Friday, October 29, 2004

Layers of Spam protection

If you aren't already running the Exchange Intelligent Message Filter you should get on it. It strips about 10-15 messages from my inbox a day! This message filter isn't rule based, so it doesn't require updates as much as some rule based spam filters.

But like security, it's always good to have layers. Why not have 2 spam filters?

I also use a public RBL site (spamcop.net, there are more but this is the one I chose) to reverse look-up spammers and strip even more spam from my system.

When do you this, keep in mind tha the IMF will happen first, then this filter, so your IMF spam folder might contain messages that are on known spam lists, but that's a good thing right?

Here's how to configure it:

  1. In Server Management, expand Advanced Management, First Organization (Exchange) and Global Settings

  2. Right-click Message Delivery and choose Properties

  3. Since we're going to spam filter on connection, change to the Connection Filter tab to add the RBL info

  4. Click Add... to add a new filter

  5. In Display Name type the name of the filter so you can recognize it (It also appears in a default NDR message shown later in this bullet), like SpamCop. In the DNS Suffix of Provider is where you do your leg work to find the RBL sites DNS suffix, for example, spamcop.net's suffix is bl.spamcop.net, so I added this in there. In the final field Custom Error Message to Return I leave blank since it will return an email in the form of {Sender IP Address} has been blocked by {Display Name}.... I do not use the Return Status Code

  6. Now we've created filter, we need to tell Exchange to use it. Drill down into Servers, {Servername}, Protocols, SMTP and right-click on Default SMTP Virtual Server and select Properties

  7. On the General tab, choose Advanced

  8. Highlight All Unassigned and choose Edit

  9. Check the box Apply Connection Filter, and click OK until you're back to Server Management

That's all there is to it, Exchange will now check each message against spamcop.net to not let it into your inbox if spamcop knows the sender as a spammer.

Two layers is better than one!

Note: instructions provided by Chris Ard. Also, don't forget to donate to spam.cop if you like their service!

4 comments:

Anonymous said...

It's great hearing about the ways to filter spam without purchasing expensive 3rd party products.

IMF and RBL's are excellent - however the single best thing I've found for spam filtering is greylisting.

I've looked around but have only found one Windows-Based greylisting tool and it's commercial.

Of course I can do it for free by using a Linux + Postfix Mail Bastion - but I'd like to know if there is a way to do this directly on the Exchange Server.

Heard of anything?

Anonymous said...

Sean!
you should ammend this post with your configuration settings for the IMF filter. i'm assuming that the default values are sufficient!

D.

Anonymous said...

New link to info and download...
http://technet.microsoft.com/en-us/exchange/bb288484.aspx

Private Labeling said...

You really made a well posted article having a useful information about BlogEngine.Net and these really helps me to solve my problem about my blog and on what type of blogengine I will b going to use on it. Thank you so much!