Re: OT: Can IMF be tweaked

Hi Gary,

I'm sorry for misunderstanding.

1. As you mentioned, IMF is already blocking the sender, you would like to
ALLOW email from a specific domain to come through IMF.

Unfortunately, we cannot control of allowing email from a specific domain
to come through IMF, this depends on the working mechanism of the IMF.

How Intelligent Message Filter Works
======================
When an external user sends e-mail messages to an Exchange server with
Intelligent Message Filter installed, Intelligent Message Filter evaluates
the textual content of the messages and assigns the message a rating based
on the probability that the message is UCE. This rating is stored as a
message property called a spam confidence level (SCL) rating with the
message itself. This rating is persisted with the message when the message
is sent to other Exchange servers.

An administrator sets two thresholds that determine how Intelligent Message
Filter handles e-mail messages with various SCL ratings: a gateway
threshold with an associated action to take on messages above this
threshold, and a mailbox store threshold. If a message has a rating higher
than the gateway threshold, Intelligent Message Filter takes the action
specified. If the message has a rating below the gateway threshold, the
message is sent to the Exchange mailbox store of the recipient. At the
Exchange mailbox store, if the message has a higher rating than the mailbox
store threshold, the mailbox store delivers the message to the user's Junk
E-mail folder rather than to the Inbox.

2. Does Sender Filtering bypass IMF?

Answer: No, I strongly suggest you kindly refer to the following
information to understand:

How Intelligent Message Filter Works with Exchange 2003 and Outlook
Filtering Features
========================================================
Exchange?2003 provides a set of filtering features, which are also used to
reduce UCE. These features are sender, recipient, and connection filtering.
Each of these Exchange filters is checked during the SMTP session, when a
connecting SMTP server attempts to send e-mail messages to an Exchange
server. Intelligent Message Filter is applied after the SMTP session. Any
e-mail messages filtered by recipient, sender, or connection filtering are
handled individually and do not go through Intelligent Message Filter.

On the client side, Microsoft Office Outlook??2003 and Microsoft Office
Outlook Web Access for Exchange Server?2003 allow users to create a list of
safe senders from whom they always want to accept e-mail messages and a
list of blocked senders from whom they always want to reject e-mail
messages. At the mailbox store, regardless of the SCL rating assigned to
the message, Exchange delivers all messages from safe senders to the user's
Inbox and all messages from blocked senders to the user's Junk E-mail
folder. However, if the e-mail message has been blocked by the gateway
threshold, it is not delivered to the user's Inbox because it is never
delivered to the mailbox store.

If a user is running an earlier version of Outlook, the safe senders and
blocked senders lists are not available. Any message marked as spam is
delivered directly to the user's Inbox.

Note: If your users run an earlier version of Outlook, but can use Outlook
Web Access2003, they can configure safe senders and blocked senders lists
in Outlook Web Access.

Filters are applied in the following order:
=========================
1. An SMTP server connects to Exchange and initiates an SMTP session.

2. During the SMTP session, Exchange applies connection filtering using
the following criteria:

1) Connection filtering checks the global accept list. If an IP address is
on the global accept list, no other connection, recipient, or sender
filtering is applied, and the message is accepted.

2) Connection filtering checks the global deny list. If the IP address of
the sending server is found on the global deny list, the message is
automatically rejected and no other filters are applied.

3) Connection filtering checks the real-time block lists of any providers
that you have configured. If the sending server's IP address is found on a
block list, the message is rejected and no other filters are applied.

3. After connection filtering is applied, Exchange checks the sender
address (the P1 information specified in the SMTP conversion by the MAIL
FROM command) against the list of senders you configured in sender
filtering. If a match is found, Exchange rejects the message and no other
filters are applied.

4. Exchange checks the recipient against the recipient list that you have
configured in recipient filtering. If the intended recipient matches an
e-mail address that you filter, Exchange rejects the message and no other
filters are applied.

5. After recipient filtering is applied, Exchange checks the resolved
sender address (the P2 data) against the list of senders you configured in
sender filtering. If the sender matches an address on the sender list,
Exchange filters the message based on the options you configured and no
other filters are applied.

6. If a message is not filtered by connection, recipient, or sender
filtering, Intelligent Message Filter is applied, and one of two things
happens at the gateway:

- If Intelligent Message Filter assigns the message an SCL rating that is
higher than your gateway threshold, Intelligent Message Filter takes the
appropriate gateway action.

- If Intelligent Message Filter assigns the message an SCL rating that is
lower than or equal to your gateway threshold, the message is passed to the
Exchange server with the user's mailbox store.

7. If a user is using Outlook 2003 or Outlook Web Access with Exchange
2003, the user's mailbox store compares the message's SCL rating with the
store threshold you configured, and one of two things happens:

- If the message rating is lower than or equal to the store threshold, the
mailbox store checks the user's blocked senders list configured in Outlook
or Outlook Web Access, and one of two things happens:

If the sender of the message is not on a blocked senders list configured in
Outlook or Outlook Web Access, or if a blocked senders list is not
available or defined, the message is delivered to the recipient's Inbox.

If the sender appears on the blocked senders list configured in Outlook or
Outlook Web Access, the message is delivered to the user's Junk E-mail
folder.

If the sender appears on the safe senders list, the message is delivered to
the recipients Inbox.

If the sender does not appear on the safe senders list or if a safe senders
list is not available or defined, the message is delivered to the
recipient's Junk E-mail folder.

Important: If your users are using versions of Outlook earlier than
Outlook 2003, the mailbox store thresholds have no effect and messages
filtered in Step7 are instead delivered to the users' Inboxes. However, if
your clients can access e-mail using Outlook Web Access 2003, the store
thresholds are applied as described in Step7.

More detailed information:
Chapter 1: Understanding Intelligent Message Filter
http://www.microsoft.com/technet/prodtechnol/exchange/guides/IMFDeploy/9aa45
f77-bdc6-45e3-9d55-d4d92c758be8.mspx

I appreciate your time and cooperation. If anything is unclear, please feel
free to let me know. I am looking forward to hearing from you.

Best regards,

Nathan Liu (MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>From: "Gary Karasik" <gkarasik@xxxxxxx>
>References: <#rItr7WvFHA.3960@xxxxxxxxxxxxxxxxxxxx>
<JGCwNDZvFHA.580@xxxxxxxxxxxxxxxxxxxxx>
<eV$rG0ZvFHA.3764@xxxxxxxxxxxxxxxxxxxx>
<yGgvFvavFHA.3020@xxxxxxxxxxxxxxxxxxxxx>
>Subject: Re: OT: Can IMF be tweaked
>Date: Tue, 20 Sep 2005 08:36:05 -0700
>Lines: 291
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>X-RFC2646: Format=Flowed; Original
>Message-ID: <uoelEkfvFHA.1028@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: 216.115.232.13
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:154854
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Thanks, Nathan,
>
>I don't want to BLOCK a sender from a specific domain. IMF is already
>blocking the sender. I want to ALLOW email from a specific domain to come
>through IMF. Does Sender Filtering bypass IMF?
>
>GaryK
>
>""Nathan Liu [MSFT]"" <v-natliu@xxxxxxxxxxxxxxxxxxxx> wrote in message
>news:yGgvFvavFHA.3020@xxxxxxxxxxxxxxxxxxxxxxxx
>> Hi Gary,
>>
>> Thank you for your quick update.
>>
>> Let's clarify this issue: We cannot use the IMF to deny messages from
>> specific domains, but we can use the sender filtering to achieve this
>> goal,
>> if we are using the SMTP service for incoming emails (Incoming emails are
>> delivered to the Exchange Server directly, not use the POP3 Connector to
>> retrieve incoming emails). To do so, please perform the following steps:
>>
>> To enable sender filtering
>>
>> 1. Open the Exchange System Manager, expand Global Settings, right-click
>> Message Delivery, click Sender Filtering tab.
>>
>> 2. On the Sender Filtering tab of the Message Delivery Properties dialog
>> box (see the following figure), click Add to add the SMTP address of a
>> user
>> or a particular domain from whom you want to block messages.
>>
>> You can block an individual sender, a whole domain, or a display name by
>> entering the display name in quotes.
>>
>> 3. To have Exchange save any messages that sender filtering blocks to an
>> archive folder (instead of automatically deleting these filtered
>> messages),
>> select Archive filtered messages.
>>
>> The archive folder is in the <drive>: \Program
Files\Exchsrvr\Mailroot\vsi
>> n\archivefolder, where n is the virtual server instance of the SMTP
>> virtual
>> server where sender filtering is enabled.
>>
>> 4. To block messages with a blank sender address (a technique that
some
>> senders of unsolicited commercial e-mail messages use), select Filter
>> messages with blank sender.
>>
>> 5. To end the SMTP session when a sender matches an address on the
>> sender filter, select Drop connection if address matches filter.
>>
>> 6. To accept messages from senders on the block list without sending
>> notification to the sender that mail was not delivered, select Accept
>> messages without notifying sender of filtering.
>>
>> 7. Although you configure SMTP message filtering options in the
Message
>> Delivery Properties dialog box, you must enable the filtering options on
>> the individual SMTP virtual servers where you want to apply the
>> filtering.
>> Exchange applies these filters during the SMTP session when a remote SMTP
>> server connects to the SMTP virtual server.
>>
>> A. On the Exchange System Manager, expand Servers -> DomainName ->
>> Protocols -> SMTP, right-click Default SMTP Virtual Server and select
>> Properties.
>>
>> B. Click General tab, click Advanced button, highlight the IP Address
>> (All Unassigned) entry, and click Edit.
>>
>> C. Check 'Apply Sender Filter' check box, and then click OK.
>>
>> More information:
>>
>> Configuring Sender Filtering
>>
http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3AdminGuide/
>> 9e3759cd-a9ca-448a-a56a-240e8a02e674.mspx
>>
>> I appreciate your time and cooperation. If anything is unclear, please
>> feel
>> free to let me know. I am looking forward to hearing from you.
>>
>> Best regards,
>>
>> Nathan Liu (MSFT)
>> Microsoft CSS Online Newsgroup Support
>>
>> Get Secure! - www.microsoft.com/security
>> ======================================================
>> This newsgroup only focuses on SBS technical issues. If you have issues
>> regarding other Microsoft products, you'd better post in the
corresponding
>> newsgroups so that they can be resolved in an efficient and timely
manner.
>> You can locate the newsgroup here:
>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>
>> When opening a new thread via the web interface, we recommend you check
>> the
>> "Notify me of replies" box to receive e-mail notifications when there are
>> any updates in your thread. When responding to posts via your newsreader,
>> please "Reply to Group" so that others may learn and benefit from your
>> issue.
>>
>> Microsoft engineers can only focus on one issue per thread. Although we
>> provide other information for your reference, we recommend you post
>> different incidents in different threads to keep the thread clean. In
>> doing
>> so, it will ensure your issues are resolved in a timely manner.
>>
>> For urgent issues, you may want to contact Microsoft CSS directly. Please
>> check http://support.microsoft.com for regional support phone numbers.
>>
>> Any input or comments in this thread are highly appreciated.
>> ======================================================
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> --------------------
>>>From: "Gary Karasik" <gkarasik@xxxxxxx>
>>>References: <#rItr7WvFHA.3960@xxxxxxxxxxxxxxxxxxxx>
>> <JGCwNDZvFHA.580@xxxxxxxxxxxxxxxxxxxxx>
>>>Subject: Re: OT: Can IMF be tweaked
>>>Date: Mon, 19 Sep 2005 21:37:35 -0700
>>>Lines: 137
>>>X-Priority: 3
>>>X-MSMail-Priority: Normal
>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>>>X-RFC2646: Format=Flowed; Original
>>>Message-ID: <eV$rG0ZvFHA.3764@xxxxxxxxxxxxxxxxxxxx>
>>>Newsgroups: microsoft.public.windows.server.sbs
>>>NNTP-Posting-Host: 216.115.232.13
>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:154688
>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>
>>>Thank you Nathan. Do you know if there are any plans to add this feature?
>>>
>>>> However, to allow messages from
>>>> specific domains, we can block messages sent by specific senders by
>>>> using
>>>> sender filtering. This approach is useful if you receive unsolicited
>>>> commercial e-mail from particular domains or sender addresses.
>>>
>>>This is confusing. I can allow messages by filtering them?
>>>
>>>GaryK
>>>
>>>""Nathan Liu [MSFT]"" <v-natliu@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>>news:JGCwNDZvFHA.580@xxxxxxxxxxxxxxxxxxxxxxxx
>>>> Hello Gary,
>>>>
>>>> Thank you for posting in the SBS newsgroup.
>>>>
>>>> According to your description, I understand that you would like to
>>>> configure the Intelligent Message Filter (IMF) to allow messages from
>>>> specific domains. If I have misunderstood the problem, please don't
>>>> hesitate to let me know.
>>>>
>>>> First of all, can I assume you use the SMTP service for incoming
emails?
>>>> If
>>>> not, please note that IMF works on the SMTP virtual server. If you are
>>>> using POP3 connector to retrieve mails from ISP mailboxes, it's
expected
>>>> that the messages will not get scanned by the IMF. This is because the
>>>> gateway level IMF only scans e-mails at SMTP incoming traffic. Since
the
>>>> POP3 connector downloads the messages by using POP3 protocol and then
>> uses
>>>> CDO to directly deliver them to the recipients, the IMF will never
catch
>>>> the messages. In addition, POP3 connector also does not work with the
>>>> Exchange built-in filters (Recipient Filtering, Sender Filtering and
>>>> Connection Filtering).
>>>>
>>>> For the question: Can Intelligent Message Filter be tweaked to allow
>>>> messages from specific domains?
>>>> Answer: Unfortunately, the Intelligent Message Filter cannot be tweaked
>> to
>>>> allow messages from specific domains. However, to allow messages from
>>>> specific domains, we can block messages sent by specific senders by
>>>> using
>>>> sender filtering. This approach is useful if you receive unsolicited
>>>> commercial e-mail from particular domains or sender addresses.
>>>>
>>>> How to Enable Sender Filtering
>>>>
>>
http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3AdminGuide/
>>>> 6ec10d6d-faca-4279-b1db-aeb8328c4eb9.mspx
>>>>
>>>> Additionally, please refer to the following information: How
Intelligent
>>>> Message Filter Works
>>>>
>>>> When an external user sends e-mail messages to an Exchange server with
>>>> Intelligent Message Filter installed, Intelligent Message Filter
>> evaluates
>>>> the textual content of the messages and assigns the message a rating
>> based
>>>> on the probability that the message is UCE. This rating is stored as a
>>>> message property called a spam confidence level (SCL) rating with the
>>>> message itself. This rating is persisted with the message when the
>> message
>>>> is sent to other Exchange servers.
>>>>
>>>> An administrator sets two thresholds that determine how Intelligent
>>>> Message
>>>> Filter handles e-mail messages with various SCL ratings: a gateway
>>>> threshold with an associated action to take on messages above this
>>>> threshold, and a mailbox store threshold. If a message has a rating
>> higher
>>>> than the gateway threshold, Intelligent Message Filter takes the action
>>>> specified. If the message has a rating below the gateway threshold, the
>>>> message is sent to the Exchange mailbox store of the recipient. At the
>>>> Exchange mailbox store, if the message has a higher rating than the
>>>> mailbox
>>>> store threshold, the mailbox store delivers the message to the user's
>> Junk
>>>> E-mail folder rather than to the Inbox.
>>>>
>>>> I appreciate your time and cooperation. If anything is unclear, please
>>>> feel
>>>> free to let me know. I am looking forward to hearing from you.
>>>>
>>>> Best regards,
>>>>
>>>> Nathan Liu (MSFT)
>>>> Microsoft CSS Online Newsgroup Support
>>>>
>>>> Get Secure! - www.microsoft.com/security
>>>> ======================================================
>>>> This newsgroup only focuses on SBS technical issues. If you have issues
>>>> regarding other Microsoft products, you'd better post in the
>> corresponding
>>>> newsgroups so that they can be resolved in an efficient and timely
>> manner.
>>>> You can locate the newsgroup here:
>>>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>>>
>>>> When opening a new thread via the web interface, we recommend you check
>>>> the
>>>> "Notify me of replies" box to receive e-mail notifications when there
>>>> are
>>>> any updates in your thread. When responding to posts via your
>>>> newsreader,
>>>> please "Reply to Group" so that others may learn and benefit from your
>>>> issue.
>>>>
>>>> Microsoft engineers can only focus on one issue per thread. Although we
>>>> provide other information for your reference, we recommend you post
>>>> different incidents in different threads to keep the thread clean. In
>>>> doing
>>>> so, it will ensure your issues are resolved in a timely manner.
>>>>
>>>> For urgent issues, you may want to contact Microsoft CSS directly.
>>>> Please
>>>> check http://support.microsoft.com for regional support phone numbers.
>>>>
>>>> Any input or comments in this thread are highly appreciated.
>>>> ======================================================
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>
>>>> --------------------
>>>>>From: "Gary Karasik" <gkarasik@xxxxxxx>
>>>>>Subject: OT: Can IMF be tweaked
>>>>>Date: Mon, 19 Sep 2005 16:07:33 -0700
>>>>>Lines: 8
>>>>>X-Priority: 3
>>>>>X-MSMail-Priority: Normal
>>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>>>>>X-RFC2646: Format=Flowed; Original
>>>>>Message-ID: <#rItr7WvFHA.3960@xxxxxxxxxxxxxxxxxxxx>
>>>>>Newsgroups: microsoft.public.windows.server.sbs
>>>>>NNTP-Posting-Host: 216.115.232.13
>>>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
>>>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:154619
>>>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>>>
>>>>>Hi,
>>>>>
>>>>>Can Intelligent Message Filter be tweaked to allow messages from
>>>>>specific
>>>>>domains?
>>>>>
>>>>>GaryK
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>
>
>
>

.