Just after new year some emails were getting rejected by our side because they were found on a blacklist. I checked the ip addresses but they were not on the list.
550 5.7.107 Your message was rejected because the IP address of the sending server x.x.x.x is blacklisted
This was blocked by surriels block list (also sorbs and spamhaus) . I checked the entry on https://psbl.org/ but the ip was not there.
I ran Test-IPBlockListProvider on the edge server to check if it was there. It was.
[PS] C:\>test-IPBlockListProvider -Identity "Surriel" -IPAddress x.x.x.x
Provider ProviderResult Matched
Surriel {z.z.z.z, y.y.y.y} True
Interesting….. did a manual dns check
[PS] C:\>nslookup x.x.x.x.psbl.surriel.org 8.8.8.8
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
Name: x.x.x.x.psbl.surriel.org
Addresses:z.z.z.z
y.y.y.y
Now we can see that it gets the “ProviderResults” from the Non-authoritative answer.
I found this article that explains what king of answers you should get from nslookup on sorbs. After a bit more reasearch I found this configuration example for spamhaus. I was bit different than the add-IPBlockListProvider that I used to configure the block lists in the past. But it made sense. I changed the settings for sorbs based on the documentation how sorbs replies should look like. I added all replies that it sends (you can add any zone and it should work, I am using safe.dnsbl.sorbs.net).
Set-IPBlockListProvider -Identity "Sorbs" -Enabled $true -Anymatch $False -BitmaskMatch $null -IPAddressesMatch '127.0.0.2','127.0.0.3','127.0.0.4','127.0.0.5','127.0.0.6','127.0.0.7','127.0.0.8','127.0.0.9','127.0.0.10','127.0.0.11','127.0.0.12','127.0.0.14'
I applied the same settings to surriel (psbl.surriel.org) with a bit more replies as I am not sure which replies it should get.
Set-IPBlockListProvider -Identity "Surriel" -Enabled $true -Anymatch $False -BitmaskMatch $null -IPAddressesMatch '127.0.0.1','127.0.0.2','127.0.0.3','127.0.0.4','127.0.0.5','127.0.0.6','127.0.0.7','127.0.0.8','127.0.0.9','127.0.0.10','127.0.0.11','127.0.0.12','127.0.0.14','127.0.0.13','127.0.0.15'
The settings for spamhaus (zen.spamhaus.org) are like those on the spamhaus example page.
Set-IPBlockListProvider -Name 'Spamhaus ZEN' -LookupDomain 'zen.spamhaus.org' -Enabled $true -BitmaskMatch $null -IPAddressesMatch '127.0.0.2','127.0.0.3','127.0.0.4','127.0.0.9','127.0.0.10','127.0.0.11' -Priority '1' -AnyMatch $false -RejectionResponse 'Connecting IP address {0} has been blocked by Spamhaus ZEN. See http://www.spamhaus.org/query/bl?ip={0} for further details.'
Basically I just copied the command and changed the ass to set command as I already had it there.
This are the settings for spamcop (bl.spamcop.net) based on the info here.
Set-IPBlockListProvider -Identity "Spamcop" -Enabled $true -Anymatch $False -BitmaskMatch $null -IPAddressesMatch '127.0.0.2'
Edit: Lately I had to disable Spamcop as it is rejecting too many microsoft ip addresses but admittedly by microsoft for legitimate reasons.
![So awesome to have everything in the cloud](https://shubell.wordpress.com/wp-content/uploads/2024/01/cloud-rox.png?w=1024)
Anyways the test now looks as it should. It is the same as before but matched is false.
[PS] C:\>test-IPBlockListProvider -Identity "Surriel" -IPAddress x.x.x.x
Provider ProviderResult Matched
Surriel {z.z.z.z, y.y.y.y} False
Here is the few lines I use to check all my providers.
$eyepee= "x.x.x.x"
test-IPBlockListProvider -Identity "Sorbs" -IPAddress $eyepee
test-IPBlockListProvider -Identity "Spamcop" -IPAddress $eyepee
test-IPBlockListProvider -Identity "Surriel" -IPAddress $eyepee
test-IPBlockListProvider -Identity "Spamhaus ZEN" -IPAddress $eyepee
The most funny thing is that the settings that were used until now worked for many years. In all the “How to setup exchange edge spam” all the commands looked like this… and it worked…. Could be some dns change.
Add-IPBlockListProvider -Name Surriel -LookupDomain psbl.surriel.org -AnyMatch $True -Enabled $True -RejectionResponse “Your IP is on the psbl.org block list“