Add an IP Block List Provider to Exchange Server 2013 Edge Transport

One of the transport agents that is installed on the Exchange 2013 Edge Transport server is the connection filter agent.

[PS] C:\>Get-TransportAgent

Identity                                           Enabled         Priority
--------                                           -------         --------
Connection Filtering Agent                         True            1
Address Rewriting Inbound Agent                    True            2
Edge Rule Agent                                    True            3
Content Filter Agent                               True            4
Sender Id Agent                                    True            5
Sender Filter Agent                                True            6
Recipient Filter Agent                             True            7
Protocol Analysis Agent                            True            8
Attachment Filtering Agent                         True            9
Address Rewriting Outbound Agent                   True            10

The connection filter agent looks at the IP address of a server that is making an SMTP connection to the Edge Transport server and decides whether to block or allow the connection. It makes the decision by looking up the IP address in a block list, allow list, or by querying a block/allow list provider.

When your Exchange organization is receiving spam you can add the IP addresses of the spammers to an IP block list on the Edge Transport server. However this is quite inefficient, as you’ll constantly be adding new IP addresses to the list.

A more effective approach is to use one or more IP block list providers, such as Spamhaus (my personal favourite) or SpamCop.

To add Spamhaus to your connection filter agent run the follow Exchange Management Shell command on the Edge Transport server.

[PS] C:\>Add-IPBlockListProvider -Name Spamhaus -LookupDomain zen.spamhaus.org -AnyMatch $true -Enabled $true -RejectionResponse "IP address is listed by Spamhaus"

Note you can change the rejection message that it sent back to the sender.

[PS] C:\>Set-IPBlockListProvider Spamhaus -RejectionResponse "IP address is listed by Spamhaus Zen."

You can add multiple providers, just make sure you check their guidance on whether there are issues adding multiple lookup domains from the same provider. Also make sure you check their terms and conditions and comply with any commercial usage policies they have.

[PS] C:\>Get-IPBlockListProvider

 Name                                    LookupDomain                            Priority
----                                    ------------                            --------
Spamhaus                                zen.spamhaus.org                        1
SpamCop                                 bl.spamcop.net                         2

After the block list provider has been in place for a day or two you can see the results by running the Get-AntispamTopRBLProviders.ps1 script that ships with Exchange.

[PS] C:\Program Files\Microsoft\Exchange Server\V15\scripts>.\get-AntispamTopRBLProviders.ps1

Name     Value
----     -----
Spamhaus    12