1

I would like to block spam emails using Spamhaus on our Microsoft Exchange 2019 server. We have the latest Cumulative Update for Exchange installed.

I searched online how to do this, but I only came across some extremely old posts.

One user claims:

Microsoft retains its own private blacklists that are used to block emails from particular IP addresses. Microsoft has also blacklisted any IPs that are identified on the Spamhaus blacklist. It means you will not receive an email from the blacklisted IP addresses.

But it's unclear to me whether this is only for Exchange Online & outlook.com email addresses, not on-premises servers?

Looking at MS Docs: Antispam protection in Exchange Server it seems that the "Connection Filtering" agent (that I think Spamhaus requires) is only available on Edge Transport servers; however we only have a Mailbox server.

Does this mean that it is not possible for us to integrate Spamhaus with Exchange?

Danny Beckett
  • 198

2 Answers2

1

You are correct that the Connection Filtering agent and the Attachment Filtering agent are not available on Mailbox servers; they are only available on Edge Transport servers. This means that blocking by IP address using the Connection Filtering agent can only be done on an Edge Transport server.

Given that you already have the anti-spam agents installed on your Mailbox server, you can still use other anti-spam measures such as the Content Filter agent, Sender Filter agent, Sender ID agent, and Protocol Analysis agent for sender reputation.

For official documentation, you can refer to the Microsoft Learn page on enabling anti-spam functionality on Mailbox servers.

If you need to block IP addresses, you might consider setting up an Edge Transport server in your environment. This would allow you to use the Connection Filtering agent and other features that are not available on Mailbox servers.

JakeZhang
  • 114
-1

Even if you only have Mailbox servers, you can still integrate Spamhaus with your on-premises Microsoft Exchange 2019 servers. While the Connection Filtering agent is typically available on Edge Transport servers, you can also enable the anti-spam agents on Mailbox servers.

Here's how:

  1. Enable the anti-spam agents on a Mailbox server:
  • Open the Exchange Management Shell
  • Run the following command to install the anti-spam agents:
Install-AntispamAgents.ps1
  • Restart the Microsoft Exchange Transport service:
Restart-Service MSExchangeTransport
  1. After enabling the anti-spam agents, you can add Spamhaus as an IP Block List provider:
Add-IPBlockListProvider -Name "Spamhaus ZEN" -LookupDomain "zen.spamhaus.org" -Enabled $true -RejectionResponse "Your IP address {0} is listed by Spamhaus. For more information, see http://www.spamhaus.org/query/bl?ip={0}."
  1. Ensure that the IP Block List provider is configured correctly:
Get-IPBlockListProvider

Following the above steps, you should be able to integrate Spamhaus with your Exchange 2019 Mailbox server and effectively block spam.

Danny Beckett
  • 198
JakeZhang
  • 114