Using DNSBL in Exchange 2013

In order to use an RBL with Exchange 2013 its best to use Hexamail to provide antispam for Exchange 2013.

This has several advantages over any built in antispam protection in Exchange:

  1. Hexamail blocks spam before it reaches Exchange and therefore email doesnt ever burden Exchange
  2. It offers various options per blocklist, such as allow, weight, block and reject so you can configure each blocklist to be as aggressive as you wish
  3. Blocked spam appears in a web based quarantine allowing the admin or users to unblock and whitelist in a single click if required
  4. Blocked spam never reaches Exchange or Outlook so no scripts or malicious links can be activated by end users
  5. Configuration is via a full Windows GUI that allows clear configuration of each list and the action it performs rather than using a complicated command line interface (Powershell)

Hexamail DNSBL support is shown in the screenshot below:

ip

 

DNSBLs can be used not only for the sending IP address (or IP address in the email headers) but also to reject sender

email address domains:

 

sender

 

 

And also any links (URL hostnames)  contained in the contents:

urlhost

 

 

In every case the email can be allowed, weighted, blocked or rejected/deleted based on the matching list found.

 

Hexamail can be installed on the same server as Exchange or on another, separate server. Installation is controlled by a really simple to use setup wizard that automatically integrates with Exchange if it is installed on the same machine.

You can download a trial of Hexamail Guard here

Advertisements

Exchange Server 2007 Transport: 452 4.3.1 Insufficient system resources

When trying to telnet to the SMTP port of an Exchange 2007 Hub Transport server, it issues the following error:

452 4.3.1 Insufficient system resources

The Application Event Log has Event ID 15002 from MSExchangeTransport saying “The resource pressure is constant at High. Statistics… “ and goes on to tell you that inbound mail submission has stopped, and it’s due to disk space being low on the volume where the queue database is located.

What’s Back Pressure?

In Exchange Server 2007, the Transport service monitors system resources such as disk space and memory on Transport servers (the Hub Transport and the Edge Transport servers), and stops message submission if it’s running low on these resources. It continues to deliver existing messages in the queue. When resource utilization returns to normal, it resumes message submission. The feature is called Back Pressure.

In this case, Exchange required 4 Gigs of free disk space on the volume where the Queue database was located – I had about 3.95 Gigs. 🙂

Changes to Back Pressure settings in Exchange Server 2007 SP1

The Back Pressure settings in Exchange Server 2007 RTM stop inbound mailflow if free disk space is below 4 Gigs. This static threshold has been lowered in SP1 to a more realistic 500 MB.

The Resolution

Many configuration options for transport servers are saved in an XML file namedEdgeTransport.exe.config (it’s the same file name on both server roles— Edge Transport and Hub Transport) located in \Exchange Server\Bin\.

To get transport to resume submissions, you can use any of the following methods. All of the following require you to edit the EdgeTransport.exe.config file.

  1. Disable BackPressure: Although Microsoft doesn’t recommend it, it does provide a way to Disable Back Pressure
  2. Tweak BackPressure thresholds: Modify BackPressure parameters to more accurately define what’s high utilization for your deployment or server configurations, as explained in the above docs.
  3. Move the queue database to another volume: Another resolution, and the one I used in this case, was to move the queue database to another volume with ample of free space, using the following procedure:
    1. Add the following key in the <AppSettings> section in EdgeTransport.exe.config, as documented in “How to Change the Location of the Queue Database“:

      <add key=“QueueDatabasePath” value=”D:\Queue\QueueDB” />

    2. Save the file and restart the Microsoft Exchange Transport service from the Services console or by using the Restart-Service cmdlet (Restart-Service MSExchangeTransport).