DNSBL - email block list

A DNS-based Blackhole List (DNSBL, also known as Real-time Blackhole List or RBL), is a means by which an Internet site may publish a list of IP addresses, in a format which can be easily queried by computer programs on the Internet. As the name suggests, the technology is built on top of the Internet DNS or Domain Name System. DNSBLs are chiefly used to publish lists of addresses linked to spamming. Most mail transport agent (mail server) software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists.

How Block List Providers Match Offending IP Addresses

After you set up your connection filter, when an e-mail message is sent to your organization, Exchange contacts the block list provider. The provider checks for the existence of an A (host) record in its DNS. Exchange queries for this information in a specific format. For example, if the connecting address is 192.168.5.1, and the block list provider's organization is contoso.org, then Exchange queries for the existence of the following record:

;. IN A 127. 0.0.x

which, in this case, is:

1.5.168.192..RBLprovider.org

If this IP address is found on the provider's list, the provider returns a 127.0.0.x status code that indicates an offending IP address and the type of offense. All block list providers return a response code of 127.0.0.x, where x indicates the type of offense. This number varies, depending on the block list provider.

Although few people object to the principle that mail-receiving sites should be able to reject undesired mail systematically, many have voiced objections to specific DNSBLs for the following reason:

For Joe Blow to refuse emails is legal (though it's bad policy, akin to "shooting the messenger"). But if Joe and ten million friends all gang up to make a blacklist, they are exercising illegal monopoly power.

Tips:

• After a filter is defined, it will not take effect until it's applied to a smtp virtual server
• Recipient filtering rules apply only to anonymous connections. Authenticated users and Exchange servers by pass these validations
• Likewise, connection filters apply only to external connections. Connections made by Exchange servers within the same organization will not be affected.

NetBIOS name resource types

Name	Number(h)	Type	Usage
	00	U	Workstation service
	01	U	Messenger service
	01	G	Master Browser
	03	U	Messenger service
	06	U	Remote Access Server service
	1F	U	NetDDE service
	20	U	File Server service
	21	U	Remote Access Server client service
	22	U	Exchange Interchange (MSMail Connector)
	23	U	Exchange Store
	24	U	Exchange Directory
	30	U	Modem Sharing Server service
	31	U	Modem Sharing client service
	43	U	SMS Clients Remote Control
	44	U	SMS Administrators Remote Control Tool
	45	U	SMS Clients Remote Chat
	46	U	SMS Clients Remote Transfer
	87	U	Microsoft Exchange MTA
	6A	U	Microsoft Exchange IMC
	BE	U	Network Monitor Agent
	BF	U	Network Monitor Application
	03	U	Messenger service
	00	G	Domain Name
	1B	U	Domain Master Browser
	1C	G	Domain Controllers
	1D	U	Master Browser
	1E	G	Browser Service Elections
	1C	G	IIS
	00	U	IIS

Network issues that affect TCP/IP and RPC traffic across firewall or VPN after Windows 2003 SP1

After you install Windows Server 2003 Service Pack 1 (SP1), you may
experience issues that affect server-to-server communication for TCP/IP
traffic or remote procedure call (RPC) traffic across firewall or
virtual private network (VPN) products in rare and specific network
configurations.

Before carrying any troubleshooting, check the following KBs:

Q899148 Some firewalls may reject network traffic that originates from
Windows Server 2003 Service Pack 1-based computers
Q898060 Installing security update MS05-019 or Windows Server 2003
Service Pack 1 may cause network connectivity between clients and
servers to fail