Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

       How did you like this article? Please vote and let us know.          

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Shannal L. Thomas
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links

 

 
 

Intelligent Message Filter Reporting Scripts        Download Files

The Intelligent Message Filter (IMF) gives you the ability to filter UCE email at the gateway and mailbox level on any Exchange 2003 server basically its free and it works. But once you have it installed some form of monitoring and reporting on its operation is a wise thing to perform especially at the gateway level where email is removed from the delivery process.

When reporting on the IMF operation in your network there are a few options, this article focus's on reporting at the gateway level where email is either archived or deleted. One method that can be used to report on the operation of the IMF in a network is to use the message tracking logs which report on all the email that have been achieved or deleted  by the IMF. For reporting on this data held in the message tracking logs I've come up with the following 3 methods all these methods use WMI to query the message tracking logs and then present the data from the logs in a number of different formats.

Requirements

The main requirement for this script to work is to have Message Tracking Logging enabled on the server (this is disabled by default on Exchange 2000/2003) see this Qbase article for more detail. I recommend you also enable subject tracking when you do this as this makes the tracking log data a lot more meaningful. Before you enable messaging tracking think carefully about the amount of email traffic your server gets and where your going to store the log files.

Nightly IMF Spam Report Email

This is a script that you can schedule to run once a day (or more) that returns a HTML email with a table that lists all the email that has been achieved by the IMF over the past day.

RSS Feed of IMF Message Tracking Log Data            

This script produces a RSS Feed of items that have been archived by the IMF it's designed to be scheduled to run every 15 minutes and will keep a constant updated RSS feed which can be subscribed to by RSS aggregators and this will deliver a up to date list of archived spam to any subscribers throughout the day. (This is especially useful during the first couple of weeks after implementing the IMF because it gives you a close to real time monitor of the IMF operations.)

Report database and ASP pages for IMF Tracking logs data

The report database was based on my other message tracking logs article, instead of reporting on message flow this version is specifically targeted at SPAM the IMF has detected and archived. This script, database and reporting pages are useful for identifying the pattern of SPAM in your organization and can help you answer some of the following questions.

How many Spam Emails has the IMF archived over the past 1,7,14,30 days

What are the SPAM trends in your mail system

How many SPAM emails are deleted by the IMF at different times of the day what is the busy day/time of day for spam.

IP and email address's that send you the most spam.

How many SPAM email does each user receive

Taking Action on SPAM or False Positives

All the scripts in this article are aimed at giving you visibility on the actions that the IMF is performing at the gateway level if you are looking for something to resubmit any false positive detections or report SPAM email to one of the many UCE reporting organizations have a look at the IMF archive Manger

Download Files

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Pro Exchange. OutlookExchange.Com and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

© Copyright Pro Exchange, Inc., 2006