How to Create a Connection Filter

 

Use the following procedure to create a connection filter rule and any exceptions that you want to configure for this rule.

Before You Begin

Before you perform the procedure in this topic, read Configuring Filtering and Controlling Spam.

The following permissions are required to perform this procedure:

  • Member of the local administrators group and a member of a group that has had the Exchange Administrators role applied at the organizational level

Procedure

To create a connection filter

  1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft Exchange, and then click System Manager.

  2. In the console tree, expand Global Settings, right-click Message Delivery, and then click Properties.

  3. Click the Connection Filtering tab.

    The Connection Filtering tab in the Message Delivery Properties dialog box

    2b37b810-c9f5-47a0-b10b-67f3a9255610

  4. To create a connection filter rule, click Add. The Connection Filtering Rule dialog box appears.

    The Connection Filtering Rule dialog box

    ea5419eb-1fe4-4d48-bfa8-ac721bb80601

  5. In the Display Name box, type a name for the connection filter.

  6. In the DNS Suffix of Provider box, type the DNS suffix that the provider appends to the IP address.

  7. In the Custom Error Message to Return (default error message will be used if left blank) box, if desired, type the custom error message to return to the sender. Leave this box blank to use the following default error message:

    <IP address> has been blocked by <Connection Filter Rule Name>

    You can use the following variables to generate a custom message:

    • %0 – connecting IP address

    • %1 – connection filter rule name

    • %2 – the block list provider name

    For example, if you want your custom message to read:

    The IP address <IP address> has been blocked by the following block list provider <block list provider name>.

    type the following in the customer error message:

    The IP address %0 was rejected by block list provider %2.

    Exchange replaces %0 with the connecting IP address and %2 with the block list provider.

    Note

    If you want to include a percent sign (%) in your error message, you must type the percent sign twice (%%).

  8. To configure which return status codes received from the block list provider that you want to match in the connection filter, click Return Status Code. The Return Status Code dialog box appears.

    The Return Status Code dialog box

    0a5aef0f-915b-415c-aa3d-e90856b2b2bf

  9. Select one of the following options:

    • Click Match Filter Rule to Any Return Code (this connection filter rule is matched to any return status code received from the provider service) to set the default value that matches the connection filter to any return status.

    • Click Match Filter Rule to the Following Mask (this connection filter rule is matched to return status codes received from the provider by using a mask to interpret them), and then type the mask you want to filter against the masks that are used by your providers.

      Note

      A bit mask checks only against a single value. If you set a bit mask value that is returned when an IP address appears on two lists, the mask will match only IP addresses that appear on both lists. If you want to check for an IP address on either of two lists, enter the status codes for these settings.

    • Click Match Filter Rule to Any of the Following Responses (this connection filter rule is matched to returned status codes received from the provider service by using the specific values of the return status codes below). Click Add, and in Return Status Code, type the status code that you want to match. For each additional status code, click Add, type the code, and then click OK.

  10. Click OK.