Greylisting in Exchange 2003
Greylisting with Exchange 2003
Greylisting seems to be the right method to effectively lower the spam levels your mail servers get daily. Read more about it on my Combating Spam with Greylisting article.
There are quite a few Greylisting implementations available for a wide variety of SMTP mail servers. So far I was only able to find one freeware Exchange 2000/2003 implementation (if you know of any other freely available tool please let me know).
Greylist – freeware Grey list for Exchange v1.2 by Chris J.
Devolutions Remote Desktop Manager
Devolutions RDM centralizes all remote connections on a single platform that is securely shared between users and across the entire team. With support for hundreds of integrated technologies — including multiple protocols and VPNs — along with built-in enterprise-grade password management tools, global and granular-level access controls, and robust mobile apps to complement desktop clients.
The program consists of two parts:
- Greylist installs as a .dll and connects to the SMTP service’s OnInboundCommand RCPT. It reads it configuration from Greylist.cfg and uses Greylist.mdb for logging entries. It also produces a log file in the log directory.
- Greylist admin creates and configures the above files as well as controls the settings and the white list.
- Windows server 2000/2003
- Exchange 2000/2003 or the vanilla IIS service
- .NET framework 2.0
- (Optional) Microsoft SQL 2000/2003 or SQL Server Express
- Continue blocking for X minutes.
- Installs as a cached .dll
- Block by Source IP, Sender email address, Recipient address all together or in any combination.
- White list (always allow) by Source IP, Sender email address, Recipient address or in any combination.
- Clean out entries older then X days on the first session of the day.
- Stores data in a Microsoft access database, .mdb or in a MsSQL db.
- Logs on error to the event log
- Logs all sessions to a daily log file in /log/
- Configures: Block for X minutes, Max age in X days, White list.
- Configures which items to use when blocking by Source IP, Sender email address, Recipient address all together or in any combination.
- Displays blocked items and passed items in totals.
- Displays current items in database.
- Displays block rate in % according to all entries in the database.
- Manually start cleanup routine.
- Configures the database connection
Installation and usage:
- After downloading the small freeware tool you need to extract it to a folder of your choice on the Exchange server. Note that this folder will also host the tool’s database and logfiles, thus I suggest you place it onto a separate drive.
The Greylist tool should be used on the Exchange servers that are facing the Internet.
- Start Greylist admin. This will create the default database settings.
Greylist installs with the default setting of using a local access mdb database. There is also an option to make use of a MS SQL server to store the data which has two interesting advantages:
- An SQL database handle more stress and more data. The mdb database has proven to be stable in environments with 3-5000 mails a day and it can possible handle more, but the SQL server can handle millions of messages a day.
- A central SQL server is that several Greylist servers can share the same database and therefore be used on multiple internet facing servers.
You can download the free version of Microsoft SQL server called SQL server Express 2005 (SSE) from here:
The downside of using the free SQL Server 2005 Express Edition is that you must install it on the same server that you intend to run Greylist from. If you’d like to use a SQL server outside the Greylist server then you have to purchase the full SQL product from Microsoft.
- Open a command prompt and go to the install directory. Type enable and press enter. This will register greylist.dll and tell the SMTP service to use it.
- Test sending an email to yourself from somewhere on the outside and wait a couple of minutes.
Note that when using the TELNET prompt to send the email (read SMTP, POP3 and Telnet in Exchange 2000/2003 for more info) you will get the following reply from the server:
451 4.7.1 Please try again later. Connection Greylisted with Greylist (http://www.grynx.com/projects/greylist/). If you've receive this in error then check http://www.greylisting.org/
You can also see the report in the Greylist logfiles:
- Click on refresh in Greylist admin. You should now see at least one blocked item and at least on item in the database.
From my initial testing, using Greylist on Exchange 2003 production servers has dropped the number of spam messages being received by IMF (read Block Spam with Exchange 2003 Intelligent Message Filter) significantly.
As always, read the readme file for more information.
You might also want to read the following related articles:
- Archiving the SCL Rating in Intelligent Message Filter
- Block Spam with Exchange 2003 Intelligent Message Filter
- Block Spam with Exchange 2003
- Block Spam with Outlook 2003
- Bug in Intelligent Message Filter Interface
- Combating Spam in the Corporate Environment
- Combating Spam with Greylisting
- Display SCL Level in Outlook 2003
- Display SCL Level in OWA 2003 SP2
- Download Exchange 2003 Intelligent Message Filter
- How to Post to Newsgroups Without Getting spammed?
- Installing Intelligent Message Filter with Exchange 2003 SP2
- Moving Intelligent Message Filter Archive Folder
- Sender Policy Framework
- Updating Intelligent Message Filter in Exchange Server 2003 SP2
- View Intelligent Message Filter Archive