Jump to content

How to remove huge amount of blocked IPs from the Mail Security for Microsoft Exchange server


Go to solution Solved by Marcos,

Recommended Posts

Recently, we've seen an increase in spam emails.

To address this, I attempted to block IP addresses listed on https://www.ipdeny.com/ipblocks/. I blocked more than 200,000 IPs from this site, but unfortunately, some of our clients' emails were also blocked as a result.

Considering this, I believe it's best to revert to the previous settings by removing all these IP blocks.

However, the interface only permits the removal of 200 records at a time, which complicates the process.

To mitigate the issue for now, I've implemented a policy via the ESET Administration Center. I recommend cleaning up these settings to avoid confusion among other administrators, which could lead to the accidental disabling of this policy.

Does anyone have a more efficient method to reverse the import of the 200,000 blocked IP records in our Mail Security's local settings?

 

image.thumb.png.8d4c4ee340b0c7414a1484a5990ef050.png

 

 

Link to comment
Share on other sites

  • Administrators

Please raise a support ticket. Most likely there's a problem with communication with ESET's servers or your ESET Mail Security for Exchange is misconfigured if you've been received that much spam.

It is not a good idea to add millions of IP addresses in blacklists which could also affect performance.

Link to comment
Share on other sites

Thanks for the advice. @Marcos. I will raise a support ticket later for the spam. 

I think the first problem to fix is to remove the millions of IP addresses. As you said, this could also affect performance. Do you have an efficient way to do this?

Link to comment
Share on other sites

Thanks for the reply. @M.K. 

The document is not available to download.  Is there any other way for me to get it?

 

image.thumb.png.9d718a9e0c95330012164561ddd4e77b.pngimage.png.74b1b1413be06ad2996b2d53f876601a.png

Link to comment
Share on other sites

  • Administrators

Copy this config into an xml file and import it:

<?xml version="1.0"?>
<ESET>
 <PRODUCT NAME="emsx" VERSION="11.0.10005" EXPORTED_BY_CE="2109.2 (20240213); 2129">
  <ITEM NAME="antispams">
   <ITEM NAME="settings">
    <ITEM NAME="BlockedIPs" DELETE="1">
    </ITEM>
   </ITEM>
  </ITEM>
 </PRODUCT>
</ESET>

 

Link to comment
Share on other sites

Hi @Marcos

 

Thanks for providing the file.

I saved it as a local copy and then imported it. The result shows "Not all input data have been imported", as shown in the picture, and no records have been removed. Do you know what I did wrong?

 

 

image.thumb.png.ffa4afe14ef9d359aed78f315a16581b.png

 

Link to comment
Share on other sites

  • Administrators
  • Solution

A configuration xml can be imported via Setup -> Import/Export settings in the main GUI.

Link to comment
Share on other sites

Thanks @Marcos 

Just a heads-up that the ESET or Exchange server needs to be restarted after the configuration is imported. Otherwise, the UI would show that no IPs are in the blocked list, but the old configuration is still taking effect. 

-----------------------------------

A further question. 

How does the feature of "append a tag to the body of scanned message" work?

Is a tag appended when the email is quarantined or when it is released?

Currently, I have a bunch of emails being quarantined when the "append a tag" feature is enabled.

I would like to release the quarantined emails without having the appended tag.

Are there any solutions?

 

Link to comment
Share on other sites

Hi @Marcos @M.K.

After importing this script, the Blocked IPs are cleaned from the UI.

However, it is still blocked in the background. 

As a result, it turns into a disaster!! 

Emails are blocked because IPs are blocked in the local blacklist, but the local blacklist is empty!!

Need help now! 

 

<?xml version="1.0"?>
<ESET>
 <PRODUCT NAME="emsx" VERSION="11.0.10005" EXPORTED_BY_CE="2109.2 (20240213); 2129">
  <ITEM NAME="antispams">
   <ITEM NAME="settings">
    <ITEM NAME="BlockedIPs" DELETE="1">
    </ITEM>
   </ITEM>
  </ITEM>
 </PRODUCT>
</ESET>

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...