StevensNet.com

...Because someone's gotta tell the story...

Blogs

To return to the main Blog List, click Full Blog Listing.

Tags

PowerShell
Technical
Visual Basic

Exchange 2007 and Spam Filtering

Wednesday, February 13, 2008 in Technical Articles (Views: 2888)
Exchange 2007 admittedly is one of the best upgrades in the cosmetic sense for Microsoft. Outlook Web Access looks great, it's companion client, Outlook 2007 is much improved, the Exchange Management Console is even more clear and easier to use. I even give them extra credit for Powershell, for those of us who still believe the command line takes the cake...

However, spam filtering can leave a lot to be desired. The IMF (Intelligent Message Filter), introduced in Exchange 2003, was a free add-on to be able to interpret and remove spam. Messages would be broken down by a SCL (Spam Confidence Level) from 0-9, 0 being clean and 9 being definately spam.

Two things I have learned about the IMF that can cause problems...

1. Installing a third party tool for testing can break the IMF (if you remove and no longer use it). A permission is added to Exchange Content Filtering for "Partners". This permission would for one need to be removed.

2. It's hard to really tell where spam lives, since spammers are constantly reinventing themselves not to get caught...

In the struggles we have had running our own web, mail, and security at home trying to keep up with the growing issues, I have found a few things that will help keep your sanity:

1. Keep an eye on your spam logs... The logs by default are at c:\program files\microsoft\exchange server\transportroles\logs\agentlog. The files you are looking for are dated (and numbered if you process a lot of messages and are comma delimited). I have written a quick tool in VB that parses this log for any messages quarantined or rejected and e-mail it to each user daily.

2. Make sure to keep up to date on the anti-spam updates (this should be a no-brainer)...

3. Setting the quarantine level at 5 pretty much catches all spam, although I've learned that it does get some legit mail. Monster's daily agent mail has been trapped by this SCL (as a level 5). However, setting it to 6 will allow a lot of spam through.

Unfortunately spam filtering is an art, not a science. But, a little patience and sanity will go a long ways in the fight... If you can afford third party tools, go ahead, but for the rest of us, we'll just have to stick to using what Microsoft adds to the server package.

 

Related Blogs You May Be Interested In:


To leave a comment, please log in and/or register.