Question
I noticed that I was still getting lot of spam email after installed the Exchange Antispam agents and configured the Spamhaus block list provider.
I ran the Spamhaus blocklist test utilities and it is failing 2 of the tests – BLT Public SMTP Test Email (1557:20621:dbl-pub-ehlo) and BLT Public Content Test Email (1557:20623:sbl-pub-body-ip).
The articles pointed in the emails are not much help to me.
Here are the email contents:
This is a Spamhaus BLT public content-test email which has been crafted to be flagged as spam by properly configured mail systems. If your MX is correctly configured to do content filtering for the sbl-pub-body-ip test, then this email should be flagged as spam (check the headers) or rejected outright. If this email was delivered, and not classified as spam, then your MX is not correctly configured for the sbl-pub-body-ip test; please see the BLT documentation at https://blt.spamhaus.com/docs for tips on configuring your MX.
Description of this test:
This is a test of bad-IP-in-body blocking via the Spamhaus Blocklist (SBL):
https://docs.spamhaus.com/datasets/docs/source/10-data-type-documentation/datasets/030-datasets.htmlThe bad IP address is http://199.168.89.84.
You can view more information about this test email at
https://blt.spamhaus.com/test/1557/email/20623This is a Spamhaus BLT public SMTP-test email which has been crafted to be blocked by properly configured mail systems. If you’re reading this then your MX is not properly configured for the dbl-pub-ehlo test; please see the BLT documentation at https://blt.spamhaus.com/docs for tips on configuring your MX.
Description of this test:
This is a test of EHLO host blocking via the Public Mirrors Domain Blocklist (DBL):
https://docs.spamhaus.com/datasets/docs/source/10-data-type-documentation/datasets/030-datasets.htmlYou can view more information about this test email at
https://blt.spamhaus.com/test/1557/email/20621
I have enabled everything on the antispam agents and really now don’t have a clue as to how to fix this problem. Any help to fix this would be appreciated.
Answer
Clearly described here: https://docs.spamhaus.com/datasets/docs/source/40-real-world-usage/PublicMirrors/MTAs/040-Exchange.html#configuration
Execute the following Exchange Management Powershell with administrator privileges on Exchange server:
add-IPBlockListProvider -Name 'Spamhaus ZEN' -LookupDomain 'zen.spamhaus.org' -Enabled $true -BitmaskMatch $null -IPAddressesMatch '127.0.0.2','127.0.0.3','127.0.0.4','127.0.0.9','127.0.0.10','127.0.0.11' -Priority '1' -AnyMatch $false -RejectionResponse 'Connecting IP address {0} has been blocked by Spamhaus ZEN. See https://www.spamhaus.org/query/bl?ip={0} for further details.'