Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Stopping spam at the exchange box 3

Status
Not open for further replies.
max8699

max8699

IS-IT--Management
Nov 14, 2006
236
AU
Hi All,
I know this is not technically an exchange question but i need a solution for stopping(slowing down at least) Spam from getting through at one of our clients sites. I would like to stop it at the server level, due to ease of maintenance, as we look after it remotely most of the time and we would like it free or very Cheap if possible. At the moment we installed GFI mail essentials trial ver which seemed to work ok but the full licenced ver is beyond there budget.
I read a few places about MS MFI any good for what we need?

Many thanks in advance
Regards
Max
 
Sort by date Sort by votes
The Microsoft IMF is a good solution, but it needs to be carefully configured. Here's a good tutorial:


Another solution you might want to look into is paying a 3rd party mailscrubbing server to de-spam your mail before it even gets to your server. Solutions like Exchange Defender and SpamSoap charge something like $3/user/month for their services, which is comparable to an anti-virus subscription. I've used both of those solutions for my clients and they've been VERY effective and after the initial setup, needed very little configuring.

ShackDaddy
Shackelford Consulting
 
Upvote 0 Downvote
IMF, including
Recipient Filtering
Connection Filtering
Sender Filtering
tarpitting

And I'm sure MarkDMac will pipe in with a link to his free IMF utility....

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
 
Upvote 0 Downvote
depends on your budget and volumes of spam

For thousands of spam an hour, if you can't afford a couple of new boxes with a 3rd party filter on, MIMESweeper e.t.c. then maybe an ISP provided service might be sufficent. Will lessen your admin headaches.

Or if the volume isn't that much, and you can stump to a new server, thousands in a day could be handled by a dedicated new box in a DMZ or between your mail server and router/FWall fine, or several servers if the load is higher, and you don't trust the ISP option.

I can't comment on the new stuff in 2007, not tested extensivley yet, but i always did avoid that amount of 'additional' load on your mailbox server.

And avoided it in 2003 and used a 3rd party, but again, that was due to insufficient testing as well, its probably very good, i couldn't say

Get the idea that 2007 filtering is v good, but would need to be on another box anyway with the multiple roles available, that probably shouldn't be all on one box, such as Mailbox, Client Access, Bridgehead, Unified, Edge, e.t.c.

Gurner
 
Upvote 0 Downvote
That would be the Edge server in 2007. The messaging hygiene in that is very good. But, a properly configured IMF can do very well, too.

I still like solutions that are hosted elsewhere. I use & recommend AppRiver ( for a lot of clients. MX points to them. They scrub the messages, and forward to the clients' Exchange box, which is locked down to only accept email from the AppRiver servers. Win-Win situation. They, and others, use dozens of algorithms to check email. And, all that spam doesn't hit your bandwidth.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
 
Upvote 0 Downvote
I ran into this problem as well with budgetary constraints, and ORF (Open Relay Filter) is only $199 I believe for a license (per server), and it did a stand up job of stopping a lot of spam from entering the organization. Hope this helps.

Regards,

Nate
 
Upvote 0 Downvote
Many thanks all. Downloaded IMF appears to be working ok will continue to monitor the results to make sure it's only stopping spam mail.
Regards
Max
 
Upvote 0 Downvote
I would enhance IMF with my free tool.
The tool allows you to see what was captured by IMF and redeliver the false positives. Also allows you to delete the filtered SPAM.

In addition, you will want to configure IMF to automatically get updates so it keeps up with the spammers. You can use my script for that.

Code: 
'==========================================================================
'
' NAME: IMFUpdateEnabler.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' (c) 2006 All Rights Reserved
' DATE  : 5/22/2006
'
' COMMENT: Configures IMF to receive updates via Windows Update
'
'    THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
'    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED To
'    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
'    PARTICULAR PURPOSE.
'
'    IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS 
'    BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
'    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
'    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
'    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
'    OF THIS CODE OR INFORMATION.
'
'    This script and many more can be found in the Admin Script Pack
'    by The Spider's Parlor [URL unfurl="true"]http://www.thespidersparlor.com/vbscript[/URL]
'==========================================================================
keypath ="HKLM\SOFTWARE\Microsoft\Exchange\ContentFilterState"
Set WSHShell = CreateObject("Wscript.Shell")
WshShell.RegWrite keypath, 1, "REG_DWORD"
If Not Err Then
		If Msgbox("In order to complete setup, the SMTP service must be restarted.  OK to restart SMTP?", vbYesNo, "Restart SMTP?") = vbYes Then
		    WSHShell.Run "CMD.EXE /C NET STOP SMTPSVC & NET START SMTPSVC"
		End if
Else
	MsgBox "Sorry A Problem Was Encountered" & vbCrLf & "Make sure you have permission to write to the registry.",,"Something went wrong"
End If	
WScript.Quit

If you have enabled recipient filtering, then you can further reduce SPAM by enabling the Exchange Tarpit feature. The following script I wrote will enable that for you.
Code: 
'==========================================================================
'
' NAME: SMTPTarpit.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 11/1/2006
'
' COMMENT: For details on the SMTP Tarpit feature refer to 
'          MSKB 842851.
'          Configures a 5 second delay in SMTP delivery.  Use this 
'          feature when recipient filtering is enabled in Exchange
'          to prevent directory harvesting.
'
'    THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
'    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED To
'    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
'    PARTICULAR PURPOSE.
'
'    IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS 
'    BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
'    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
'    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
'    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
'    OF THIS CODE OR INFORMATION.
'==========================================================================

On Error Resume Next
Dim path
Set WSHShell = Wscript.CreateObject("WScript.Shell")
path = "HKLM\SYSTEM\CurrentControlSet\Services\SMTPSVC\Parameters\"
WSHShell.RegWrite path & "TarpitTime","5","REG_DWORD"
'to undo what this script has done, comment out the above line and uncomment the following
'WSHShell.RegWrite path & "TarpitTime","0","REG_DWORD"

If Not Err Then
		If Msgbox("In order to complete setup, the SMTP service must be restarted.  OK to restart SMTP?", vbYesNo, "Restart SMTP?") = vbYes Then
		    WSHShell.Run "CMD.EXE /C NET STOP SMTPSVC & NET START SMTPSVC"
		End if
Else
	MsgBox "Sorry A Problem Was Encountered" & vbCrLf & "Make sure you have permission to write to the registry.",,"Error in SMTP Tarpit Configuration"
End If

One final suggestion is that you will want to periodically clean up the BadMail and UCEArchive folders. Anything in there that is over 30 days old will propbably not be missed. The following script, when run on a schedule each day will clean up those folders by deleting anything older than 30 days.
Code: 
'==========================================================================
'
' NAME: CleanBadMail.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL   : [URL unfurl="true"]http://www.thespidersparlor.com[/URL]	
' COPYRIGHT (c) 2003 All rights reserved
' DATE  : 09/10/2003
'
' COMMENT: 
'
' This script will list all filtered and quarantined SPAM mail, check that 
' the files are more than 30 days old and then delete them.
' This file is to be scheduled to run each day.
'
'    THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
'    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED To
'    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
'    PARTICULAR PURPOSE.
'
'    IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS 
'    BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
'    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
'    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
'    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
'    OF THIS CODE OR INFORMATION.
'=====================================

Path1 = "E:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail"
Path2 = "E:\Program Files\Exchsrvr\Mailroot\vsi 1\UceArchive"
'This third path is not used unless you modify the script below
Path3 = "E:\Program Files\Quarantine"

Dim fso 
Dim oFolder
Dim oFile
Dim oSubFolder

  Set fso = createobject("Scripting.FileSystemObject")
  
   Set oFolder = fso.GetFolder(Path1)
  
  For Each oFile In oFolder.files
   	If DateDiff("d", oFile.DateCreated,Now) > 30 Then
    	oFile.Delete True
    End If
  Next


Set oFolder = fso.GetFolder(Path2)
  For Each oFile In oFolder.files
   	If DateDiff("d", oFile.DateCreated,Now) > 30 Then
    	oFile.Delete True
    End If
  Next

Set oFolder = Nothing

'The script will stop running here.  
'Remove the next line if you need to delete subdirectories from a given path.
Wscript.Quit

'If you need to delete sub folders instead of files from a directory, the below code will do that for you.
Set oFolder = fso.GetFolder(Path3)
Set colSubfolders = oFolder.Subfolders

For Each oSubfolder in colSubfolders
   	If DateDiff("d", oSubFolder.DateCreated,Now) > 30 Then
		fso.DeleteFolder(oSubFolder)
	End If
Next

Set oSubFolder = Nothing
Set oFolder = Nothing
Set fso = Nothing

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
Keep in mind, too, that once you install SP1, the badmail folder shouldn't fill up any more unless you've specifically configured it to (see
Microsoft has a tool as well, that's available at
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
 
Upvote 0 Downvote
Again Many thanks guys. Have setup IMF to update and have set it to send all mail it thinks is spam to a folder where i can easly check it to see if it is only catching spam. So far so good. (They get a huge amount of mail offering cheap medical pills of any kind and enhanchments.)

For Markdmac: thanks for all the scripts, how and where do i install your scripts.
Sorry if that sounds like a simple question.
Regards
Max
 
Upvote 0 Downvote
Max,
Copy the script to clipboard. Open notepad, save as <filename>.vbs. Double click the file to run it.
 
Upvote 0 Downvote
The Tarpit and IMFUpdater scripts are designed for one time run, as posted above just save them to a text file in notepad with a VBS extension and double click to run them.

The CleanBadMail.vbs script should be saved to a local folder on the server and can be scheduled to run daily via Task Scheduler or the AT command. When scheduling via AT, you need to include the script engine in the command, so something like cscript.exe c:\scripts\cleanbadmail.vbs

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
Mark, I like your free tool for IMF. Works good..

Don't suppose you ever thought about adding a whitelist to it have ya? [ponder]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
2K
PatrickRoggers
PatrickRoggers
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
2K
DrB0b
DrB0b
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
2K
ComputersUnlimited
ComputersUnlimited
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove &quot;✉&quot; icon when it appears in a subject title from a supplier
Replies
0
Views
2K
Brent Fletcher
Brent Fletcher
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
2K
Wesaf
Wesaf

Part and Inventory Search

Sponsor

Back
Top