In this post I want to address Real Time Blocklist Provides and Exchange 2013 as there are some differences you need to be aware of. Please note RBLs are often also referred to as DNS Block Lists or DNSBL.
As you may be aware now, the Exchange Transport stack has been separated into a backend and front end role. The Front End Transport component runs on the Client Access Server and the Backend Transport component runs on the Mailbox Server role. If you deploy a multi-role server, both of these components reside on the same server but still work independently as separate services called "Microsoft Exchange Frontend Transport" and "Microsoft Exchange Transport".
In previous versions of Exchange such as Exchange 2007/2010, when you enabled anti-spam filtering on an Exchange server using the install-AntispamAgents.ps1 script, it would install both the Connection Filtering and Content Filtering transport agents on the same Transport service, as there was only one Transport service running on the Hub Transport role. Now in Exchange 2013 as there are separate transport services, the anti-spam functionality of these roles has been split across the transport services.
Connection Filtering such as IP Block Lists, IP Allow Lists and RBL Providers now run on the Front End Transport Service. Content Filtering including the Exchange Intelligent Message Filter (IMF) runs on the Exchange Backend Transport service. In addition to the Content Filtering agent a new agent has also been added to the backend called the Malware Agent which is responsible for detecting viruses in email messages. The new architecture has been shown below:
Next you can begin adding the RBL providers you wish to utilise such as the popular "Spam Haus" provider with the following PowerShell command:
Add-IPBlockListProvider -Name zen.spamhaus.org -LookupDomain zen.spamhaus.org -AnyMatch $true -Enabled $true
I added the following RBL providers in my environment:
You can verify that both the front end Connection Filter agent and back end Content Filter agents are installed and working by using the Get-TransportAgent commands as follows:
Get-TransportAgent
Get-TransportAgent -TransportService FrontEnd
The Connection Filter Agent logs get saved to the following location by default, after a few days of operating I can see log files accumulate. This directly will automatically get created as soon as the Connection Filter Agent attempts to write a log file so it wont be created straight away upon agent installation.
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\AgentLog
To get a summary on your top RBL Providers from these log files run the following command:
.\get-AntispamTopRBLProviders.ps1 -location "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\AgentLog"
As you may be aware now, the Exchange Transport stack has been separated into a backend and front end role. The Front End Transport component runs on the Client Access Server and the Backend Transport component runs on the Mailbox Server role. If you deploy a multi-role server, both of these components reside on the same server but still work independently as separate services called "Microsoft Exchange Frontend Transport" and "Microsoft Exchange Transport".
In previous versions of Exchange such as Exchange 2007/2010, when you enabled anti-spam filtering on an Exchange server using the install-AntispamAgents.ps1 script, it would install both the Connection Filtering and Content Filtering transport agents on the same Transport service, as there was only one Transport service running on the Hub Transport role. Now in Exchange 2013 as there are separate transport services, the anti-spam functionality of these roles has been split across the transport services.
Connection Filtering such as IP Block Lists, IP Allow Lists and RBL Providers now run on the Front End Transport Service. Content Filtering including the Exchange Intelligent Message Filter (IMF) runs on the Exchange Backend Transport service. In addition to the Content Filtering agent a new agent has also been added to the backend called the Malware Agent which is responsible for detecting viruses in email messages. The new architecture has been shown below:
When you have a multirole deployment of Exchange 2013 with both Client Access and Mailbox roles on the same server, the Install-AntispamAgents.ps1 script will only configure the backend transport service for anti-spam functionality meaning the content filtering agent will be installed. This means if you add any block list providers with the Add-BlockListProvider cmdlet, these will not function as a Connection Filtering agent is not available.
To ensure Connection Filtering is available, install the Connection Filtering agent with the Install-TransportAgent cmdlet. This can be done with the following PowerShell command:
Install-TransportAgent -Name "Connection Filtering Agent" -TransportService FrontEnd -TransportAgentFactory "Microsoft.Exchange.Transport.Agent.ConnectionFiltering.ConnectionFilteringAgentFactory" -AssemblyPath "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll"
After you have installed the agent you must then enable it and restart the Front End Transport Service with the following command:
Enable-TransportAgent -TransportService FrontEnd -Identity "Connection Filtering Agent"
Restart-Service MSExchangeFrontEndTransport
Next you can begin adding the RBL providers you wish to utilise such as the popular "Spam Haus" provider with the following PowerShell command:
Add-IPBlockListProvider -Name zen.spamhaus.org -LookupDomain zen.spamhaus.org -AnyMatch $true -Enabled $true
I added the following RBL providers in my environment:
You can verify that both the front end Connection Filter agent and back end Content Filter agents are installed and working by using the Get-TransportAgent commands as follows:
Get-TransportAgent
Get-TransportAgent -TransportService FrontEnd
The Connection Filter Agent logs get saved to the following location by default, after a few days of operating I can see log files accumulate. This directly will automatically get created as soon as the Connection Filter Agent attempts to write a log file so it wont be created straight away upon agent installation.
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\AgentLog
To get a summary on your top RBL Providers from these log files run the following command:
.\get-AntispamTopRBLProviders.ps1 -location "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\AgentLog"
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.
ConversionConversion EmoticonEmoticon