Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Exchange Server

Greylisting in Exchange 2003

Greylisting with Exchange 2003

Greylisting seems to be the right method to effectively lower the spam levels your mail servers get daily. Read more about it on my Combating Spam with Greylisting article.

There are quite a few Greylisting implementations available for a wide variety of SMTP mail servers. So far I was only able to find one freeware Exchange 2000/2003 implementation (if you know of any other freely available tool please let me know).

Greylist – freeware Grey list for Exchange v1.2 by Chris J.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

The program consists of two parts:

  • Greylist installs as a .dll and connects to the SMTP service’s OnInboundCommand RCPT. It reads it configuration from Greylist.cfg and uses Greylist.mdb for logging entries. It also produces a log file in the log directory.
  • Greylist admin creates and configures the above files as well as controls the settings and the white list.

Requirements:

  • Windows server 2000/2003
  • Exchange 2000/2003 or the vanilla IIS service
  • .NET framework 2.0
  • (Optional) Microsoft SQL 2000/2003 or SQL Server Express

Features:

Greylist

  • Continue blocking for X minutes.
  • Installs as a cached .dll
  • Block by Source IP, Sender email address, Recipient address all together or in any combination.
  • White list (always allow) by Source IP, Sender email address, Recipient address or in any combination.
  • Clean out entries older then X days on the first session of the day.
  • Stores data in a Microsoft access database, .mdb or in a MsSQL db.
  • Logs on error to the event log
  • Logs all sessions to a daily log file in /log/

Greylist admin

  • Configures: Block for X minutes, Max age in X days, White list.
  • Configures which items to use when blocking by Source IP, Sender email address, Recipient address all together or in any combination.
  • Displays blocked items and passed items in totals.
  • Displays current items in database.
  • Displays block rate in % according to all entries in the database.
  • Manually start cleanup routine.
  • Configures the database connection

Installation and usage:

  1. After downloading the small freeware tool you need to extract it to a folder of your choice on the Exchange server. Note that this folder will also host the tool’s database and logfiles, thus I suggest you place it onto a separate drive.

The Greylist tool should be used on the Exchange servers that are facing the Internet.

  1. Start Greylist admin. This will create the default database settings.

Greylist installs with the default setting of using a local access mdb database. There is also an option to make use of a MS SQL server to store the data which has two interesting advantages:

  • An SQL database handle more stress and more data. The mdb database has proven to be stable in environments with 3-5000 mails a day and it can possible handle more, but the SQL server can handle millions of messages a day.
  • A central SQL server is that several Greylist servers can share the same database and therefore be used on multiple internet facing servers.

You can download the free version of Microsoft SQL server called SQL server Express 2005 (SSE) from here:

Microsoft SQL Server 2005 Express Edition

The downside of using the free SQL Server 2005 Express Edition is that you must install it on the same server that you intend to run Greylist from. If you’d like to use a SQL server outside the Greylist server then you have to purchase the full SQL product from Microsoft.

  1. Open a command prompt and go to the install directory. Type enable and press enter. This will register greylist.dll and tell the SMTP service to use it.
  2. Test sending an email to yourself from somewhere on the outside and wait a couple of minutes.

Note that when using the TELNET prompt to send the email (read SMTP, POP3 and Telnet in Exchange 2000/2003 for more info) you will get the following reply from the server:

​451 4.7.1 Please try again later. Connection Greylisted with Greylist (http://www.grynx.com/projects/greylist/). If you've receive this in error then check http://www.greylisting.org/

You can also see the report in the Greylist logfiles:

  1. Click on refresh in Greylist admin. You should now see at least one blocked item and at least on item in the database.

From my initial testing, using Greylist on Exchange 2003 production servers has dropped the number of spam messages being received by IMF (read Block Spam with Exchange 2003 Intelligent Message Filter) significantly.

As always, read the readme file for more information.

Related articles

You might also want to read the following related articles:

Links

Greylist – freeware Greylist for Exchange v1.2

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: