How to Create a Global Deny List

Connection filtering allows you to create global deny lists. You can use these lists to always reject mail that is sent from specific IP addresses, regardless of whether you use a block list service provider. Any IP address that appears on the global deny list is automatically rejected.

Entries in the global accept list take precedence over the entries in the global deny list. Exchange Server checks the global accept list before it checks the global deny list. Therefore, to reject connections from a specific subnet and mask, but accept connections from a single IP address within this range, you must enter the subnet and mask for the range of IP addresses from which you want to reject connections on the global deny list.

Before You Begin

Before you perform the procedure in this topic, read Configuring Filtering and Controlling Spam and How to Create a Global Accept List.

The following permissions are required to perform this procedure:

• Member of the local administrators group and a member of a group that has had the Exchange Administrators role applied at the organizational level

Procedure

To create a global deny list

1. Start Exchange System Manager: Click Start, point to All Programs, point to Microsoft Exchange, and then click System Manager.

2. In the console tree, expand Global Settings, right-click Message Delivery, and then click Properties.

3. Click the Connection Filtering tab.

4. Click Deny. The Deny List dialog box appears.

   The Deny List dialog box

   

5. Click Add.

6. In IP Address (Mask), select one of the following options:

   • Click Single IP Address to add a single IP address to the global deny list for this connection filter rule.

   • Click Group of IP Addresses to add a subnet address and mask to the global deny list.

7. Click OK.