Configuring RBL services

  • Article

 

Applies to: Microsoft Antigen

Realtime Block Lists (RBLs) are anti-spam services that offer another layer of protection against spam. These services block e-mail messages based on the IP address from which they originate. The service uses various methods to detect spamming IP addresses and enters them into a database. E-mail messages entering your organization are compared against the RBL database and are blocked if they match an IP on the block list. These services can be effective against a wide variety of spam because the content of the spam does not matter, only the source.

Note

Each RBL service has its own terms of use and may request a fee from commercial organizations using its service.
Some RBL services are more aggressive than others. This can result in too many false positive detections for your organization. Make sure that you test a service before activating it in your network. This is easily done by using the Skip: detect only setting, which logs spam detections without blocking the e-mail messages.
Each RBL that you use will adversely affect system performance. It is recommended that you start with one RBL and increase RBLs only if needed. Using more than three RBLs is not recommended.

To configure an RBL service

  1. In the Antigen Administrator, click FILTERING in the left navigation shuttle, and then click the Mailhost icon. The Mailhost Filtering pane appears.

  2. Select a scan job in the upper pane (for example, the SMTP Scan Job).

  3. In the Mailhosts Lists pane, select RBL Servers, and then click Add. The RBL Servers pane appears.

  4. In the RBL Servers pane, type the domain name or the IP address of the RBL Server.

    288a4a6c-f234-4a32-9fe8-510c04440b48

    Note

    The RBL servers shown here are examples and are not real RBL servers.

  5. Set the Filter to Enabled.

  6. Choose the Action. When first testing a new RBL service, it is recommended that you use the Skip: detect only setting. When you are satisfied that the service meets your needs, you can switch to the Purge or Identify setting, as desired.

  7. Enable or disable notifications and quarantine files that are detected by this filter.

  8. Click Save.

    Note

    If you have specific e-mail server IP addresses from which you want to receive all e-mail, it is recommended that you to enter these addresses into the Allowed Mailhosts setting to prevent e-mail from these IPs from being blocked. Conversely, if you have specific e-mail server IP addresses from which you do not want to receive e-mail, it is recommended that you enter these addresses into the Rejected Mailhosts setting to prevent e-mail from these IPs from being allowed. To do this, you must create and populate an Allowed Mailhosts or a Rejected Mailhosts filter list, and then access the Mailhost Filtering pane to configure the filter list for a specific scan job (for example, the SMTP Scan Job).
    You can also use allowed senders lists to maintain lists of safe e-mail addresses or e-mail domains that will not be subjected to filtering or spam scanning. Antigen will check the sender address (entered in the format: user@customer.com) or the domain (entered in the format: *customer.com) against the allowed senders list. If the e-mail address or domain appears on the allowed senders list, Antigen will bypass all filtering that has been enabled for the list. For step-by-step instructions for creating allowed senders lists, see the Microsoft Antigen for Exchange User Guide at the Microsoft Antigen TechNet Library.