Connection filtering: adding Spam blacklist filtering 2

[casperdacat]

Hey,

I'm kinda new to Exchange and recently added spam filtering based on spam blacklists. Configuring was no problem but I was wondering: does this make sense as I'm using an smtp relay host in my DMZ for incoming mail? Will my Exchange box recognize the sender's server or will it only see the smtp relay as sender? Is there any way to check if the connection filtering is actually working?

Thanks,
Frederik

 

[markdmac]

Use IMF, it will strip out more for you. IMF management is a little lacking, you can use my free solution for management.

http://www.thespidersparlor.com/downloads/imfspam.zip

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

 

[WhoKilledKenny]

I agree with Mark, IMF is limited. To answer your question about verifying if connection filter via a block list is working...
Setup exchange to send your NDR notifications to your email account. When you start recieving NDRs, thet will state something to the fact that the sender does not have permissions to send. The NDR message will have documented which block list caught the SPAM, like this message was sent by spamcop.com.

And yes... your filter will work on your exchange virtual SMTP Connector even with a gateway server like IIS.

So make sure your block list is setup in the message delivery properties and that you enable the filter (check box) on your Virtual SMTP connector in Exchange.

 

[casperdacat]

Thanks for your advice. I'll install SP2, check out IMF and Mark's management tool and enable NDR notifications.

Frederik

 

[markdmac]

When implementing IMF, be sure you turn on the auto update for IMF updates. By default IMF will not get updated by Windows Update.

'==========================================================================
'
' NAME: IMFUpdateEnabler.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' (c) 2006 All Rights Reserved
' DATE  : 5/22/2006
'
' COMMENT: Configures IMF to receive updates via Windows Update
'
'    THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
'    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED To
'    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
'    PARTICULAR PURPOSE.
'
'    IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS 
'    BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
'    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
'    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
'    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
'    OF THIS CODE OR INFORMATION.
'
'    This script and many more can be found in the Admin Script Pack
'    by The Spider's Parlor [URL unfurl="true"]http://www.thespidersparlor.com/vbscript[/URL]
'==========================================================================
keypath ="HKLM\SOFTWARE\Microsoft\Exchange\ContentFilterState"
Set WSHShell = CreateObject("Wscript.Shell")
WshShell.RegWrite keypath, 1, "REG_DWORD"
If Not Err Then
		If Msgbox("In order to complete setup, the SMTP service must be restarted.  OK to restart SMTP?", vbYesNo, "Restart SMTP?") = vbYes Then
		    WSHShell.Run "CMD.EXE /C NET STOP SMTPSVC & NET START SMTPSVC"
		End if
Else
	MsgBox "Sorry A Problem Was Encountered" & vbCrLf & "Make sure you have permission to write to the registry.",,"Something went wrong"
End If	
WScript.Quit

In addition to that, enable the Exchange SMTP Tarpitting feature to prevent more SPAM from getting in.

In Exchange turn on Recipient Filtering then enable the Tarpit.

'==========================================================================
'
' NAME: SMTPTarpit.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 11/1/2006
'
' COMMENT: For details on the SMTP Tarpit feature refer to 
'          MSKB 842851.
'          Configures a 5 second delay in SMTP delivery.  Use this 
'          feature when recipient filtering is enabled in Exchange
'          to prevent directory harvesting.
'
'    THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
'    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED To
'    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
'    PARTICULAR PURPOSE.
'
'    IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS 
'    BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
'    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
'    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
'    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
'    OF THIS CODE OR INFORMATION.
'==========================================================================

On Error Resume Next
Dim path
Set WSHShell = Wscript.CreateObject("WScript.Shell")
path = "HKLM\SYSTEM\CurrentControlSet\Services\SMTPSVC\Parameters\"
WSHShell.RegWrite path & "TarpitTime","5","REG_DWORD"
'to undo what this script has done, comment out the above line and uncomment the following
'WSHShell.RegWrite path & "TarpitTime","0","REG_DWORD"

If Not Err Then
		If Msgbox("In order to complete setup, the SMTP service must be restarted.  OK to restart SMTP?", vbYesNo, "Restart SMTP?") = vbYes Then
		    WSHShell.Run "CMD.EXE /C NET STOP SMTPSVC & NET START SMTPSVC"
		End if
Else
	MsgBox "Sorry A Problem Was Encountered" & vbCrLf & "Make sure you have permission to write to the registry.",,"Error in SMTP Tarpit Configuration"
End If

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript