Wednesday, October 25, 2006

How to "White List" the Senders to a Distribution Group


I run a jokes list through my home server. I mean really? what is the Internet for? work! buh! Jokes is where it's at!

Unfortunately the email address of the DL got out to our neighbourhood spammers, and now folks are getting more spam than jokes on this list. I had to do something, and I wasn't going to let a spammer force me to change the email address, so I created a whitelist of email addresses that could send to that Distribution list.

Here's how

  1. On the server, click Start, Server Management, and select Distribution Groups

  2. Right-click the group on the right you wish to add a sender white-list to and choose Properties

  3. Switch to the Exchange General tab

  4. Select Only From in the Message Restrictions section, and choose the Add button as many times as neccessary to add all the people who can send from this list.

The cool part here, is you can also add Contact objects into this white list. Since I already had contact objects for each person on my Distribution list, I just added them all in.

Now any email that comes to that Distribution List is checked against that list of email addresses, and rejected with the error:

You do not have permission to send to this recipient. For assistance, contact your system administrator.

(i.e. the sender gets an NDR, and the message is not sent to the DL)

In addition, you can create a Black List by simply inverting the "only from" to "From Everyone Except".

And while I realize this isn't optimal for groups that change frequently, it's perfect for groups that don't.

7 comments:

Anonymous said...

I just read this and I love the concept. One quick question for you though.

I would like to create a DL for my family through my domain, but they all have varying email addresses (msn, gmail, etc...). Is there a way to add to an Exchange DL external recipients?

i.e. family@mydomain.com would be a domain that sends to mom@msn.com; dad@msn.com; brother@gmail.com, etc...

This would also be beneficial to use on my PPC, I could just type in the DL and it would go to my entire family.

Thank you!

Sean Daniel said...

Yep, you just create a contact object for each member of your family in the GAL and then add the contact object into the whitelist.

Let me know if you need more information.

Anonymous said...

I am less familiar with Exchange than I am with other componenets of SBS. Any chance I could get more detail on how to accomplish this?

Thank you.

- Will

Sean Daniel said...

To create a contact object, go to administration tools, active directory users and computers. Then drill down to an OU of your choice (I put all mine in the SBSUsers OU)

Then right-click and choose New/Contact Object. Type in the name you want. then click Modify on email and choose SMTP, type in the email address and then finish the wizard off.

Now you have the active contact object in your GAL. The next time your clients download the GAL, they will get the contact object for them to use.

However, immediately you'll be able to use the contact object in your whitelist as described above.

Good luck!

Anonymous said...

This is awesome!!! Thank you very, very much!!!

(sorry for anonymous - I was just trying to save time)

- WIll

Anonymous said...

I would want to test this because I am not 100% sure it will work with contact objets (thought I dont see why not)

The way I do this for DL's that include actual user accounts is to add the DL itself into the allowed to send list. This way only members can send but you still only maintain the DL membership..

Sean Daniel said...

It does work with contact objects, I'm doing it. :)

How did you add the DL? I didn't see a way to choose DL's from the security group...