Defining Block List Exceptions and Global Allow/Block Lists
Sometimes, you'll find that an IP address, a network, or an e-mail
address shows up incorrectly on a block list. The easiest way to
correct this problem is to create a block list exception that indicates
that the specific IP address, network, or e-mail address shouldn't be
filtered.
Creating or Removing Connection Filter Exceptions for E-Mail Addresses
You can define connection filter exceptions for e-mail addresses by completing the following steps:
-
Start the Exchange Management Console. On an Edge Transport server,
select Edge Transport, click the server you want to work with, and then
click the Anti-Spam tab in the details pane. On a Hub Transport server
for which you've enabled spam filtering, expand the Organization
Configuration node, select Hub Transport, and then click the Anti-Spam
tab in the details pane.
-
Right-click IP Block List Providers, and then select Properties. The IP Block List Providers Properties dialog box appears.
-
On the Exceptions tab, any current exceptions are listed by e-mail address. Type the e-mail address to add as an exception, such as abuse@adatum.com, and then click Add.
-
To delete an exception, select an existing e-mail address and then click Remove.
-
Click OK to save your settings.
Creating or Removing Global Allowed Lists for IP Addresses and Networks
Exchange will accept e-mail from any IP address or network on the global
allowed list. Before you can define allowed entries for IP addresses
and networks you must be sure that the IP Allow List is enabled. To do
this, complete the following steps:
-
Start the Exchange Management Console. On an Edge Transport server,
select Edge Transport, click the server you want to work with, and then
click the Anti-Spam tab in the details pane. On a Hub Transport server,
expand the Organization Configuration node, select Hub Transport, and
then click the Anti-Spam tab in the details pane.
-
Check the status of IP Allow List. If the feature is not enabled, right-click IP Allow List, and then select Enabled.
You use Add-IPAllowListEntry
to add an IP address or IP address range to the IP Allow list
configured on a Hub or an Edge Transport server. Example 1 provides the syntax and usage.
Example 1. Add-IPAllowListEntry cmdlet syntax and usage
Syntax
Add-IPAllowListEntry -IPAddress IPAddress {AddtlParams}
Add-IPAllowListEntry -IPRange IPRange {AddtlParams}
{AddtlParams}
[-Comment Comment] [-ExpirationTime DateTime] [-Server ServerId]
Usage
Add-IPAllowListEntry -IPAddress 192.168.10.45
Add-IPAllowListEntry -IPRange 192.168.10.0/24
Add-IPAllowListEntry -IPRange 192.168.10.1-192.168.10.254
You use Get-IPAllowListEntry to list IP Allow List entries and Remove-IPAllowListEntry to remove IP Allow List entries. Samples Example 2 and Example 3 provide the syntax and usage.
Example 2. Get-IPAllowListEntry cmdlet syntax and usage
Syntax
Get-IPAllowListEntry [-Identity IPListEntryId] {AddtlParams}
Get-IPAllowListEntry -IPAddress IPAddress {AddtlParams}
{AddtlParams}
[-ResultSize Size] [-Server ServerId]
Usage
Get-IPAllowListEntry
Get-IPAllowListEntry -IPAddress 192.168.10.45
Example 3. Remove-IPAllowListEntry cmdlet syntax and usage
Syntax
Remove-IPAllowListEntry -Identity IPListEntryId
[-Server ServerId]
Usage
Get-IPAllowListEntry | Where {$_.IPRange -eq '192.168.10.45'} |
Remove-IPAllowListEntry
Get-IPAllowListEntry | Where {$_.IPRange -eq '192.168.10.0/24'} |
Remove-IPAllowListEntry
Creating or Removing Global Block Lists for IP Addresses and Networks
Exchange will reject e-mail from any IP address or network on the
block list. Before you can define blocked entries for IP addresses and
networks, you must ensure that the IP block list is enabled. To do
this, complete the following steps:
-
Start the Exchange Management Console. On an Edge Transport server,
select Edge Transport, click the server you want to work with, and then
click the Anti-Spam tab in the details pane. On a Hub Transport server,
expand the Organization Configuration node, select Hub Transport, and
then click the Anti-Spam tab in the details pane.
-
Check the status of the IP block list. If the feature is not enabled, right-click IP Block List, and then click Enabled.
You use Add-IPBlockListEntry to add an IP address or IP address range to the IP block list configured on a Hub or an Edge Transport server. Example 4 provides the syntax and usage.
Example 4. Add-IPBlockListEntry cmdlet syntax and usage
Syntax
Add-IPBlockListEntry -IPAddress IPAddress {AddtlParams}
Add-IPBlockListEntry -IPRange IPRange {AddtlParams}
{AddtlParams}
[-Comment Comment] [-ExpirationTime DateTime] [-Server ServerId]
Usage
Add-IPBlockListEntry -IPAddress 192.168.10.45
Add-IPBlockListEntry -IPRange 192.168.10.0/24
Add-IPBlockListEntry -IPRange 192.168.10.1-192.168.10.254
You use Get-IPBlockListEntry to list IP block list entries and Remove-IPBlockListEntry to remove IP block list entries. Samples Example 5 and Example 6 provide the syntax and usage.
Example 5. Get-IPBlockListEntry cmdlet syntax and usage
Syntax
Get-IPBlockListEntry [-Identity IPListEntryId] {AddtlParams}
Get-IPBlockListEntry -IPAddress IPAddress {AddtlParams}
{AddtlParams}
[-ResultSize Size] [-Server ServerId]
Usage
Get-IPBlockListEntry
Get-IPBlockListEntry -IPAddress 192.168.10.45
Example 6. Remove-IPBlockListEntry cmdlet syntax and usage
Syntax
Remove-IPBlockListEntry -Identity IPListEntryId
[-Server ServerId]
Usage
Get-IPBlockListEntry | Where {$_.IPRange -eq '192.168.10.45'} |
Remove-IPBlockListEntry
Get-IPBlockListEntry | Where {$_.IPRange -eq '192.168.10.0/24'} |
Remove-IPBlockListEntry
