Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Add realtime spam protection to your Exchange 2003 4

Status
Not open for further replies.
If you're looking to purchase an Anti-Spam solution, I use GFI's MailEssentials. After about a week or two, I calculate it's effectiveness at about 98%.

I have Symantec Antivirus Corporate Edition on all my workstations and servers and also use GFI's MailSecurity for additional antivirus protection.

The GFI MailSecurity/MailEssentials bundle for 250 users and 1 year support is less than $3k, a pretty good deal.



MCSE CCNA CCDA
 
Wow, 11 is a TON of RBLs to use, in my opinion. Keep in mind that every time your server gets an inbound connection, it is going to kick off (up to) 11 DNS lookups to check the RBLs. On a busy server or slow pipe this can drag things to a trickle when those RBLs are slow to respond (and they frequently are under heavy load).

I used to use one of those gateway SMTP appliance things that would allow you to do a quick "stat spam" from the console and see how effective each RBL is. This allowed me to shuffle things around, put our most effective RBL entries first, and eliminate those that weren't doing much. I've never used more than 5 or 6 entries.

I'm wondering at what point in the SMTP transmission process Exchange performs the lookups, since it allows whitelisting? It has to be after the MAIL TO but hopefully before the data portion begins.
 
On top of our use of the SpamCure engine which blocks most of the Spam we detect... (with NO false positives)

I've added:
sbl-xbl.spamhaus.org (Low false positives)
bl.spamcop.net (Low false positives)
dnsbl.sorbs.net (High false positives - CRAP)
combined.njabl.org (High false positives - CRAP)
relays.ordb.org (Sod all detected! - CRAP)

I'm not confident enough to delete emails found on even spamhaus or spamcop, but will be turning them from Log only to Identify by prefixing the subject line.
 
Thanks, Nick!

danny
 
Wow thanks guys for such great replies! This helps a great many rid spam.. ---


--------
Jason Burton
Leximedia,LLC.
jab@leximedia.net
(im confident with my spam fighting solution)
 
We make extensive use of Microsoft's IMF. The main problem with it is you don't know what you are missing and there is no way to grab back what it has caught if it is a false positive.

Daryl Maunder from Australia came up with a nice web solution. I've done a lot of tweaking to his code to make it flow a little better. You can download my altered version from here:


Depending on the amount of SPAM you are catching, the ASP code can time out if there are roughly over 6K messages to enumerate. For many of my customers we have set a retention rate of 5 days for SPAM using a script I wrote to delete any SPAM older than the 5 days. That keeps the number of messages at a manageable level.

I do have a few more enhancements planned but figured folks might like to get this version for testing now. I welcome feedback on it. Daryl has made his code available but does not support it or wish for enhancement requests. I welcome them as any fresh ideas will help me to offer a better solution to my customers.

I hope you find this post helpful.

Regards,

Mark
 
In case anyone followed the above link since I posted it, just wanted to let all know I made some new modifications and have just finished testing so I have updated the zip file. Enjoy.



I hope you find this post helpful.

Regards,

Mark
 
Thank you, Mark!
 
I don't have time to upload to my site at the moment but I will have a new update again to my zip file, found a few strange navigation problems yesterday when deleting the spam from the view window that I fixed. File should get updated some time tonight.

I hope you find this post helpful.

Regards,

Mark
 
Jason, thanks for starting a great post. It has been a great tool in the rollout process of my new Exch2003 server.

I have a ? regarding RBL.....

What happens to the mail that is received from a entry on the BlackList? Does it go to a folder and get deleted after so many days. The reason I ask is, what happens if I have legit email that is being blocked... how might I forward those onto the respecive recipients?



Mark C.
Network Admin - Digital Draw Network
 
Hi,

The RBL "Blacklisted" Posts get denied. (550 response.)

You may wish to use SMTP Logging solutions ie. An SQL Stored Procedure that goes through the SMTP Logging table and gets only 550 responses to determine what legit or spam email is being blocked.

I do this to determine who's being blocked.. And have great success.

Thanks for the question.. Good one!



--------
Jason Burton
Leximedia,LLC.
jab@leximedia.net
(im confident with my spam fighting solution)
 
FYI another update posted to my IMF management pages.

I hope you find this post helpful.

Regards,

Mark
 
Status
Not open for further replies.

Similar threads

T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
967
DrB0b
DrB0b
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
1K
PatrickRoggers
PatrickRoggers
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
1K
ComputersUnlimited
ComputersUnlimited
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
1K
Wesaf
Wesaf

Part and Inventory Search

Sponsor

Back
Top