IP Block List Provider Providing Incorrect Results in Exchange 2010 SP2

I have zen.spamhaus.org configured as an IP Block List Provider on my Exchange 2010 SP2 server. I noticed that several IPs that should have had their connections terminated were still allowed to send mail. I used the Test-IPBlockListProvider in PowerShell and came up with some results that I can't make sense of.

[PS] C:\Windows\system32>Test-IPBlockListProvider -Identity "Zen Spamhaus" -IPAddress 41.72.17.178

RunspaceId     : de0ada31-2415-4ea8-a8af-cf07947dddce
Provider       : Zen Spamhaus
ProviderResult : {}
Matched        : False

This same IP address shows a definite match when queried directly from Spamhaus' site — Spamhaus Lookup for 41.72.17.178. What could be the reason for the discrepancy? It doesn't seem to be a timing thing.

Here is the configuration for the IPBlockListProvider in Exchange 2010 —

[PS] C:\Windows\system32>Get-IPBlockListProvider "Zen Spamhaus" | fl

RunspaceId        : de0ada31-2415-4ea8-a8af-cf07947dddce
RejectionResponse : Your e-mail server's IP address matched the ZEN blocklist maintained by www.spamhaus.org.  Please have your administrator visit http://www.spamhaus.org/lookup.lasso if you feel your inclusion on this list is in error.
LookupDomain      : zen.spamhaus.org
Enabled           : True
AnyMatch          : True
BitmaskMatch      :
IPAddressesMatch  : {}
Priority          : 1
AdminDisplayName  :
ExchangeVersion   : 0.1 (8.0.535.0)
Name              : Zen Spamhaus
DistinguishedName : CN=Zen Spamhaus,CN=IPBlockListProviderConfig,CN=Message Hygiene,CN=Transport Settings,CN=DOMAIN,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=local
Identity          : Zen Spamhaus
Guid              : 36260444-a4d4-4088-8f30-7f428b4ff4e4
ObjectCategory    : domain.local/Configuration/Schema/ms-Exch-Message-Hygiene-IP-Block-List-Provider
ObjectClass       : {top, msExchMessageHygieneIPBlockListProvider}
WhenChanged       : 7/30/2012 4:12:34 PM
WhenCreated       : 2/15/2010 9:43:37 AM
WhenChangedUTC    : 7/30/2012 9:12:34 PM
WhenCreatedUTC    : 2/15/2010 3:43:37 PM
OrganizationId    :
OriginatingServer : dc.domain.local
IsValid           : True

Best Answer

It appears it is related to the fact that I've begun using Google DNS as my forwarders.

Your DNSBL blocks nothing at all! First, check our FAQ answer for "Your DNSBL blocks the whole Internet!" and make sure you've not made a spelling mistake in your mailserver configuration.

Check what DNS resolvers you are using: If you are using a free "open DNS resolver" service such as Google Public DNS or Level3's public DNS servers to resolve your DNSBL requests, in most cases you will receive a "not listed" (NXDOMAIN) reply from Spamhaus' public DNSBL servers. Please use your own DNS servers when doing DNSBL queries to Spamhaus.

Source: http://www.spamhaus.org/faq/section/DNSBL%2520Usage#261

Best Answer

Related Solutions

Exchange 2010 Out of office doesn’t show original senders email address

IMAPSync Migration to Exchange 2010 SP1: Exchange drops connections while checking for existence of folders

Related Topic