/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsReams and gigabytes have been spent on tackling spam, one of the most intrusive and irritating form of advertising. We will also spend two pages on it. But, our focus will be on controlling spam on MS Exchange 2003 servers.
Remote Black List
There are different ways in which you can set up anti-spam filters for Exchange 2003. The first of these is using what is known as an RBL (Remote Black List). This is a standard list of blacklisted e-mail senders, addresses, IP addresses and domains from which UCEs are known to originate. (Microsoft terms spam as UCE or Unsolicited Commercial Email). These types of lists are provided by many and are available on the Internet and most of them are free. You can easily use these lists to block all mail that originates from the blacklisted entries.
To do this on Exchange 2003, you need to configure a few settings. First, go to Exchange System Manager>Global Settings>Message Delivery>Properties>Connection Filtering. This is the
place where you add the RBL addresses. Click on Add to open a new dialog box.
|
In this new box, enter a descriptive Rule Name and then the DNS suffix of the RBL provider. You can find many such providers by Googling for them, but here are a few for your convenience: relays.ordb.org, relays.visi.com and blackholes.wirehub.net. Add at least three to four RBL entries, which get processed sequentially. The Return Status Code button lets you configure each entry. However, we recommend that you let the default 'Match Filter To Any Return Code' be the one selected.
You can also set a message to be sent to the sender of the e-mail. By default (when the textbox is left blank), the message that goes is '
%0: Sender's IP Address
%1: Connection filter's Rule Name
%2: RBL Provider DNS
For instance, you can create text such as 'The email you sent from %0 has been blacklisted at %2, and filtered out by rule %1 on our Exchange server'.
|
/pcq/media/post_attachments/e4545119831c6e748192789871d3e254b320dff730d6878674fd8595341971f8.jpg)
Finally, you must enable the Connection filter for the Exchange Server's SMTP service. To do this, in System Manager, go to Servers>Server Name>Protocols>SMTP>Properties>General >Advanced. Select the IP address of the SMTP server and click on 'Edit'. Turn on 'Apply Connection Filter' and continue. You must restart
the SMTP server once you have done this.
Intelligent Message filter
Microsoft recently released a tool called the IMF (Intelligent Message Filter). This tool is a free add-on for Exchange 2003 servers that allows you greater control over UCE on your server.
Microsoft Research developed IMF using a technology called Smart Screen. This technology was created after analyzing millions of e-mail messages to tens of thousands of users of Microsoft online services, such as Hotmail and MSN. Volunteers and partners provided Microsoft with details about what individuals consider as spam and what constitutes legitimate e-mail. Based on this large sample, the IMF was built, which recognizes mail as being legitimate or
UCE.
The add-on needs to be installed and configured on an Exchange 2003 server that first receives e-mail from outside. The IMF then analyzes the incoming mail and assigns it a probability rating of being a UCE. This rating is stored back into the message as a property called SCL (Spam Confidence Level). The higher the SCL, the greater the chance that it is a UCE and, therefore, the need to be handled as spam by the server.
When using the IMF, there are a few things that happen. Every message that comes to the server undergoes a few tests. These tests range from standard filters to user-defined ones such as White and Black Lists. In case a message is coming from an e-mail address or domain that a particular user on the system has set as 'allowed', no further processing is done, and the mail is delivered into that user's mailbox. On the other hand, if the user has 'blacklisted' the address or domain, the mail is directly sent to the Junk mail folder in his mail store.
|
/pcq/media/post_attachments/b7db99e8c029802c62d6fd0a928f9fcd5bf391f68b4184f74062e1f3b892bc88.jpg)
If the mail does not fall under these categories, the IMF does an analysis of the incoming mail by running it through the rules it has and assigns an SCL to it. The SCL is then compared to what is known as the Gateway Threshold. In case the SCL for the message is greater than the threshold level, a defined action (such as 'reject') is performed.
In case the mail passes the Gateway Threshold, it is sent to the Exchange server where the recipient user's mailbox is. Here the server again checks the SCL and compares it to the Store Threshold. If the SCL is lower than the Store Threshold, the message is finally delivered into the user's Inbox. However, if it is greater than the threshold, the mail is sent to the user's Junk mail folder.
You can download and run the installer (available at Microsoft. com) that guides you through the installation. Once installed, open System Manager and go to Servers >Server Name >Protocols>SMTP>Intelligent Message Filter>Properties. Make sure the IMF is enabled for your SMTP service.
|
/pcq/media/post_attachments/787fedd9636d61badffb62d5b6e5315695bdbd8841f27c0db750e77246ffc3a4.jpg)
Next, go to Global Settings> Message Delivery>Properties>Intelligent Message Filtering. This is the place where you can configure the thresholds for the Gateway and the store, as well as the action to perform when the message is deemed invalid. Simply select the SCL number (a higher one for the gateway and lower one for the store). Also inform the IMF whether you wish the spam mail found at the Gateway to be archived, deleted, rejected or simply passed on. In case you do select Archive, an excellent application called the IMF Archive Manager is available at
www.gotdotnet.com/
Community/Workspaces, which lets you view the message stored in the archive (default location of \Program Files\exchsvr\ mailroot\vsi 1\UceArchive).
Vinod Unny
Enterprise InfoTech