Configuring DQS on Microsoft Exchange
This details how to use Data Query Service (DQS) with Microsoft Exchange, configuring it to reject at the SMTP level.
These instructions apply only to Exchange 2010 and above.
Exchange only provides support for DNSBL lookups against the connecting IP, so that’s all you can do from it; anything else needs to be demanded to an external filtering software.
Conventions
When you see the word
your_DQS_keyyou need to replace it with your actual DQS key. Failing to do so will prevent you from successfully querying the DQS.
For example, assuming your key is aip7yig6sahg6ehsohn5shco3z, the following line:
your_DQS_key.zen.dq.spamhaus.net
will become:
aip7yig6sahg6ehsohn5shco3z.zen.dq.spamhaus.net
Configuration
Run an Exchange Powershell with administrator privileges and then type the following:
add-IPBlockListProvider -Name 'Spamhaus ZEN' -LookupDomain 'your_DQS_key.zen.dq.spamhaus.net' -Enabled $true -BitmaskMatch $null -IPAddressesMatch '127.0.0.2','127.0.0.3','127.0.0.4','127.0.0.9','127.0.0.10','127.0.0.11' -Priority '1' -AnyMatch $false -RejectionResponse 'Connecting IP address {0} has been blocked by Spamhaus ZEN. See http://www.spamhaus.org/query/bl?ip={0} for further details.'