RE: Black Listing Connections

  • From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 1 Apr 2005 09:17:33 -0800

I am not sure if Jim will flame away, but I will.


NEVER EVER EVER use a DNSBL to drop a connection.




There is no such thing as a perfect DNSBL or RBL and as such they will all
have some false positives.


They should only be used in a weighting system.


John T

eServices For You


-----Original Message-----
From: Steve Lunn [mailto:Steve.Lunn@xxxxxxxxxxxxxxxx] 
Sent: Friday, April 01, 2005 5:14 AM
To: [ Discussion List]
Subject: [isalist] Black Listing Connections

Good Friday to you all. 

I have a question and I apologise if it's been asked before, but I know Jim
will flame me wither way ;-) 

We are currently running the following config 

              Mail AV Scanner (DMZ) 
Internet        --- ISA 2k --- Exchange 5.5 


We're looking to upgrade to Exchange 2k3, and we've seen the SpamHaus
project ( <> 
as a great way to stop the flood of spam we seem to be getting, however, our
current mail AV scanner 
doesn't support the DNSBL lookups that SpamHaus offers. 

This leaves me with a couple of options 

1) Replace the Mail AV with an Exchange 2k3 FE server with AV software on it
and have that do the DNSBL lookups, 

2) Replace the Mail AV with another Mail AV scanner that does support DNSBL
lookups, or 

3) Get ISA to do the lookup and drop the connection before it even reaches
the AV scanner. 

So finally to my questions: - 

Does ISA 2K or ISA 2k4 have a way of dynamically looking up incoming
connections using the DNSBL method? 

If not, is there a 3rd party app that does? 


"I Live In My Own Little World, But It's Okay, They Know Me There!"


Homeowners Group consists of Homeowners Friendly Society Limited (HFSL),
Registered and Incorporated under the Friendly Societies Act 1992, Reg. No.
964F, Homeowners Investment Fund Managers Limited (HIFML), Reg. No. 3224780,
Homeowners Financial Administration Limited (HFAL), Reg. No. 4301736,
Homeowners Membership Services Limited (HMSL), Reg. No. 3091667 and UK
Friendly Insurance Services Limited (UKFISL), Reg. No. 3088162, all
registered at Hornbeam Park Avenue, Harrogate. HG2  8XE. Tel: 01423 855000

HFSL and HIFML are both authorised and regulated by the Financial Services
Authority (FSA). HFSL's FSA Register no. is 110072, HIFML's FSA Register no.
is 181487. You can check this on the FSA's Register by visiting the FSA's
website or by contacting the FSA on 0845 606

HFAL, HMSL and UKFISL are non-regulated limited companies. 

United Kingdom Civil Service Benefit Society (UKCSBS) and United Kingdom
Armed Forces Benefit Society (UKAFBS) are trading styles of Homeowners
Friendly Society Limited 

This e-mail is intended only for the person named as recipient. The contents
are confidential. If you are not the intended recipient of this e-mail,
please notify us as soon as possible and delete it. If you are not the
intended recipient of the e-mail, any use by you is prohibited.

List Archives:
ISA Server Newsletter:
ISA Server FAQ:
Other Internet Software Marketing Sites:
World of Windows Networking:
Leading Network Software Directory:
No.1 Exchange Server Resource Site:
Windows Security Resource Site:
Network Security Library:
Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts: