, which can lead to the timeouts.

[ snip ]

>> If not, try using bitsy.mit.edu
>> in your NSLOOKUP and see if you still get timeouts.
>
>How do I do this?

"server bitsy.mit.edu"

>Also, can I tell Exchange box to use external DNS (instead
>of my Win2003 DNS) for DNSBL queries?

DNS lookups normally don't take too long, but using a forwarder makes
you dependant on how well the forwarder is working. Using someone
elses DNS usually doesn't work because sensible DNS admins have turned
off recursive lookups on DNS servers exposed to the Internet. It's
also not nice to use services from someone else for DNS unless you ask
permission.

--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
Back to top
View user's profile Send private message
Display posts from previous:   
Related Topics:
Connection Filtering I'm using Exchange 2003 with the latest SPs. I've just enabled connection filtering. I'm using and services. I've also enabled Connection Filtering at the virtual SMTP service. I'm wondering how I can be su

Connection Filtering How do I configure my server to receive mail from only 1 host. I have an external spam firewall that processes all mail. Isn't it best to set the exchange server to receive only from it? I tried adding it to the accept from and then enabling connetion

Inconsistent connection (attempting to restore connection to I'm running Exchange 2003 SP2 and my users are experiencing inconsistent connection to the database server. Sometimes it will just say "Exchange has lost contact with the database" and then "attempting to restore connection". It eventually comes back but

Filtering rules Hello. I'm planning to install Exchange for a little office, but previously I would like to know if I can do the following. I would like that the e-mails received are automatically classified by the customer who sends it, something like an automatic rule

Filtering on header Hi, Since Exchange 2000, we've run email through a qmail router running Spamassassin before it hit the Exchange server. A Linux Edge Transport server if you will. And before you ask, yes it filters valid AD recipients. It's had an incredibly close to 100%
Post new topic   Reply to topic    exchangefreaks.com Forum Index -> MS Exchange Admin All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group