Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   

Building a List of Spam Hosts

Page 1 | Page 2 | Page 3 | Page 4 | Page 5

Putting it all together

Because of the length of the code in this script I am going to defer you to the attach .vbs file to see the complete script.  It includes some additional features and differences in the code covered above.

Additional features in the included CreateSPAMHosts script

Logging

The attached script will log data to the Application log on the system you run it on.  At the beginning of script you can set the PromptLevel and LogLevel to the level of pop-up feedback and logging you want in the application log.  This will make it a lot easier to troubleshoot problems in the script.

In addition, the included script will generate a text file with a list of all the newly created contacts and why they were created.  This will help when looking for hosts that shouldn?t have been blocked, false positives.  When you find such a host you should delete the contact from the AD and add the DNS name to the ValidDomains list in this script.

Conclusion

In Part 1, Building your own custom spam filter, we went over creating and installing a spam filter script for Exchange 2000.  One of the features of this script was that it could query the AD for contacts that matched the IP address, or class C address, of the host sending the e-mail.  If the contact was found the script assume the message was spam and prevented it from being sent to your users.  The script discussed in this article allows you to automate the process of creating those contacts based on the logs created by the script in Part 1 and by even setting up a public folder that you can have all of your users drop spam messages into.  With both of these script working together, and some manual double checking of the logs and contacts created, you can greatly reduce the about of spam coming into your environment.

Code (CreateSPAMHosts.vbs)
Updated 12/5 to fix issue were some contacts weren't be created

About the Author

Jason Sherry is a Windows Infrastructure Architect for Pro Exchange and specialized in the Active Directory, Exchange, system management and administration, and scripting.  Before coming to Pro Exchange he worked at NetIQ for five years, where he was a product manager in their administration and security product line.

Reference Information

1)       Spam related web-sites
?         Open Relay Sites
http://www.ordb.org/          http://relays.visi.com           http://relays.osirusoft.com
?         RFC-Ignore ? Since most spamers don?t follow RFC guidelines for SMTP mail deliver they are listed here
http://www.rfc-ignorant.org
?         Spamhaus Block List ? List and information on the worst spamer on the internet
http://www.spamhaus.org

2)       Securing Exchange 2000
?         How to prevent Unsolicited Commercial E-Mail in Exchange 2000 Server (Q319356)
http://support.microsoft.com/default.aspx?scid=kb;en-us;319356
?         How to prevent SMTP relaying with Microsoft Exchange Server
http://www.slipstick.com/exs/relay.htm
?         How to secure Simple Message Transfer Protocol Client Message Delivery in Exchange 2000 (Q319267)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319267

3)       Adding Exchange Server Filters
?         XADM: How to Filter Junk Mail in Exchange 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;q276321
-          One thing this article fails to mention is that the senders information is often forged by spam senders so these filters aren?t that helpful
?         How to Enable or Disable Message Filtering on a Simple Mail Transfer Protocol Virtual Server
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q261087

4)       Anti-Spam Software for Exchange and Outlook
?         http://www.msexchange.org/software/software.asp?cat=AntiSpam
?         http://www.slipstick.com/addins/content_control.htm

5)       Related Articles
?         Rules and tools to filter junk mail
http://www.slipstick.com/rules/junkmail.htm
?         How to view Internet Headers
http://www.slipstick.com/mail1/viewheaders.htm

 

Building a List of Spam Hosts

Page 1 | Page 2 | Page 3 | Page 4 | Page 5

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008