Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   

Tuning Exchange 2003 IMF with IMF Tune
Page 1 | Page 2 | Page 3
  1. Enable logging on all blocked messages

a.       Click the Logging section

b.      Click "Enable Disk Logging"

c.       Click Browse and select the directory and file name where you want the log to be written to

  • A single log file can be used for all SCL levels.

 

d.      Click OK to save changes

  1. Set all SCL 9 messages to be rejected

a.       Click Add...

b.      Set the SCL Level to 9

c.       Set the action to Reject

d.      Enable "Custom Reject Message Text"

  • This text is returned in the SMTP Protocol

 

  1. Confirm the settings are similar to those below:
  2. Confirm or adjust the Exchange IMF "Store Junk E-mail Configuration" to be 5

  • This will move all messages with a SCL of 5 or higher to the users Junk E-mail folders.

 

Now that we have tuned some of the basic options in IMF Tune the next step is to configure any white\black list settings.  When adding whitelist senders understand that the From setting in an e-mail can easily be spoofed.  So you should not add something like *@hotmail.com since hotmail.com, and many other common ISP and mail providers, are spoofed by spammers.  If you were to add "*@hotmail.com" as an "Accepted Sender" you would get all spam that had a from address at hotmail.com.  If you have organizations you commonly get e-mail from that you want to make sure it is never blocked it would make sense to add their domain name to the senders whitelist, but if their domain name is spoofed by a spammer users will get those spam messages.  Under blacklist you can enable "Block Subjects" and add "SEXUALLY EXPLICIT" if you want to block any e-mails where the sender has followed the guidelines to prefix such messages with those words.

The most powerful section of IMF Tune is in the "SCL Management" section.  This area allows for the incrementing, decrementing, or setting of the SCL based on keywords in any part of a message, including the header, or SMTP commands for the messages, see Figure III for a complete list. For example, if "Received From:" part of the header contains the text "RDNS failed" you could increase the SCL level by 3 points.  If you have Exchange configured to do a reverse DNS lookup on all incoming messages it will put this text in the "Received from" line in the message header if the IP address that send the message does not have a PTR record in the DNS server responsible for the IP address, see my article on this subject.

Figure III - SCL Mapping Fields

I would suggest adding keywords relating to your organizations to the list to decrement or whitelist messages that contain them.  For example, if you company sold a product called "Bass-o-matic" you might want to either set the SCL level of any messages containing to either whitelisted or have it decremented by a few points.

 

There is a great FAQ and User Guide, which includes step-by-step instructions on how to install and configure IMF Tune, on the WinDeveloper.com website.  In addition, you can download IMF Tune from the website and try it out for 30 days for free.  They also have multiple whitepapers and related links on their site.

 

While IMF Tune may not have all of the spam filtering features larger organizations will require it easily should meet the 80/20 rule for most.

 

Note:

Make sure you manage your archive folder, just like any other logging or archive folder, you should delete files out of it to keep it from getting too large.  I use a BAT file I found on the Internet to do this.  It deletes all files older than 7 days in the folder specified in the "Start in:" line in the Schedule Task, see figure IV.  The usage of the BAT, called DeleteOldFiles.bat, is <folder with the files> <days of items to keep> <file mask [optional]>.   In the example below it deleted all files older than 7 days in the D:\Exchange\IMF directory and logs the results to c:\Del.log.

Figure IV - Deleting Old Files

 
 

Tuning Exchange 2003 IMF with IMF Tune
Page 1 | Page 2 | Page 3

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008