using RBL's in Exchange 2003

Smallguy

Hi

I was talknig to a friend of mine who is an IT consultant and my former instructor the other night and he works a lot with small business's

anyway he told me about using RBL's inside of exchange and how with his clients he is able to block 90% of their spam this way with out having the extra load put on his server. One of his clients received 80,0000 messages in a 3 month period and 65,0000 of them were spam

in my situation I'm receiving 20,000 spam messages that are caught by our GFI filter a day

here is a link to what he's been implementing

http://www.spamblogging.com/archives/000138.html


To me it seems like a smart approach to drop the spam before your system ever has to really process it then have a filter that would take care of keywords and anything else that might not be on an RBL yet but is spam


I'm just wondering if other's are doing it here with success

sprkymrk

I am a fan of RBL's, but I always use the least aggressive. It's not good to use an aggressive RBL for a business as it may block more than you want. I use a conservative RBL in conjunction with a good software package for spam such as your GFI.

Smallguy

sprkymrk wrote:

I am a fan of RBL's, but I always use the least aggressive. It's not good to use an aggressive RBL for a business as it may block more than you want. I use a conservative RBL in conjunction with a good software package for spam such as your GFI.

I know this consultant recommends sorbs and spamhaus

what is your preference

HeroPsycho

The reality is this is how a lot of antispam packages work anyway.

Smallguy

HeroPsycho wrote:

The reality is this is how a lot of antispam packages work anyway.

I do realize that but my understanding is with this technique your dropping the mail sooner and reducing the load on your server since your not having it processed by your anti-spam software because it never reaches that point

royal

Smallguy wrote:

sprkymrk wrote:

I am a fan of RBL's, but I always use the least aggressive. It's not good to use an aggressive RBL for a business as it may block more than you want. I use a conservative RBL in conjunction with a good software package for spam such as your GFI.

I know this consultant recommends sorbs and spamhaus

what is your preference

SBL-XBL.SPAMHAUS.ORG

which was replaced by

zen.spamhaus.org

Zen basically includes a combination of the SBL, XBL, and PBL.

HeroPsycho

Smallguy wrote:

I do realize that but my understanding is with this technique your dropping the mail sooner and reducing the load on your server since your not having it processed by your anti-spam software because it never reaches that point

There's no difference. Some software has to use the RBL. Good antispam/antivirus hygiene products for mail should be looking at it before Exchange ever does, and good ones typically use RBL.

But the point of my comment was this is a perfectly valid way of doing it. My only other comment is the preference would be to use a smart host, and not have your Exchange server directly receiving SMTP connections anyway. Put antispam and antivirus software on the smart host so your Exchange server literally never does the RBL work. It however should still have AV installed.

It's to the point now virtually no organization should be without a smart host. Even if you can't afford a server to do it, hosted solutions similar to Postini are so prevalent, monthly fees for them are very reasonable.

royal

HeroPsycho wrote:

My only other comment is the preference would be to use a smart host, and not have your Exchange server directly receiving SMTP connections anyway. Put antispam and antivirus software on the smart host so your Exchange server literally never does the RBL work. It however should still have AV installed.

It's to the point now virtually no organization should be without a smart host. Even if you can't afford a server to do it, hosted solutions similar to Postini are so prevalent, monthly fees for them are very reasonable.

Completely agree. I'm designing a brand new Active Directory and Exchange 2007 environment for a client right now. The plan I'm trying to steer them towards is going with Exchange Hosted Services for Smart Hosting and receiving and installing the Anti-Spam agents on Exchange 2007. That way, MX is to Microsoft, and Smart Host is to Microsoft. And they still get some extra protection on their Hub Transport Server.

As for Antivirus, they will have a CAS/HTS and a separate Mailbox Server. I'm telling them that best practice for Microsoft is a defense in depth. Forefront Security for Exchange in database scanning mode for Mailbox Server and Forefront client security for file level scanning with Exchange exceptions to prevent Exchange corruption, and the same for the CAS/HTS but with Forefront Security for Exchange in transport scanning mode.

Of course, even with that being Microsoft's recommendation, it's a bit overkill, especially since Forefront Security for exchange stamps a message as scanned and it won't be re-scanned unless you have a forceful scan every x amount of hours, etc....

They'll most likely get Foreront Security for Exchange on the Transport server only.

sprkymrk

HeroPsycho wrote:

[My only other comment is the preference would be to use a smart host, and not have your Exchange server directly receiving SMTP connections anyway. Put antispam and antivirus software on the smart host so your Exchange server literally never does the RBL work. It however should still have AV installed.

+1