One easy way to make a huge dent in the amount of spam your Exchange organization receives is to configure the IP Block List Providers anti-spam agent.  This component checks senders against known databases of spammers, infected computers and open relays.  Also known as real-time block lists (RBL), they are provided by a number of non-profit and for profit companies.  From my experience I like using the free block lists provided by:

• SpamHaus – zen.spamhaus.org
• SpamCop – bl.spamcop.net
• Surriel – psbl.surriel.com
• SORBS – dnsbl.sorbs.net

Adding the IP Block List provider to Exchange is very simple, just open up the Exchange Management Shell and run the command below:

Add-IPBlockListProvider -Name SpamHaus -LookupDomain zen.spamhaus.org -AnyMatch $True -Enabled $True -RejectionResponse “Your IP is on the spamhaus.org block list“

For other block list providers just modify the Name, LookupDomain and RejectionRespose.

After you add a IP block list provider you can run get-ipblocklistprovider to list all installed.  If you want to delete a provider run Remove-IPBlockListProvider -identity <name> and hit enter.

Some IP Block List providers have test addresses that allow you to see if your block list is working.  For SpamHaus Zen just send an e-mail to nelson-sbl-test@crynwr.com and you will get the results back via e-mail in a few minutes.

Check Performance of IP Block Lists (RBL)

The IP Block List Providers feature of the Anti-spam agents in Exchange 2007 is a valuable tool to cut down on spam from known senders.  The sucess of the feature depends on the block list providers that you use so how can you determine if they are actually catching spam?  Just open up the Exchange Management Shell and navigate to the scripts folder within your Exchange Server install (e.g. C:\Program Files\Microsoft\Exchange Server\Scripts\).  Then type in Get-AntispamTopRBLProviders.ps1 and hit Enter.

It can take a while to process but once completed you will see a list of each block list provider and the number of messages it blocked.

To fine tune the results you can use the -StartDate and -EndDate parameters.