Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   

Using Exchange Server components to fight SPAM

Page 1 | Page 2 | Page 3 | Page 4 | Page 5

Conclusion

While it is impossible to filter out all spam with the attached script you can greatly reduce the about of spam received by your user community.  I have hosted e-mail for friends, relatives, and a few small businesses for years and after install my custom spam filter my users saw a VERY drastic reduction in spam.  In the three months before I installed this spam filter I received over 1,800 spam messages, which is about 23/day.  With the spam filter installed I am now getting less then 8 spam messages a day, on average.  With the help of IHateSpam, which can be purchased from Sunbelt software, the number of spam message I see in my Inbox is less then one or two a day.  With IHateSpam?s help I was also able to create a list of over 1,100 spam host in a day by pointing a script, to be covered in Part 2, at the folder where it moves all of the spam messages to.  After one week of having the spam filter installed I now have over 1,400 spam host listed in the AD.

With this simple solution you can quickly, for only the cost of your time, look like a hero to your user community by cutting the spam they receive drastically.

Download the Code
(Code updated 11/27 to resolve a bug that prevented the blocking of mail from blacklisted IPs)

About the Author

Jason Sherry is a Windows Infrastructure Architect for Pro Exchange and specialized in the Active Directory, Exchange, system management and administration, and scripting.  Before coming to Pro Exchange he worked at NetIQ for five years, where he was a product manager in their administration and security product line.

Reference Information

1)   Securing Exchange 2000

How to prevent Unsolicited Commercial E-Mail in Exchange 2000 Server (Q319356)
http://support.microsoft.com/default.aspx?scid=kb;en-us;319356

 How to prevent SMTP relaying with Microsoft Exchange Server
http://www.slipstick.com/exs/relay.htm

How to secure Simple Message Transfer Protocol Client Message Delivery in Exchange 2000 (Q319267)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319267

2)  Adding Exchange Server Filters

XADM: How to Filter Junk Mail in Exchange 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;q276321

One thing this article fails to mention is that the senders information is often forged by spam senders so these filters aren?t that helpful

How to Enable or Disable Message Filtering on a Simple Mail Transfer Protocol Virtual Server
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q261087

3)  Anti-Spam Software for Exchange and Outlook

http://www.msexchange.org/software/software.asp?cat=AntiSpam

http://www.slipstick.com/addins/content_control.htm

4)  Code References

Supported Transport Events with CDO
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cdosys/html/_cdosys_supported_transport_events_with_cdo.asp

Registering Script Sink Bindings
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cdosys/html/_cdosys_registering_script_sink_bindings.asp

Implementing Sinks with Scripting Languages
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cdosys/html/_cdosys_implementing_sinks_with_scripting_languages.asp

CdoEventStatus Enum
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cdosys/html/_cdosys_cdoeventstatus_enum.asp

Messagestatus Field
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cdosys/html/_cdosys_schema_SMTPenvelope_messagestatus.asp

How to register a Transport Event Sink for the SMTP Service in Exchange 2000 Server (Q 313404)
http://support.microsoft.com/default.aspx?scid=kb;en-us;313404

5)  Related Articles

Rules and tools to filter junk mail
http://www.slipstick.com/rules/junkmail.htm

How to view Internet Headers
http://www.slipstick.com/mail1/viewheaders.htm

6)  Spam related web-sites

Open Relay Sites
http://www.ordb.org/          http://relays.visi.com           http://relays.osirusoft.com

RFC-Ignore ? Since most spamers don?t follow RFC guidelines for SMTP mail deliver they are listed here
http://www.rfc-ignorant.org

Spamhaus Block List ? List and information on the worst spamer on the internet
http://www.spamhaus.org

 

Using Exchange Server components to fight SPAM

Page 1 | Page 2 | Page 3 | Page 4 | Page 5

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008