Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SQUASHING SPAM ON EXCHANGE SERVER 1

Status
Not open for further replies.

bphlat

IS-IT--Management
Jul 10, 2006
15
US
If you aren't already running the Exchange Intelligent Message Filter you should get on it. This message filter isn't rule based, so it doesn't require updates as much as some rule based spam filters.

But like security, it's always good to have layers. Why not have 2 spam filters?

Also use a public RBL site (spamcop.net, there are more but this is the one I chose) to reverse look-up spammers and strip even more spam from my system.

When do you this, keep in mind tha the IMF will happen first, then this filter, so your IMF spam folder might contain messages that are on known spam lists, but that's a good thing right?

Here's how to configure it:

1.) In Server Management, expand Advanced Management, First Organization (Exchange) and Global Settings

2.) Right-click Message Delivery and choose Properties

3.) Since we're going to spam filter on connection, change to the Connection Filter tab to add the RBL info

4.) Click Add... to add a new filter

5.) In Display Name type the name of the filter so you can recognize it (It also appears in a default NDR message shown later in this bullet), like SpamCop. In the DNS Suffix of Provider is where you do your leg work to find the RBL sites DNS suffix, for example, spamcop.net's suffix is bl.spamcop.net, so I added this in there. In the final field Custom Error Message to Return I leave blank since it will return an email in the form of {Sender IP Address} has been blocked by {Display Name}.... I do not use the Return Status Code

6.) Now we've created filter, we need to tell Exchange to use it.

7.) Drill down into Servers, {Servername}, Protocols, SMTP and right-click on Default SMTP Virtual Server and select Properties

8.) On the General tab, choose Advanced

9.) Highlight All Unassigned and choose Edit

10.) Check the box Apply Connection Filter, and click OK until you're back to Server Management

That's all there is to it, Exchange will now check each message against spamcop.net to not let it into your inbox if spamcop knows the sender as a spammer.

Two layers is better than one!
 
Great post!

I love the IMF feature. Work's great. However, for a little added SPAM squashing, check out Exchange 2007 Edge Transport Role.

The 2007 feature gives you the ability to block messages that contain keywords and phrases. SWEET!! You don't even have to upgrade your internal machines from 5.5, 2000, or 2003. The Exchange 2007 machine acts as nothing more than a relay.

I've had it up and going now for a couple months, the SPAM our company receives in their inboxes has dropped to nearly none (a few newer style messages squeak through, but only once).
 
You lose some features by not having Exchange 2007 on the inside, though.

You have it running on a 64 bit box, eh?

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
 
Negative.. Running beta 2. I've got the full version but just haven't got around to getting a 64bit machine ordered. The beta, just as an Edge, runs very well on just a Celeron box with only 352MB of RAM. [thumbsup2]
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top