A ban on dynamic IP addresses for Exchange Server

Some companies, including Microsoft, have decided to block any inbound email messages originating from a dynamic IP address in an effort to prevent spam. Unfortunately, while almost every large company uses a static IP address for its Exchange servers, smaller companies are often forced to use dynamic IP addresses.

Fortunately, you can configure Exchange Server to route mail through your ISP's SMTP server, so it appears to recipients as if the message came from the ISP's static IP address instead of your organization's dynamic IP address.

How to route Exchange Server email through an ISP's SMTP server

How to configure Microsoft Exchange Server to route mail through your ISP's SMTP server varies depending on the versions of Exchange Server that you are running. In Exchange 2000 and Exchange 2003, the SMTP connector replaces the Internet Mail Service used in earlier versions of Exchange Server.

For the purposes of this tip, I will assume that your Exchange Server deployment is running in mixed mode, and that you will need to create an SMTP connector. If you already have an SMTP connector in place, you can modify your existing connector rather than creating a new one.

Make sure your ISP isn't on any spam blacklists

Routing email through an ISP's SMTP server may not be enough to prevent your organization's email from being treated as spam.

There are numerous spam blacklists, and your ISP's SMTP server could potentially be listed on any of them. In the past, it has been a very tedious process to search through all of the blacklists to see where a block was coming from.

I recently discovered a handy Web site called DNSstuff.com that makes the process of searching the spam blacklists a lot easier. The site isn't solely dedicated to searching spam blacklists, but the front page offers an option to enter your (or in this case your ISP's) mail server's IP address. It will then check all of the spam blacklists to see i

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Exchange Security Tips How file-level antivirus software can harm your Exchange Server Understanding Exchange Server 2007 SP1 mobile security settings Which ActiveSync authentication method is best for your mobile device? Why you should secure Exchange 2007 using administrative policies Microsoft Exchange Server security dos and don'ts Create a journal rule in Exchange 2007 to secure journaling mailboxes How to protect an Exchange journaling mailbox from email spoofing Lock down Microsoft Outlook 2007 to prevent .PST file access Using Exchange Server journaling as an email-archiving solution Use the OWA Admin tool to 'segment' Outlook Web Access 2003 features Exchange Server Administration Tips Fixing DPM 2007 inconsistent replica errors in Exchange Server Using Mobile Device Manager 2008 server roles in Exchange 2007 An introduction to the DSAccess service in Exchange Server 2007 Exchange Performance Monitor tracks domain controller communication Exchange Server 2007 SP2 reinstates built-in backup capabilities Three Performance Monitors counters to use in Exchange Server 2007 Scheduling multiple Performance Monitor alerts in Exchange Server 2007 Which ActiveSync authentication method is best for your mobile device? Configure Performance Monitor alerts for Exchange Server 2007 Disable ActiveSync in bulk with Exchange Management Shell commands Antispam Software and Spam Filtering Problems with email spoofing on SBS 2003 Exchange Insider e-zine Securing your Exchange Server 2007 journaling archives Microsoft Exchange Server security dos and don'ts Troubleshooting Microsoft Exchange Server Event ID error 6009 How can I configure Exchange IMF to allow an IP address or DNS? Tool helps identify inbound Exchange Server email flow issues Configure SMTP relay restrictions in Exchange Server 2003 to stop spam Exchange email sent to a domain using SPF authentication is returned Secure Edge Transport servers using the Security Configuration Wizard Antispam Software and Spam Filtering Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greylist  (SearchExchange.com) hash buster  (SearchExchange.com) image spam  (SearchExchange.com) KnujOn  (SearchExchange.com) Sender ID  (SearchExchange.com) spam confidence level  (SearchExchange.com) spamblock  (SearchExchange.com) spim  (SearchExchange.com) tarpitting  (SearchExchange.com) teergrube  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

f the IP address appears on any of them.

In all likelihood, your ISP's mail server isn't blacklisted, but it's still good to check to be sure. Running a quick scan of the blacklists up front can save you hours of pointless troubleshooting if your ISP is blacklisted and causing email delivery issues.

If you've verified that your ISP's SMTP server is not on a spam blacklist, but your organization's email still isn't being delivered, it's possible that the domains rejecting your email are using extremely restrictive spam filters.

Some filters will not only block all dynamically assigned IP addresses, but also email from any organization whose DNS server is not configured to meet the service's specifications.

One example of an overly restrictive spam filter is the SORBS Dynamic User and Host List (SORBS DUHL), which was originally intended to be a list of dynamically assigned IP address ranges. The idea was that organizations could reduce spam by blocking inbound email from any IP address within a listed range.

But as I outlined above, there is a simple technique that circumvents detection of your organization's IP dynamic IP address by routing mail through your ISP's SMTP server, which has a static IP address.

Spammers know this trick too. So if the absence of a dynamic IP address were the only criteria that SORBS used for blocking spammers, the list of dynamically assigned address ranges would quickly become useless. That being the case, SORBS came up with some additional requirements:

Organizations that filter email based on the SORBS-DUHL exclusion list are bound to reduce the amount of spam they receive, but they also risk making themselves inaccessible both to clients and potential clients, so I personally think this practice is a bad idea.

Even though I disagree with using the SORBS-DUHL exclusion list to filter spam, you can't ignore its requirements. Microsoft is only one of many companies now filtering inbound email using the SORBS-DUHL standards. So you might want to think about configuring your domain's DNS records to match the SORBS-DUHL requirements as a precaution.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft's MVP award for Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.

Do you have comments on this tip? Let us know.

Related information from SearchExchange.com: