A popular question on Exchange and Outlook forums is how to block email originating from specific countries. It is possible in both Microsoft Outlook and Microsoft Exchange, with varying degrees of success.
Blocking email by country or region in Exchange Server
IP addresses are allocated by geographical regions. It is possible to use Connection Filtering to reject SMTP connections from IP addresses belonging to regions form where there may simply be no valid business reason to accept messages. Rather than manually entering IP addresses to blacklist, there are DNSBLs that will return status codes by country based on the IP address provided. For DNSBLs, status codes are used to outline the type of offense an IP address has committed by being present in their database.
DNSBL status codes range from 127.0.0.2 through 127.0.0.254. That range is suitable to assign a single status code to each country.
For example, if we say there is no reason to accept email from North Korea we can use Connection Filtering to drop those connections. The ISO country code for North Korea is KP. On the legend provided by a DNSBL an email originating from an IP address in North Korea would return a status code of 127.0.0.125.
In Exchange Server 2003, we configure Connection Filtering using a DNSBL in two places. First in Exchange System Manager we access the Connection Filtering tab in the Properties of the Message Delivery object under Global Settings. Here we select the Add button under Block List configuration. After entering a display name and DNS address for the DNSBL, we can select the Return Status Code button to enter the value for KP (as show in this screenshot). Selecting OK three times to update the configuration. There may be a warning about the second place to configure connection filtering. Connection Filtering also has to be enabled on the SMTP virtual server it is to run on.
Screenshot of the Exchange System Manger Connection Filter dialog