Archive or log for RBL

Hi,
is there a solution to have a log file or an archive folder for all msg that 
are dropped by my RBL?
For me is interesting to know who was reject and better to have a specific 
archive folder to store these msg, like for MIF.

Thanks in advance for your help

djx 


0
djx
10/17/2006 7:25:18 PM
exchange.admin 57650 articles. 2 followers. Follow

24 Replies
741 Views

Similar Articles

[PageSpeed] 8

On Tue, 17 Oct 2006 21:25:18 +0200, "djx" <djx@_fastwebnet_.it> wrote:

>Hi,
>is there a solution to have a log file or an archive folder for all msg that 
>are dropped by my RBL?
>For me is interesting to know who was reject and better to have a specific 
>archive folder to store these msg, like for MIF.
>
>Thanks in advance for your help
>
>djx 
>

But why on earth would you want to know about a message that an RBL
provider has told Exchange to dump?
I can understand wanting to archive the IMF for a while as you test
for levels but the RBL? Not so much.
0
mark7219 (5666)
10/17/2006 8:05:53 PM
There's no specific log for Connection Filtering or RBLs. Messages from 
those hosts that are listed on RBLs are never accepted, so these cannot be 
archived as such.

In SMTP logs, you may see these connections with a HELO, MAIL, and RCPT 
commands, but no DATA. Look for entries with RCPT command followed by status 
code 550. (Looks something like this: "RCPT - +to:foo@somedomain.net  550" - 
depending on what fields you're logging). Unfortunately, enhanced status 
codes (e.g. 5.7.1 when blocked by RBL lookup) aren't logged in the SMTP log 
afaik, nor in the Application event log with logging for MSExchangeTransport 
bumped up to max.

Ideally if the complete SMTP response (e.g.: 550 5.7.1 172.31.1.80 has been 
blocked by MyRBLName) by your server was logged in the SMTP log  - given 
that you can have different responses for each RBL you configure in 
Exchange - you could easily trace which RBL blocked which IP address.
-- 
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"djx" <djx@_fastwebnet_.it> wrote in message 
news:y6aZg.539$fE3.249@tornado.fastwebnet.it...
> Hi,
> is there a solution to have a log file or an archive folder for all msg 
> that are dropped by my RBL?
> For me is interesting to know who was reject and better to have a specific 
> archive folder to store these msg, like for MIF.
>
> Thanks in advance for your help
>
> djx
> 


0
bharatsuneja1 (3146)
10/17/2006 8:17:41 PM
On Tue, 17 Oct 2006 21:05:53 +0100, "Mark Arnold [MVP]"
<mark@mvps.org> wrote:

>On Tue, 17 Oct 2006 21:25:18 +0200, "djx" <djx@_fastwebnet_.it> wrote:
>
>>Hi,
>>is there a solution to have a log file or an archive folder for all msg that 
>>are dropped by my RBL?
>>For me is interesting to know who was reject and better to have a specific 
>>archive folder to store these msg, like for MIF.
>>
>>Thanks in advance for your help
>>
>>djx 
>>
>
>But why on earth would you want to know about a message that an RBL
>provider has told Exchange to dump?
>I can understand wanting to archive the IMF for a while as you test
>for levels but the RBL? Not so much.


Perhaps worried about the legitimate mail he is probably dropping. :P 

0
adavid (8731)
10/17/2006 8:18:24 PM
It'd be nice to have complete logging or at least enhanced status codes 
logged in SMTP log (which are sadly missing now, afaik)..... makes it easier 
to figure out if a legitimate sender's IP address was in fact being blocked 
by a particular RBL - you can then add that IP address to the Global Accept 
List.

-- 
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"Mark Arnold [MVP]" <mark@mvps.org> wrote in message 
news:brdaj2ha9au91aqu74qi82t9jjnjpn60k7@4ax.com...
> On Tue, 17 Oct 2006 21:25:18 +0200, "djx" <djx@_fastwebnet_.it> wrote:
>
>>Hi,
>>is there a solution to have a log file or an archive folder for all msg 
>>that
>>are dropped by my RBL?
>>For me is interesting to know who was reject and better to have a specific
>>archive folder to store these msg, like for MIF.
>>
>>Thanks in advance for your help
>>
>>djx
>>
>
> But why on earth would you want to know about a message that an RBL
> provider has told Exchange to dump?
> I can understand wanting to archive the IMF for a while as you test
> for levels but the RBL? Not so much. 


0
bharatsuneja1 (3146)
10/17/2006 8:21:22 PM
"Andy David - MVP" <adavid@pleasekeepinngcheesebucket.com> wrote in message 
news:3jeaj2hkg7bavh1loqhpm5tubvk2f36i7l@4ax.com...

> On Tue, 17 Oct 2006 21:05:53 +0100, "
> Perhaps worried about the legitimate mail he is probably dropping. :P

Yes for this reason. Soemtime happend that same free provider enter in RBL 
list and these account can be dropped.
It is strange that Echange 2003 do not permit to log (and store) these mail 
if necessary.

bye


0
djx
10/17/2006 8:24:50 PM
On Tue, 17 Oct 2006 13:21:22 -0700, "Bharat Suneja [MVP]"
<bharatsuneja@no.spam.org> wrote:

>It'd be nice to have complete logging or at least enhanced status codes 
>logged in SMTP log (which are sadly missing now, afaik)..... makes it easier 
>to figure out if a legitimate sender's IP address was in fact being blocked 
>by a particular RBL - you can then add that IP address to the Global Accept 
>List.


Better yet, do not drop mail simply because an ip is on a RBL and for
gosh sakes, do this at the gateway and not at the Exch Server level.
0
adavid (8731)
10/17/2006 8:26:40 PM
- Good RBLs do reduce a huge amount of spam from each connection blocked, 
imho. :P
- What if Exchange is the gateway - as it is for many folks... ?

-- 
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"Andy David - MVP" <adavid@pleasekeepinngcheesebucket.com> wrote in message 
news:92faj2tcfkv3jg1lqlr91ovjldkg28kg0j@4ax.com...
> On Tue, 17 Oct 2006 13:21:22 -0700, "Bharat Suneja [MVP]"
> <bharatsuneja@no.spam.org> wrote:
>
>>It'd be nice to have complete logging or at least enhanced status codes
>>logged in SMTP log (which are sadly missing now, afaik)..... makes it 
>>easier
>>to figure out if a legitimate sender's IP address was in fact being 
>>blocked
>>by a particular RBL - you can then add that IP address to the Global 
>>Accept
>>List.
>
>
> Better yet, do not drop mail simply because an ip is on a RBL and for
> gosh sakes, do this at the gateway and not at the Exch Server level. 


0
bharatsuneja1 (3146)
10/17/2006 8:30:25 PM
On Tue, 17 Oct 2006 13:30:25 -0700, "Bharat Suneja [MVP]"
<bharatsuneja@no.spam.org> wrote:

>- Good RBLs do reduce a huge amount of spam from each connection blocked, 
>imho. :P
>- What if Exchange is the gateway - as it is for many folks... ?

I think thats a mistake :) 
Even a small shop can use a workstation with IIS SMTP or something
equivalent. 
0
adavid (8731)
10/17/2006 8:36:02 PM
Much as I'd like to see that happen... besides the hw and Windows server 
licensing... it's one more box to manage, not the preferred solution in most 
small shops. One reason I love virtualization....
-- 
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"Andy David - MVP" <adavid@pleasekeepinngcheesebucket.com> wrote in message 
news:eifaj29slknovls15p9dc30qep6j0dghbo@4ax.com...
> On Tue, 17 Oct 2006 13:30:25 -0700, "Bharat Suneja [MVP]"
> <bharatsuneja@no.spam.org> wrote:
>
>>- Good RBLs do reduce a huge amount of spam from each connection blocked,
>>imho. :P
>>- What if Exchange is the gateway - as it is for many folks... ?
>
> I think thats a mistake :)
> Even a small shop can use a workstation with IIS SMTP or something
> equivalent. 


0
bharatsuneja1 (3146)
10/17/2006 10:07:01 PM
"Mark Arnold [MVP]" <mark@mvps.org> wrote:

					[ snip ]

>But why on earth would you want to know about a message that an RBL
>provider has told Exchange to dump?

Because RBL's don't distinguish between ham and spam?

RBL's are more of a policy decision rather ("we will not accept *any*
e-mail, spam or ham, from this IP address") than a spam detection
mechanism (which examines the contents of the message). They're really
just a more convenient way of refusing connections from certain IP
addresses than entering the IP addresses one-by-one into the
Connection Control part of each SMTP Virtual Server.

>I can understand wanting to archive the IMF for a while as you test
>for levels but the RBL? Not so much.

As much as I don't like the IMF, I dislike using RBLs as a
"accept/deny" decision maker. They're not very good a blocking spam,
but they're excellent at repelling everything from an IP address.

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
0
richnews (7316)
10/17/2006 11:44:12 PM
Andy David - MVP <adavid@pleasekeepinngcheesebucket.com> wrote:

>On Tue, 17 Oct 2006 13:21:22 -0700, "Bharat Suneja [MVP]"
><bharatsuneja@no.spam.org> wrote:
>
>>It'd be nice to have complete logging or at least enhanced status codes 
>>logged in SMTP log (which are sadly missing now, afaik)..... makes it easier 
>>to figure out if a legitimate sender's IP address was in fact being blocked 
>>by a particular RBL - you can then add that IP address to the Global Accept 
>>List.
>
>
>Better yet, do not drop mail simply because an ip is on a RBL and for
>gosh sakes, do this at the gateway and not at the Exch Server level.

Amen.

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
0
richnews (7316)
10/17/2006 11:45:08 PM
"Bharat Suneja [MVP]" <bharatsuneja@no.spam.org> wrote:

>- Good RBLs do reduce a huge amount of spam from each connection blocked, 
>imho. :P

No, they reduce the number of IP addresses fro which you'll accept a
connection. They make no distinction between ham and spam from the
same address.

>- What if Exchange is the gateway - as it is for many folks... ?

Then call it what it is -- a policy to refuse connections, not an
anti-spam tool.

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
0
richnews (7316)
10/17/2006 11:47:01 PM
"Bharat Suneja [MVP]" <bharatsuneja@no.spam.org> wrote:

>There's no specific log for Connection Filtering or RBLs. Messages from 
>those hosts that are listed on RBLs are never accepted, so these cannot be 
>archived as such.
>
>In SMTP logs, you may see these connections with a HELO, MAIL, and RCPT 
>commands, but no DATA. Look for entries with RCPT command followed by status 
>code 550. (Looks something like this: "RCPT - +to:foo@somedomain.net  550" - 
>depending on what fields you're logging). Unfortunately, enhanced status 
>codes (e.g. 5.7.1 when blocked by RBL lookup) aren't logged in the SMTP log 
>afaik, nor in the Application event log with logging for MSExchangeTransport 
>bumped up to max.
>
>Ideally if the complete SMTP response (e.g.: 550 5.7.1 172.31.1.80 has been 
>blocked by MyRBLName) by your server was logged in the SMTP log  - given 
>that you can have different responses for each RBL you configure in 
>Exchange - you could easily trace which RBL blocked which IP address.

If you're intent on using DNS RBL's then use something like ORF
(http://www.vamsodt.com/orf) that does log that information.

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
0
richnews (7316)
10/17/2006 11:49:43 PM
>They're really
>just a more convenient way of refusing connections from certain IP
>addresses than entering the IP addresses one-by-one into the
>Connection Control part of each SMTP Virtual Server.

Sort of. With one minor difference - SMTP Virtual Server's Connection 
Control immediately terminates the connection, as does Connection Filtering 
when using the Global Deny list.

When using RBLs as the filtering mechanism, it doesn't. Exchange waits for 
the RCPT TO command before denying the message - the connection stays alive. 
If the recipient in RCPT TO is on the exception list (e.g. postmaster@), 
message is accepted.
-- 
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM> wrote in message 
news:a6qaj2phnl9q90qshbu46a0m098ielm5g1@4ax.com...
> "Mark Arnold [MVP]" <mark@mvps.org> wrote:
>
> [ snip ]
>
>>But why on earth would you want to know about a message that an RBL
>>provider has told Exchange to dump?
>
> Because RBL's don't distinguish between ham and spam?
>
> RBL's are more of a policy decision rather ("we will not accept *any*
> e-mail, spam or ham, from this IP address") than a spam detection
> mechanism (which examines the contents of the message). They're really
> just a more convenient way of refusing connections from certain IP
> addresses than entering the IP addresses one-by-one into the
> Connection Control part of each SMTP Virtual Server.
>
>>I can understand wanting to archive the IMF for a while as you test
>>for levels but the RBL? Not so much.
>
> As much as I don't like the IMF, I dislike using RBLs as a
> "accept/deny" decision maker. They're not very good a blocking spam,
> but they're excellent at repelling everything from an IP address.
>
> -- 
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
> Don't send mail to this address mailto:h.pott@getronics.com
> Or to these, either: mailto:h.pott@pinkroccade.com 
> mailto:melvin.mcphucknuckle@getronics.com 
> mailto:melvin.mcphucknuckle@pinkroccade.com 


0
bharat3597 (1006)
10/18/2006 2:04:00 PM
> Then call it what it is -- a policy to refuse connections, not an
> anti-spam tool.

Somewhat agree. The reason for stopping these connections - they're 
determined as originators of spam in some form or fashion by the 
organization maintaining that list. The question to ask is do you trust that 
org/list enough to actually block connections, just like you trust a CA to 
issue certificates. Some do a darn good job, imo, while others shouldn't be 
in this business (or otherwise providing such a service, even if on a 
non-profit basis).

Nevertheless, the fact remains that every 
rogue/bad/spammer-controlled/compromised IP address blocked can potentially 
block 10s/100s/1000s of messages which the subsequent layers of 
protection/"messaging hygiene" do not need to process.
-- 
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM> wrote in message 
news:8oqaj29a5snio3jdspqread4nabt10ld68@4ax.com...
> "Bharat Suneja [MVP]" <bharatsuneja@no.spam.org> wrote:
>
>>- Good RBLs do reduce a huge amount of spam from each connection blocked,
>>imho. :P
>
> No, they reduce the number of IP addresses fro which you'll accept a
> connection. They make no distinction between ham and spam from the
> same address.
>
>>- What if Exchange is the gateway - as it is for many folks... ?
>
> Then call it what it is -- a policy to refuse connections, not an
> anti-spam tool.
>
> -- 
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
> Don't send mail to this address mailto:h.pott@getronics.com
> Or to these, either: mailto:h.pott@pinkroccade.com 
> mailto:melvin.mcphucknuckle@getronics.com 
> mailto:melvin.mcphucknuckle@pinkroccade.com 


0
bharat3597 (1006)
10/18/2006 2:10:05 PM
"Bharat Suneja [MVP]" <bharat@nospam.org> wrote:

>> Then call it what it is -- a policy to refuse connections, not an
>> anti-spam tool.
>
>Somewhat agree. The reason for stopping these connections - they're 
>determined as originators of spam in some form or fashion by the 
>organization maintaining that list. 

They're also used to "punish" ISPs and network operators that don't
bend to the opinion of the RBL maintainers.

>The question to ask is do you trust that 
>org/list enough to actually block connections, just like you trust a CA to 
>issue certificates. 

No, I don't. I trust them to have an opinion, but I don't truat them
to have the final say in what IP addresses are allowed to send e-mail
to me.

>Some do a darn good job, 

Show me one that doesn't generate a lot of false-positive errors. Show
me how you measured the effectiveness of the RBL. Simply reducing the
amount of junk e-mail that people complain about isn't a good measure
becasue it ignores the stuff that people don't complain about and,
because you never accept ANY mail from a given IP address you'll never
know what ham you didn't receive.

I think that you'll find that DNS RBLs are less than 50% effective at
blocking spam. And I think you'll find that the false-positive rate is
in the double-digits.

>imo, while others shouldn't be 
>in this business (or otherwise providing such a service, even if on a 
>non-profit basis).
>
>Nevertheless, the fact remains that every 
>rogue/bad/spammer-controlled/compromised IP address blocked can potentially 
>block 10s/100s/1000s of messages which the subsequent layers of 
>protection/"messaging hygiene" do not need to process.

Sure . . . and they do the same to /everything/ from those same IP
addresses. As i said, RBLs are just a more conveniet way of connection
blocking than adding individual IPs to Exchange's SMTP Virtual Server.
You are effectively giving someone you don't know decision making
power over your business. They get to make the policy, you don't.

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
0
richnews (7316)
10/18/2006 3:59:12 PM
"Bharat Suneja [MVP]" <bharat@nospam.org> wrote:

>>They're really
>>just a more convenient way of refusing connections from certain IP
>>addresses than entering the IP addresses one-by-one into the
>>Connection Control part of each SMTP Virtual Server.
>
>Sort of. With one minor difference - SMTP Virtual Server's Connection 
>Control immediately terminates the connection, as does Connection Filtering 
>when using the Global Deny list.
>
>When using RBLs as the filtering mechanism, it doesn't. Exchange waits for 
>the RCPT TO command before denying the message - the connection stays alive. 
>If the recipient in RCPT TO is on the exception list (e.g. postmaster@), 
>message is accepted.

If you're not going to accept any of the mail from that IP address,
why bother going to the trouble of accepting those commands in the
first place?

White listing certainly has its place, but how many addresses can you
add to the Exchange white list? And how do you know what those
addresses are if you never accept any mail (ham or spam) from them in
the first place? Are you reporting on the addresses that are rejected?
To whom? How many a day are there?

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
0
richnews (7316)
10/18/2006 4:10:01 PM
> If you're not going to accept any of the mail from that IP address,
> why bother going to the trouble of accepting those commands in the
> first place?

So messages to email addresses on the exemption list can be accepted - e.g. 
postmaster. If a host is wrongly listed on a particular RBL, the postmaster 
account in your domain can still be contacted, which enables notification in 
such cases.
-- 
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM> wrote in message 
news:5rjcj2drj3fc6at3fv6aeoi2gb8evpp8u1@4ax.com...
> "Bharat Suneja [MVP]" <bharat@nospam.org> wrote:
>
>>>They're really
>>>just a more convenient way of refusing connections from certain IP
>>>addresses than entering the IP addresses one-by-one into the
>>>Connection Control part of each SMTP Virtual Server.
>>
>>Sort of. With one minor difference - SMTP Virtual Server's Connection
>>Control immediately terminates the connection, as does Connection 
>>Filtering
>>when using the Global Deny list.
>>
>>When using RBLs as the filtering mechanism, it doesn't. Exchange waits for
>>the RCPT TO command before denying the message - the connection stays 
>>alive.
>>If the recipient in RCPT TO is on the exception list (e.g. postmaster@),
>>message is accepted.
>
> If you're not going to accept any of the mail from that IP address,
> why bother going to the trouble of accepting those commands in the
> first place?
>
> White listing certainly has its place, but how many addresses can you
> add to the Exchange white list? And how do you know what those
> addresses are if you never accept any mail (ham or spam) from them in
> the first place? Are you reporting on the addresses that are rejected?
> To whom? How many a day are there?
>
> -- 
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
> Don't send mail to this address mailto:h.pott@getronics.com
> Or to these, either: mailto:h.pott@pinkroccade.com 
> mailto:melvin.mcphucknuckle@getronics.com 
> mailto:melvin.mcphucknuckle@pinkroccade.com 


0
bharatsuneja1 (3146)
10/18/2006 5:00:39 PM
"Bharat Suneja [MVP]" <bharatsuneja@no.spam.org> wrote:

>> If you're not going to accept any of the mail from that IP address,
>> why bother going to the trouble of accepting those commands in the
>> first place?
>
>So messages to email addresses on the exemption list can be accepted - e.g. 
>postmaster. If a host is wrongly listed on a particular RBL, the postmaster 
>account in your domain can still be contacted, which enables notification in 
>such cases.

Do you put that much information into the 550 status that anyone would
know to send a message to the postmaster? From experience, i can tell
you that most messages to that account go unacknowledged, unread, or
unanswered.

Using a free e-mail account to make contact works as well.

But none of this changes the fact that DNS RBLs are a bad way to
control spam -- because they're all about controlling what IP
addresses are prevented from sending you e-mail, not about controlling
content.

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
0
richnews (7316)
10/18/2006 6:54:46 PM
Rich,

I agree to disagree with you on that and end the debate here... . :)

After having strongly opposed the use of RBLs all these years, I'm now a 
strong proponent of RBLs/DNSBLs and services like IP reputation - given the 
amount of spam these stop.

- Yes, the postmaster account does go ignored in a lot of organizations - 
perhaps these don't take their email seriously.
- I've yet to  come across an instance where someone was listed in a 
good/trustworthy RBL without reason. Protecting your IP addresses and mail 
hosts is your job - if they end up in a RBL - which they may even if you do 
not filter mail based on RBLs yourself - you should work on getting (your IP 
addresses) removed. Yes, it's a pain to do that at times.
- RBLs by themselves aren't the solution to the spam problem, just part of a 
multi-layered solution.
-- 
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM> wrote in message 
news:krtcj294vgjddtqdn4htn7jophr8qmi25b@4ax.com...
> "Bharat Suneja [MVP]" <bharatsuneja@no.spam.org> wrote:
>
>>> If you're not going to accept any of the mail from that IP address,
>>> why bother going to the trouble of accepting those commands in the
>>> first place?
>>
>>So messages to email addresses on the exemption list can be accepted - 
>>e.g.
>>postmaster. If a host is wrongly listed on a particular RBL, the 
>>postmaster
>>account in your domain can still be contacted, which enables notification 
>>in
>>such cases.
>
> Do you put that much information into the 550 status that anyone would
> know to send a message to the postmaster? From experience, i can tell
> you that most messages to that account go unacknowledged, unread, or
> unanswered.
>
> Using a free e-mail account to make contact works as well.
>
> But none of this changes the fact that DNS RBLs are a bad way to
> control spam -- because they're all about controlling what IP
> addresses are prevented from sending you e-mail, not about controlling
> content.
>
> -- 
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
> Don't send mail to this address mailto:h.pott@getronics.com
> Or to these, either: mailto:h.pott@pinkroccade.com 
> mailto:melvin.mcphucknuckle@getronics.com 
> mailto:melvin.mcphucknuckle@pinkroccade.com 


0
bharatsuneja1 (3146)
10/18/2006 7:20:20 PM
On Wed, 18 Oct 2006 12:20:20 -0700, "Bharat Suneja [MVP]"
<bharatsuneja@no.spam.org> wrote:

>Rich,
>
>I agree to disagree with you on that and end the debate here... . :)
>
>After having strongly opposed the use of RBLs all these years, I'm now a 
>strong proponent of RBLs/DNSBLs and services like IP reputation - given the 
>amount of spam these stop.
>
>- Yes, the postmaster account does go ignored in a lot of organizations - 
>perhaps these don't take their email seriously.
>- I've yet to  come across an instance where someone was listed in a 
>good/trustworthy RBL without reason. Protecting your IP addresses and mail 
>hosts is your job - if they end up in a RBL - which they may even if you do 
>not filter mail based on RBLs yourself - you should work on getting (your IP 
>addresses) removed. Yes, it's a pain to do that at times.
>- RBLs by themselves aren't the solution to the spam problem, just part of a 
>multi-layered solution.


I've worked at legitimate large and small orgs that have all been
listed incorrectly at one time or another on a "good" RBL for a
variety of reasons that had nothing to with us sending SPAM.


http://www.nytimes.com/2006/10/16/technology/16spam.html?_r=1&ref=business&oref=slogin
"Defending a Blurred Line: Is It Spam or Just a Company Marketing by
E-Mail? "

0
adavid (8731)
10/18/2006 7:29:15 PM
"Bharat Suneja [MVP]" <bharatsuneja@no.spam.org> wrote:

>I agree to disagree with you on that and end the debate here... . :)

Okay.

>After having strongly opposed the use of RBLs all these years, I'm now a 
>strong proponent of RBLs/DNSBLs and services like IP reputation - given the 
>amount of spam these stop.

Well, as long as you admit you're wrong . . . ;-)

>- Yes, the postmaster account does go ignored in a lot of organizations - 
>perhaps these don't take their email seriously.
>- I've yet to  come across an instance where someone was listed in a 
>good/trustworthy RBL without reason. 

How would you know? What are "good/trustworthy" RBL's? How do you know
when they become "bad/untrustworthy" RBLs? Do they send an e-mail to
everyone (that was a joke!) to inform them of a change in policy?

>Protecting your IP addresses and mail 
>hosts is your job - if they end up in a RBL - which they may even if you do 
>not filter mail based on RBLs yourself - you should work on getting (your IP 
>addresses) removed. Yes, it's a pain to do that at times.

Dealt with SpamCop much? How about Sorbs? RBL's that list aDSL or
"dynamic" IP ranges? RBL's that list IP networks for entire countries?
Even previously responsible RBLs like CBL (included in
xbl.spamhaus.org) have a political bent these days. Let's not speak of
SORBS.

Did you ever use Osirusoft's RBL? What fun when that nutcase decided
to leave the RBL in operation and answered /every/ query with
127.0.0.2!

>- RBLs by themselves aren't the solution to the spam problem, just part of a 
>multi-layered solution.

If this were the mid-1990's, or even 2000-2001 I might agree with you.
But not today. RBLs can only safely be used if you consider them as a
part of your assessment of an individual e-mail's spamminess.

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
0
richnews (7316)
10/18/2006 8:55:12 PM
On Wed, 18 Oct 2006 16:55:12 -0400, "Rich Matheisen [MVP]"
<richnews@rmcons.com.NOSPAM.COM> wrote:

>"Bharat Suneja [MVP]" <bharatsuneja@no.spam.org> wrote:
>
>>I agree to disagree with you on that and end the debate here... . :)
>
>Okay.
>
>>After having strongly opposed the use of RBLs all these years, I'm now a 
>>strong proponent of RBLs/DNSBLs and services like IP reputation - given the 
>>amount of spam these stop.
>
>Well, as long as you admit you're wrong . . . ;-)
>
>>- Yes, the postmaster account does go ignored in a lot of organizations - 
>>perhaps these don't take their email seriously.
>>- I've yet to  come across an instance where someone was listed in a 
>>good/trustworthy RBL without reason. 
>
>How would you know? What are "good/trustworthy" RBL's? How do you know
>when they become "bad/untrustworthy" RBLs? Do they send an e-mail to
>everyone (that was a joke!) to inform them of a change in policy?
>
>>Protecting your IP addresses and mail 
>>hosts is your job - if they end up in a RBL - which they may even if you do 
>>not filter mail based on RBLs yourself - you should work on getting (your IP 
>>addresses) removed. Yes, it's a pain to do that at times.
>
>Dealt with SpamCop much? How about Sorbs? RBL's that list aDSL or
>"dynamic" IP ranges? RBL's that list IP networks for entire countries?
>Even previously responsible RBLs like CBL (included in
>xbl.spamhaus.org) have a political bent these days. Let's not speak of
>SORBS.

A good way to prevent receiving *any* mail is to use Spamcop!   :P



>
>Did you ever use Osirusoft's RBL? What fun when that nutcase decided
>to leave the RBL in operation and answered /every/ query with
>127.0.0.2!
>
>>- RBLs by themselves aren't the solution to the spam problem, just part of a 
>>multi-layered solution.
>
>If this were the mid-1990's, or even 2000-2001 I might agree with you.
>But not today. RBLs can only safely be used if you consider them as a
>part of your assessment of an individual e-mail's spamminess.
0
adavid (8731)
10/18/2006 9:00:45 PM
Used Spamcop briefly, but stopped using it when I found it was blocking some 
legit stuff.
Spamhaus has been great - no complaints!
-- 
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM> wrote in message 
news:c64dj2tk0iosl8rmtc8rhiql714fls45b2@4ax.com...
> "Bharat Suneja [MVP]" <bharatsuneja@no.spam.org> wrote:
>
>>I agree to disagree with you on that and end the debate here... . :)
>
> Okay.
>
>>After having strongly opposed the use of RBLs all these years, I'm now a
>>strong proponent of RBLs/DNSBLs and services like IP reputation - given 
>>the
>>amount of spam these stop.
>
> Well, as long as you admit you're wrong . . . ;-)
>
>>- Yes, the postmaster account does go ignored in a lot of organizations -
>>perhaps these don't take their email seriously.
>>- I've yet to  come across an instance where someone was listed in a
>>good/trustworthy RBL without reason.
>
> How would you know? What are "good/trustworthy" RBL's? How do you know
> when they become "bad/untrustworthy" RBLs? Do they send an e-mail to
> everyone (that was a joke!) to inform them of a change in policy?
>
>>Protecting your IP addresses and mail
>>hosts is your job - if they end up in a RBL - which they may even if you 
>>do
>>not filter mail based on RBLs yourself - you should work on getting (your 
>>IP
>>addresses) removed. Yes, it's a pain to do that at times.
>
> Dealt with SpamCop much? How about Sorbs? RBL's that list aDSL or
> "dynamic" IP ranges? RBL's that list IP networks for entire countries?
> Even previously responsible RBLs like CBL (included in
> xbl.spamhaus.org) have a political bent these days. Let's not speak of
> SORBS.
>
> Did you ever use Osirusoft's RBL? What fun when that nutcase decided
> to leave the RBL in operation and answered /every/ query with
> 127.0.0.2!
>
>>- RBLs by themselves aren't the solution to the spam problem, just part of 
>>a
>>multi-layered solution.
>
> If this were the mid-1990's, or even 2000-2001 I might agree with you.
> But not today. RBLs can only safely be used if you consider them as a
> part of your assessment of an individual e-mail's spamminess.
>
> -- 
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
> Don't send mail to this address mailto:h.pott@getronics.com
> Or to these, either: mailto:h.pott@pinkroccade.com 
> mailto:melvin.mcphucknuckle@getronics.com 
> mailto:melvin.mcphucknuckle@pinkroccade.com 


0
bharatsuneja1 (3146)
10/18/2006 11:54:12 PM
Reply:

Similar Artilces:

move to archived folders works, archiving to same archived folders does not work
We are using Outlook 2000 with Exchange 2000. Most of our users work on Terminal Server. Their pst-files are stored on a directory on the file and print server. Some of these users can move mails from their mailbox to their archived folders, but cannot archive to it. They get the message that the pst file cannot be opened. However at that moment they can still browse in their archived folders, move mail to it and so on. For one user I created a new pst file, but the problem staid the same. Does anyone have experience with this? ...

Archive
Hi, I'm trying to archive some calendar items and have found the archive settings for the folder. When I run the archive process the items are not moved from the calendar and the folder size is not reduced. I'd appreciate it if someone could tell me how to set this up so that items prior to a point in time can be moved off so that the size of my calendar folder doesn't reach the size limit of my over zealous exchange administrator. Cheers, Darren. Check the Modified date on the items that aren't being archived as you think they should. That's the date Outlook uses to...

antivirus removed active log file, db now labeled inconsistent.
Hi At 10:30 on Friday night Mcaffee labled th E03.log file for 2 mailbox stores as a virus and then tried removing it from the log file folder. This caused the 2 stores to dismount. In my panic I copied the quarantined file over the E03.log file. Stupid, I know. The databases are have now been labled as inconsistent. NO BACKUPS!! We were in the process of changing our backup system so the last valid backup is for the 12 of June. The other mailbox stores have been remounted and are operational. As mail was starting to queue and we are a 24/7 company I spent 5 hours recreating user accounts....

Date Logging via Workflow
It's not enough in my company to simply know what Sales Stage a given Opportunity is in, but what date the new stage began. We not only need to know how long the Sales Cycle took, but how long between Stages. Please allow for Workflow date logging with Sales Stages. Better yet, Please allow for Workflow to update date flields. Even better, allow work flow to trigger JScript. --Dodd ---------------- This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message...

Virtual Memory errors logged
I keep getting the following warning in my even log. The virtual memory necessary to run your Exchange sercer is fragmented in such a way that performance may be affected. It is highly recommended that you restart all Exchange services to correct the issue. The Event Id is 9582 I have applied the patch from microsoft and have tried restarting services and it keeps coming back. Any help would be appreciated! If your Exchange Server is running Enterprise edition and you have more than 2GB RAM you should have the /3GB switch configured in your boot.ini. If it is Standard Edition or you...

Archiving pages
Hi All, The pages in one of the our publishing site are around 1500. So it?s showing effect on search crawling index and sometimes throwing an error like System out of memory (usually in full crawl). Our ram size is 4 gb for index server. Is there any method for archive the pages in page document library. And the important thing is the data must be handy, so the archival process should accommodate ability to retrieve the archived content quickly. pls suggest me. Thanks in Advance sukumar.k Submitted via EggHeadCafe - Software Developer Portal of Choice Consuming WebServices...

Archival Data -- Managing over Time
I am developing a set of data that I will do some research on, and others as well. My plan is to keep the source data in one workbook in a very simple format, and not do any calculations or charts in that workbook. I'll do my charts in other workbooks, and will send the source data workbook to others when they request. The idea is to reduce corruption and accidental modifications to the source data over time. Is this a good plan? Any other comments about how to protect the accuracy and stability of the source data over time? I understand I can essentially make the source file read...

deleting empty folders after archive
IS there a way to delete folders which are left empty after you perform an archive? I have approx 300 or so folders that are empty since my archive application completed but they still show up and there seems to be no way except one at a time to delete them. There should be a method to state if folder size = 0 then delete folder. Shane ...

Excel 2007, log chart issue
I'm trying to put together a piece of code in Excel, to be called by an external application to regenerate graphs. The offending code is this: ActiveChart.PlotVisibleOnly = True ActiveChart.DisplayBlanksAs = xlNotPlotted ActiveChart.Axes(xlValue).ScaleType = xlLogarithmic The process fails when trying to set the scaletype to logarithmic, claiming that negative or zero values cannot be plotted. There are no negative or zero values in the data series but there are a number of blank cells. This works perfectly in Excel 2003 but Excel 2007 throws errors. This is really doing...

duplicate messages when opening archives / archive inbox emptied?
Outlook appears to be re-downloading all messages (700+) from my hotmail pop3 account. (again...) This only (?) appears to happen on the same days when I try and find an archived email in my inbox. The two times that it has happened today (it has never happened twice on one day before), I was working on a Word document. So I was not deleting emails at the time. (I have seen an errata re to message IDs getting out of sync, but this looks like a different problem.) I do not think that it is my Norton anti-virus. I have disabled the email portion of the software after the fir...

Unable to log into Money 2006
Please help! I am not able to log into Ms Money 2006 with my usual sign in credentials. Every time that I attempt to it tells me that the user id or password is incorrect even though I have reentered and double checked it. If makes any difference to mention it, I have just done a destructive restore of my computer. I am using Windows XP Media Center Edition on a Compaq Presario Desktop computer. Could anyone help? Thank you and best wishes for a happy new year... Elaine Beauxrauxgard-Weiderhoff In microsoft.public.money, msnews wrote: > >I am not able to log into Ms Money ...

Archive an Archive?
LOL, i'm sure this will sound like a dumb idea but ... I want to set up a sorta two tier archive system ... Archive once to keep the PST folders small say keep everything within the last 3 months in the first archive have it accessable say for the last years worth of email, but archive anything older then a year to a new archive folder that can be burned off to a dvd or cd for filing.. Any thoughts or recommendations? Use Auto-archiving feature in Outlook to do this. You could set it up so it archives mail older than 12 months to a file named archive.pst and burn that pst file ...

archived messages #2
i recently archived a large number of messages from the last year or so, but when i open the .pst file in outlook 2000 it says that there are no files contained. i know there is data there because the .pst file reads a size of 162MB on my drive. where is this info and why can i not access it? also, everytime i view the properties[advanced properties] for this file there is a check box selected that reads "file is ready for archiving" which none of my other archive files have checked. but once i uncheck that box and try to open the file it resets that option to the way it...

Archive
Has there been a resolution to this as I have a member of staff with the exact same problem and I have to give him and endless cap :/ EggHeadCafe.com - .NET Developer Portal of Choice http://www.eggheadcafe.com ...

Archive not archiving
Help please. I am trying to archive email folders. Archive runs, creates an archive folder (and .pst file) but does nothing else. i.e no data is moved to the Archive folders. This is not a case of selected date - a lot of this info is 2 years old. No matter what date I select nothing is moved. Same if i try to archive calendar or other folders. I see others have had this problem - is there a solution or is this an outlook problem. Any help appreciated. Thanks D If you are working with an Exchange Server you may want to look at MKBA 297226 and 143376. >-----Original Mes...

Open up Archives then delete Archive folder.
I'm trying to open up those "archive.psd" and can't open them. The only think that happens is that I keep adding Archive Folders and then I can't do anything with the Archive folder. Can you tell me how to open up a file called "archive.psd"? So far I've tried File>Open>Outlook Data File, then I select the archive.psd file and all that happens is I keep adding Archive folders that I can't do anything with. How can I delete "Archive Folders"? Thanks. IS. PST, do you mean? PSD isn't a valid extension for an Outlook file. IS ...

Log file rapid growth
I have an Exchange 2003 server that creates a new 5 Meg log file every 3-4 minutes. The only thing I could find wrong was e-mail messages sent to the server with spoofed return addresses that made the NDRs go to the actual intended spam recipients. Many recipients were bad addresses so the outbound SMTP queue was full. I cleared it and the log files stopped for a while..... Now the queue is still empty but the log files have started generating again at a 2-3 minute increment. There is no anti-virus software scanning EDB or log files so I'm at a loss... Any Ideas or help is app...

Money 2003--cannot archive
When I try to archive Money 2003 (Delux Personal and Business, v 11.0, it freezes at some point and I have to shut it down manually. I've attempted letting it archive for different lengths of time with the same result. After the attempted archiving, Money has changed all my balances. I've not encountered this problem before. Anyone have a solution? Are there updates and if so where do I find them? I've searched Microsoft with no luck! Thanks, K. Clark In microsoft.public.money, K Clark wrote: >When I try to archive Money 2003 (Delux Personal and Business, v 11.0, it ...

archiving auto archive
I have my sent items set to auto archive for mails older than 6 months. Today I want to archive the remaining files in sent items (less than 6 months old). How do I make sure that I end up with 1 merged file, containing the auto-archived and the newer items? If I run archive on the sent items by selecting the auto-archive file I am afraid that it may destroy the old items (I don't want to speculate if MS thought about this or not). Thanks If you manually archive the Sent Items folder they should end up in the archive PST along with the other items. "Cagdas Ozgenc" <cagdas...

Logging an update
The other day some real great people gave me some code to enter "NOW" in a cell when the cell is double clicked. It kind of works, but not exactly like I need. I need for the code to insert the current date and time in cell $A$1 when the cell is double clicked, regardless of what is already in that cell. The code is put in the Workbook module because it effects more than one sheet. The code I have follows: Private Sub Workbook_SheetBeforeDoubleClick(ByVal Sh As Object, ByVal Target _ As Range, Cancel As Boolean) If Target.Address = "$A$1" And...

Archiving the whole store with an exception to one mailbox
I need to archive a mailbox store with the execption of a couple of mailboxes in that store. Is this possible? Thanks in advance Per-store only as far as I know. You'd have to move the mailboxes you want to exclude to a different store. -- Neil Hobson Exchange MVP For Exchange news, links and tips, check: http://www.msexchangeblog.com "JOHNC" <ha@ac.om> wrote in message news:uQXxEFntEHA.2788@TK2MSFTNGP09.phx.gbl... > I need to archive a mailbox store with the execption of a couple of > mailboxes in that store. Is this possible? > > Thanks in advance &...

Is there a way I can change a users out of office without changing their password and logging into their mapi profile?
Thanks you can give youself "full mailbox" access and "send as" rights to the mailbox, then logon to it, and change it... -- Susan Conkey [MVP] "combfilter" <whore@whore.com> wrote in message news:MPG.1f5f746a2c6752f989693@news.newsreader.com... > Thanks In news:MPG.1f5f746a2c6752f989693@news.newsreader.com, combfilter <whore@whore.com> typed: > Thanks Hi - when you post in these or any newsgrops, best to put a consise summary of your question in the subject line, and the full details in the body of your post. This would include your v...

Reading Exchange Logs
Hi Group, I am able to read the exchange logs in 2003, but it is really tough at times. Is there an add-on program to make reading of these logs easier or something I could adjust in the exchange systems manager? Thanks - Ron I assume you are talking about the Transaction Logs in the MDBDATA directory?, why do you need to read them, and there is no utility that will enable you to read them. -- Mark Fugatt Exchange MVP http://www.exchangetrainer.com http://www.msexchange.org "R. Brown" <rbrown_nospam@rbnetworking.net> wrote in message news:OhFv2bY0DHA.3496@TK2MSFTNGP11.ph...

Auto Archive not archiving all items
I set a specific date but when I look back into my Inbox and subfolders, I still see messages that have a date stamp in which it was supposed to be archived. Please advise. Check the Modified date on the items that aren't being archived as you think they should. That's the date Outlook uses to determine whether or not an item is ready to be AutoArchived, and a simple action such as moving the item to another folder can change the Modified date. More information and a list of actions that change the Modified date can be found here: http://support.microsoft.com/default.aspx?scid=k...

Archiving #32
Do archived folders/files in Outlook 2007 use the same ammount of space as the original Outlook files? If so, what is the advantage of archiving? The Archive option moves data, based on an aged date, which you can ammend in archive settings, from your current data file to an archive data file. As I recollect the default Archive setting is for 'older than 6 months' Your current data file will be reduced in size as the data is no longer help in that data file. It might also make your data more managable from a user point of view. You can have the Archive data file open within outl...