How does Exchange Server 2003's antispam Real-Time Block List (RBL) feature work?
Ideally, we'd all like our servers to refuse any connections from known spammers, which is more or less what RBLs (also called DNS block lists) do. To configure RBLs in Exchange 2003, go to Exchange System Manager (ESM), open the Message Delivery object's Properties dialog box, then select the Connection Filtering tab, as Figure 1 shows. When you enable RBLs, Exchange 2003 passes the IP address of each incoming connection as a DNS query to each connection filter on the list. If any RBL in the list has flagged the IP as belonging to a spammer, the RBL returns a positive result: a DNS A record with an address of 127.0.0.1. (If you set up custom response rules, you can handle the case in which a particular RBL returns a different status code to indicate, say, that the IP address is on a list of dial-up providers.) If a given RBL doesn't contain the IP address, the query fails. If Exchange receives a response to its query, it immediately drops the connection. By choosing an RBL provider whose policies match your needs, you can filter incoming connections to screen out spammers, open relays, blocks of IPs assigned to dial-up users, and other undesirables. For a list of RBL providers, see http://www.declude.com/junkmail/support/ip4r.htm.