How to configure the Exchange RBL Filter in GravityZone
Bitdefender GravityZone provides full visibility into organizations' overall security posture, global security threats, and control over its security services that protect virtual or physical desktops, servers and mobile devices. All Bitdefender's Enterprise Security solutions are managed within the GravityZone through a single console, Control Center, that provides control, reporting, and alerting services for various roles within the organization.
The RBL Filter uses the DNSBL protocol and RBL servers to filter spam based on mail server's reputation as spam sender. The filter checks the sender IP from the email headers against the configured RBL servers, one at a time. If the sender IP is listed by an RBL server, a spam score equal to the RBL server’s assigned confidence level is added to the email. If the spam score is 100 or higher, the email is automatically classified as spam, without further processing. If the spam score is less than 100 after all RBL checks have been performed, it is finally compared against an internal threshold set by the aggressivity setting. If the score exceeds the threshold, the email is automatically classified as spam, without further processing.
Configuring the RBL filter
In order to configure the RBL Filter you need to perform the following actions:
1. Open the policy that is currently running on the Exchange Server -> Exchange Protection -> Antispam.
2. Select the Antispam filtering check box.
3. Click the Settings button, from the upper-middle part of the screen.
4. In the Antispam Filtering Settings window, add the RBL servers that you want to use and an associated confidence level. Consider the following best practices:
- Assign a confidence level of 100 to RBL servers with a high reputation or which you fully trust (e.g. have a low rate of false positives). If a sender’s IP is listed by one such server, the email is automatically detected as spam.
- If you are not sure how reliable some RBL servers are, you can try a multi-match approach – that is, configure the confidence level so as to detect an email as spam only if the sender IP is listed by at least two RBL servers. To this purpose, you should assign a confidence level of 50.
zen.spamhaus.org <> 80
cbl.abuseat.org <> 75
bl.spamcop.net <> 50
dnsbl.sorbs.net <> 50
For details on additional RBL servers, check this Wikipedia page.
The above example is for demonstration purposes only.