Filtering incoming mail by DNS lookup

Question - can you set up a filter on Exchange 2003 that 
will allow you to filter (drop) all emails that come in 
from non-existant domains. Example - incoming mail from 
kasjdfhksadjfhsdkjfh@nobodyishome.net (address in the 
header of the email) - I want to have exchange do a 
reverse DNS lookup and see if the domain name is accurate. 
If so, then it delivers the email. If not, it deletes the 
email. Also - lets say the header says - drsys@msn.com 
which is a valid domain name - but the ip in the header is 
not a real IP, its been spoofed. Can I set up a filter for 
exchange to check the DNS IP of the domain, and compare it 
to the IP in the header, and determine whether or not to 
deliver it or not based on that?

Thanks in advance!
Dr. Sys
0
anonymous (74722)
9/13/2004 2:02:21 PM
exchange.admin 57650 articles. 2 followers. Follow

3 Replies
338 Views

Similar Articles

[PageSpeed] 21

You can configure conenction filtering in exchange to use a RBL (DNS
blocklist) to filter connections.
for the other stuff to work you must write a SMTP sink

Lasse Pettersson
Humandata, Sweden



"Dr. Sys" <anonymous@discussions.microsoft.com> wrote in message
news:b08601c4999a$49a41580$a601280a@phx.gbl...
> Question - can you set up a filter on Exchange 2003 that
> will allow you to filter (drop) all emails that come in
> from non-existant domains. Example - incoming mail from
> kasjdfhksadjfhsdkjfh@nobodyishome.net (address in the
> header of the email) - I want to have exchange do a
> reverse DNS lookup and see if the domain name is accurate.
> If so, then it delivers the email. If not, it deletes the
> email. Also - lets say the header says - drsys@msn.com
> which is a valid domain name - but the ip in the header is
> not a real IP, its been spoofed. Can I set up a filter for
> exchange to check the DNS IP of the domain, and compare it
> to the IP in the header, and determine whether or not to
> deliver it or not based on that?
>
> Thanks in advance!
> Dr. Sys

0
lasse (94)
9/13/2004 3:00:16 PM
Thanks... I think. I know we will not go to an RBL - the 
expense is not justifiable to the "powers that be". As for 
writing a sink, scripting/coding is not my strong point. 
Reading MS's docs on SMTP sinks are well... clear as mud. 
Anyone know of a easily digestable guide or something to 
help? Anything that is clearer would be useful. Thanks in 
advance - again.
Dr. Sys 
>-----Original Message-----
>You can configure conenction filtering in exchange to use 
a RBL (DNS
>blocklist) to filter connections.
>for the other stuff to work you must write a SMTP sink
>
>Lasse Pettersson
>Humandata, Sweden
>
>
>
>"Dr. Sys" <anonymous@discussions.microsoft.com> wrote in 
message
>news:b08601c4999a$49a41580$a601280a@phx.gbl...
>> Question - can you set up a filter on Exchange 2003 that
>> will allow you to filter (drop) all emails that come in
>> from non-existant domains. Example - incoming mail from
>> kasjdfhksadjfhsdkjfh@nobodyishome.net (address in the
>> header of the email) - I want to have exchange do a
>> reverse DNS lookup and see if the domain name is 
accurate.
>> If so, then it delivers the email. If not, it deletes 
the
>> email. Also - lets say the header says - drsys@msn.com
>> which is a valid domain name - but the ip in the header 
is
>> not a real IP, its been spoofed. Can I set up a filter 
for
>> exchange to check the DNS IP of the domain, and compare 
it
>> to the IP in the header, and determine whether or not to
>> deliver it or not based on that?
>>
>> Thanks in advance!
>> Dr. Sys
>
>.
>
0
anonymous (74722)
9/13/2004 3:43:55 PM
Hello Dr. Sys

Many RBL providers are free (however, they do access donation) and it's very
easy to do.

http://www.msexchange.org/tutorials/Blacklist_Support_Exchange_2003.html

I'm using three of them right now:
relays.ordb.org
bl.spamcop.net
sbl-xbl.spamhaus.org

Best of luck

Ninon

<anonymous@discussions.microsoft.com> wrote in message
news:b1fe01c499a8$79d73940$a601280a@phx.gbl...
> Thanks... I think. I know we will not go to an RBL - the
> expense is not justifiable to the "powers that be". As for
> writing a sink, scripting/coding is not my strong point.
> Reading MS's docs on SMTP sinks are well... clear as mud.
> Anyone know of a easily digestable guide or something to
> help? Anything that is clearer would be useful. Thanks in
> advance - again.
> Dr. Sys
> >-----Original Message-----
> >You can configure conenction filtering in exchange to use
> a RBL (DNS
> >blocklist) to filter connections.
> >for the other stuff to work you must write a SMTP sink
> >
> >Lasse Pettersson
> >Humandata, Sweden
> >
> >
> >
> >"Dr. Sys" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:b08601c4999a$49a41580$a601280a@phx.gbl...
> >> Question - can you set up a filter on Exchange 2003 that
> >> will allow you to filter (drop) all emails that come in
> >> from non-existant domains. Example - incoming mail from
> >> kasjdfhksadjfhsdkjfh@nobodyishome.net (address in the
> >> header of the email) - I want to have exchange do a
> >> reverse DNS lookup and see if the domain name is
> accurate.
> >> If so, then it delivers the email. If not, it deletes
> the
> >> email. Also - lets say the header says - drsys@msn.com
> >> which is a valid domain name - but the ip in the header
> is
> >> not a real IP, its been spoofed. Can I set up a filter
> for
> >> exchange to check the DNS IP of the domain, and compare
> it
> >> to the IP in the header, and determine whether or not to
> >> deliver it or not based on that?
> >>
> >> Thanks in advance!
> >> Dr. Sys
> >
> >.
> >


0
nchasse33 (46)
9/14/2004 1:05:54 AM
Reply:

Similar Artilces:

Filtered Form Query
I have a form that is filtered using Allen Browne's ajbFindAsUType module (http://allenbrowne.com/AppFindAsUType.html). I want to now create a query that utilizes only the filtered records as its source in order to perform a computation. Is there a way to pass the filtered Recordset into a query via a command button? You can use the RecordsetClone of the form to step through the records. You may be able to pass the Filter from the form on to whatever other operation you need to perform. For example, you could create a report that summarizes the data, and open it like ...

Outlook Express sends 2 or 4 or 6 copies of the same e-mail
My neighbor asked me to solve a problem with his computer - seems like Outlook Express (Ver 6.0) flashes an error message when he sends an e-mail. (Typical Microsoft error message in that it doesn't say what the error is) Then, the application sends 2 or 4 or 6 copies of the same e-mail. Any ideas? He also uses a laptop, and Outlook Express works as designed when sending e-mail from the laptop (through the desk-top router). I did remove (unsuccessfully) the Outlook components, rebooted and saw that Outlook was still there doing its' nasty thing of sending 6-8 e-mails. ...

How to filter lower case characters in an edit control?
Hi to all, I created a class that enherits from CEdit and overrode its OnChar() message handler to intercept the entered keys and filter only those that are lower case. It also verifies if an entered key is upper case to convert it to lower case and filter it. Everything works good except the conversion from upper to lower case. The problem is that even if the OnChar() handler does convert the character to lower case, the character is still displayed in the edit box as it was entered, i.e. in upper case. Please note that if I remove the line: "nChar = tolower(nChar);", the u...

Mail wont delete from server
i recently started using WLM for my comcast email account on my new laptop with windows 7. the problem i have is that when i delete my messages from within WLM it does NOT remove them from my comcast mail account. the mail continues to build up until the box is full and i can revieve no more mail. My windows xp computer with outlook mail client was able to remove it from the serever. is there a setting i am overlooking to accomplish this? otherwise it defeats the purpose of using WLM if i still have to log on to comcast to purge all the mail. thanks for any help ! Tools | Ac...

mail merge to Word
Does anyone know why I can't get my zip codes in Excel to merge into mailing labels in Word 2000? On the first worksheet I get a very few to merge, the rest are blank. On the second worksheet where I've copied and pasted some random names and addresses from worksheet 1, the zip codes do merge but they all have a decimal and a zero at the end. I have gone to Format and chosen Text, but that doesn't seem to help. I've even cleared and re-entered all my zip codes. That made no difference either. Does anyone see a clue where I'm going wrong? TIA bob ...

How do I do mail merge with 2 2-sided documents per page?
I am trying to merge an excel mailing list with a two sided postcard. I can fit 2 postcards per page (2 fronts on one side and 2 corresponding backs on the other). Prior to doing the mail merge, the print preview looks correct. After the mail merge, the print preview shows only 1 postcard per page. This doubles the amount of paper I will need to use. Does anyone know how to set up publisher to allow me to print 2 postcards, front and back, with mail merge one sheet of printer paper? When you do a mail merge you can only have one card on your screen. If you are using 2007 I would s...

Mail Server or Domain banned?
How can I find out if my mail server has been banned or if the administrator banned my domain name? Not enough info to go on. Are you running your own mail server? What makes you think it's been blacklisted? Are you getting bounce messages/NDRs? Rob wrote: > How can I find out if my mail server has been banned or if the > administrator banned my domain name? No, we are talking POP mail. I'm afraid a system administrator might be sabotaging me. Any email sent from mydomain.com is rejected by saiddomain.com. I think the system administrator blocked mydomain.com from saiddo...

Rejected E-Mail Relaying???
This is a multi-part message in MIME format. ------=_NextPart_000_000E_01C50A09.C6E8DBE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Client using Exchange 2003. Got an e-mail returned with with a = rejected: ip address listed on dnsbl.sorbs.net error. Their domain name has .us extension, is that causing a problem at the = recipeint's end, thinking that it is spam? Is there a way to stop open relay in Exchange 2003? Thank you for your help in advance! Candace Sparks ------=_NextPart_000_000E_01C50A09.C6E8DBE0 Content-Type: tex...

Problem with user that sending out mail to 1000/users external
Hello I have 600/users on out Exchange 2000 server and some of them is sending out mail to 1000/user (external) and when they do that our mail server is working to hard and the other user is complaining. Is their anyway of stopping then from doing the mass mail during the day and then let them sending their mail at night?? Can I create some group (set some settings for max outgoing mamil) that handling this user or must I write some script?? Regards, Kenneth In Outlook, when creating new message click File\Properties\Send Options\MSExchange\Send this item in ... P.S. Sending message to 1000...

Exchange 2010 Hub/CAS
I am in the process of transitioning from Exchange 2003 SP2 to Exchange 2010. I've set up 2 servers running Exchange 2010 with combined Hub Transport and Client Access roles. I am using Windows Load Balancing for the CAS array. My understanding is that the Hub Transport roles will automatically load balance. In front of these servers I have a firewall and an email filtering server. The firewall routes all SMTP traffic to the email filter server. The email filter server then routes allowed mail to my existing Exchange 2003 front-end server, which then delivers the mail to the ...

Filter mode #2
Hello All I have a worksheet with autofilter set to on. In the bar just above the taskbar, on the far left, I notice that it says "Filter mode", and if I right-click on that I can select options Average, Count, etc. BUT: whichever option I select seems to have no effect - it always says "Filter mode"! Is there another setting that needs to be set somewhere? Hope someone can help. Many thanks Leslie Isaacs When your list has many formulas, or if a cell in the list is changed after an AutoFilter has been applied, the Status Bar may show "Filter Mode" inst...

Client-Side Junk E-Mail Filtering
We are using Intelligent Message Filtering with Exchange 2003 SP2. We have a user where e-mail sent to a distribution list hidden from the GAL is being moved to his Junk E-Mail folder by Outlook 2003 SP3 client-side filtering. The e-mail is not being moved if cached-mode is disabled. I added the distribution list address to the user’s Safe Recipients list of their Outlook. Does the distribution list have to be visible in the GAL for client-side filtering to function properly or am I missing something else? Thank you Is this mail entirely internal or does it come from outsi...

chime when Outlook gets mail
Is there a way up change the sound? I'm on Outlook 2000 SP-3 9.0 with an XP machine and the sound is so subtle that I miss it sometimes. When i was on 98, it was a fairly clear two-pitch tone. ...

Only accept mail from people in my address book
How can Outlook be configured only to accept mail from addresses in my address book. Or how can it automatically delete mail from addresses not in my address book? On 10/22/2003 7:55 PM, DCJ wrote: > How can Outlook be configured only to accept mail from > addresses in my address book. Or how can it automatically > delete mail from addresses not in my address book? I don't think this can be done. Other members may have ways to do this. Sorry that I can be any helpful. Good luck. Alex -- -( Alex Yu | Systms Admintr | Multmd Devlpr | AEM | RPI | MSFT MVP )- What v...

Resource Assignments View Filtered on Booked Type Field
I have a project that has been cancelled part way through. To deal with this, I've set the Booked Type field to be proposed for all resources in this project. This works great in that the tasks from this project no longer appear in the resources My Tasks view but they do still appear in the Resource Assignments views I have and I don't seem to be able to filter Resource Assignnments on Booked Type. Is that possible or is there another way I should be going about what I want to achieve? Which is to keep a copy of the cancelled projects plan in Project Server for refere...

Send HTML e-mails through a rule
Hi group, There is a way to send html e-mails with a rule? At this time we have a rule and it send an e-mail when a we create a new case, but it is only in text mode Thanks! ...

i want to mail merge 1 address per postcard 4 to a page,
I have postcards preprinted on one side. I have made a publication using mail merge to add addresses. But I have 4 postcards on a page when I do the mail merge I am getting 4 postcards with the same address. How do I get one address per card but do 4 to a page? What version Publisher? In some earlier versions the print preview showed all the addresses the same, it was/is a Publisher bug. In Publisher 2007, once you have your postcard created --- File, print merge, on this screen, select multiple copies per sheet and landscape. There is a print preview on this screen. -- Mary Sauer ...

lookup from one column return value from another?
I want to check the value of one column (A) and then depending on the outcome add the value in the same row but column B to a total. Can I do this in a single cell formula or do I have to have an extra column that does the logic test and then a cell to do the totalling? Hi Maria not sure of exactly what you want but does =IF(A1="Fred",B1,0) give you what you want? if not could you type out an example of your data and what you want to see (please don't attach a workbook just type it out) -- Cheers JulieD check out www.hcts.net.au/tipsandtricks.htm ....well i'm working...

unread mail #6
In 2007, folders with new mail are showing up in bold instead of showing up in Unread Mail. Is there some setting somewhere I might have changed inadvertently that I can change back to get new email to show up in Unread Mail again? -- Thanks, John The Unread Mail folder is a Search Folder. Check its search conditions to make sure the right folders are included for the query. -- Robert Sparnaaij [MVP-Outlook] Coauthor, Configuring Microsoft Outlook 2003 http://www.howto-outlook.com/ Outlook FAQ, HowTo, Downloads, Add-Ins and more ----- "A" <A@A.net> wrote in message ...

Cant send mail to Yahoo
Hello, I am running exchange 2003 with SP1 on a Windows 2003 server. I am having a problem sending emails to yahoo. this is the only domain I have problems with. The emails just sit in the que until they finally time out after 48 hours. We can recieve emails from Yahoo, but can not send. Any ideas? Sure its not them? Periodic issues with yahoo, hotmail and msn isnt too uncommon. On Tue, 21 Dec 2004 13:29:13 -0800, "James M" <JamesM@discussions.microsoft.com> wrote: >Hello, > >I am running exchange 2003 with SP1 on a Windows 2003 server. I am having a >pro...

Preserving E-mail format
I'm testing a graphic- and link-rich e-mail that I have created and want to send to my customers in Publisher. When I send the e-mail to myself and view it in Outlook, there is no problem. But when I view it through Yahoo! e-mail, the graphics are all out of place. I have tried saving the file as .html, I have tried putting everything in a table, I have tried grouping the entire page. Nothing seems to work. I want to be able to preserve the format and the links so that my customers can view the e-mail and click appropriately. Any suggestions? A great many folks will not accept...

Repetitive Large Outbound E-mail Messages
With e-mail messages inc. attachments of >700KB, the messages stay in the outbox despite being sent multiple times. Error message (0x8004210B) indicates "operation timed out waiting for response from sending (SMTP) server. McAfee Anti-virus in use with the outbound WormStopper disabled. Have waited on hold nearly an hour and can't talk to customer service rep. Can anyone help? Could you try it again with the virusscanner (integration) disabled? Just to determine whether McAfee or Outlook is your issue. Don't forget to enable your virusscanner again! -- Roady [MVP] ww...

mail merge #17
Can I get a hard copy list of the mail merge recipients that are check boxed in Publisher? Is this a list you created within Publisher? Look in "My Documents", "My Data Sources." This is where Publisher stores the data. The list will be in an Access format, but you should be able to open it in Excel as well as Works. -- Mary Sauer MS MVP http://office.microsoft.com/ http://www.msauer.mvps.org/ news://msnews.microsoft.com "205 education" <205 education@discussions.microsoft.com> wrote in message news:9FD5EE68-8AA7-4905-B3C5-C21551AF62F6@microsoft.com.....

Mail not received when certain user is on the To: or CC: list
Hi, I am using Exchange Server 2003 SP 1 (I believe) with XP clients running Outlook. Basically we have a problem sending email to a specific user when another specific user is in the cc or to field. IE. We have 5 employees If anyone in the company sends a message to Employee number 1 and employee number 5 is also in the message (either TO: or CC; field) then employees Number 2,3,4 and 5 will get it but not employee number 1. However employees number 1 can receive mail from all employees as long as employee number 5 is not in either the TO: or CC: field. Any help??? Thanks Check ...

Font size for incoming e-mails
Someone was taking a look at my computer...adjusting a few things and somehow my font was changed on my incoming e- mails...the font is very tiny and I can't seem to get it changed back to a normal size. Please HELP! >-----Original Message----- >Someone was taking a look at my computer...adjusting a few >things and somehow my font was changed on my incoming e- >mails...the font is very tiny and I can't seem to get it >changed back to a normal size. > >Please HELP! >. > you can go to view and then click current view and then click customize view and ...