Re: Spam filtering with Connection Filtering
- From: "Gregg Hill" <bogus@xxxxxxxxxxx>
- Date: Wed, 25 Jan 2006 00:45:59 -0800
Jenny,
If I have SMTP logging on my server, will it show the dropped connections?
You said it would if "they" have it turned on; do you mean the sender?
My goal is to be able to log all dropped connections to see if any should
have been let through.
Gregg Hill
""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:xXwcrHXIGHA.3764@xxxxxxxxxxxxxxxxxxxxxxxx
> Hi Gregg,
>
> Thanks for your update.
>
> When the messages are blocked, the senders will receive NDR. If they
> enable
> SMTP logging, they will find the customize error message in SMTP log. And
> if the senders try to connect your exchange server using Telnet command,
> they also can receive the customize error message.
>
> 319426 How To Configure the SMTP Connector to Link to Internet Domains in
> Exchange
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;319426
>
> Please let me know if you have any further question on the issue. I am
> happy to be of assistance to you!
>
> Have a nice day!
>
> Sincerely,
>
> Jenny Wu
> Microsoft CSS Online Newsgroup Support
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
>>Reply-To: "Gregg Hill" <bogus@xxxxxxxxxxx>
>>From: "Gregg Hill" <bogus@xxxxxxxxxxx>
>>References: <uc$YB0HIGHA.2320@xxxxxxxxxxxxxxxxxxxx>
> <k9d8sdLIGHA.3152@xxxxxxxxxxxxxxxxxxxxx>
>>Subject: Re: Spam filtering with Connection Filtering
>>Date: Mon, 23 Jan 2006 23:52:38 -0800
>>Lines: 169
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>>X-RFC2646: Format=Flowed; Original
>>Message-ID: <O4jjmsLIGHA.1192@xxxxxxxxxxxxxxxxxxxx>
>>Newsgroups: microsoft.public.windows.server.sbs
>>NNTP-Posting-Host: rrcs-67-52-120-182.west.biz.rr.com 67.52.120.182
>>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
>>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:238874
>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>
>>Jenny,
>>
>>You understood my question perfectly and I have enabled logging on all
>>checkboxes in the list. I will probably just do that for a month to make
>>sure legitimate mail gets through.
>>
>>I used http://support.microsoft.com/kb/823866/en-us to set up Connection
>>Filtering. I have it set to return a custom error message, per step 7 of
>>that article, just in case a legitimate email gets bounced. My message is,
>>"Your mail server IP address %0 is listed as a spam site and was rejected
> by
>>the Realtime Block List provider %2. Please call your intended recipient
> and
>>give them this exact error message." I did that so the rejected end user,
> if
>>he/she is a legitimate sender, would call the company to let them know
> that
>>I need to add them to the whitelist.
>>
>>When using the above settings, do the dropped connections send an actual
>>NDR, or is the message it returns not considered an NDR? The reason I ask
> is
>>that Default SMTP Virtual Server in Exchange System Manager, Messages tab,
>>has a choice to send a copy of the NDR to an address. I would like to turn
>>on this setting and send NDR copies to the administrator when a message
> gets
>>blocked by RBL lookups. I will probably just do that for a month to make
>>sure legitimate mail gets through.
>>
>>Thank you for your help!
>>
>>Gregg Hill
>>
>>
>>
>>
>>
>>""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>news:k9d8sdLIGHA.3152@xxxxxxxxxxxxxxxxxxxxxxxx
>>> Hi Gregg,
>>>
>>> Thanks for using the SBS newsgroup.
>>>
>>> From your description, I understand that you want to know if there is a
>>> method can view the messages that are blocked by Exchange 2003
>>> Connection
>>> Filtering. If I am off base, please don't hesitate to let me know.
>>>
>>> Connection filtering is a rule that the Simple Mail Transfer Protocol
>>> (SMTP) uses to determine whether a sending computer's Internet Protocol
>>> (IP) address appears on a Realtime Block List (RBL). An RBL is a
>>> database
>>> that is created by an entity to record potential sources of unsolicited
>>> commercial e-mail (UCE) or of bulk e-mail. UCE is also known as spam.
> Some
>>> of the potential sources of UCE or of bulk e-mail include e-mail servers
>>> that are configured as "open" relays or dial-up accounts.
>>>
>>> SMTP uses connection filtering to perform a Domain Name System (DNS)
> query
>>> for the IP address of the sending mail server. Exchange Server 2003
>>> sends
>>> the query to the RBL provider to see whether the host record (also known
>>> as
>>> the A record) of the sending mail server appears in the RBL. The RBL
>>> provider checks its DNS records for the existence of the sending mail
>>> server's host record. If yes, the connection will be dropped and the
>>> messages will not be delivered to your server. So we can not monitor
>>> what
>>> messages has been blocked by connection filters. However you can enable
>>> the
>>> SMTP logging to record the incoming messages information, there is only
>>> senders' information not the mail content. You can refer to the
>>> following
>>> steps to enable the SMTP logging:
>>>
>>> 1) Open the properties page of the Default SMTP Virtual Server in
> Exchange
>>> System Manager.
>>> 2) On the General tab, check the "Enable logging" box.
>>> 3) Click Properties, click the Advanced tab and check all the boxes on
> the
>>> list.
>>> 4) Click OK twice.
>>>
>>> Go to the C:\WINDOWS\system32\LogFiles\SMTPSVC1 folder and check the log
>>> files.
>>>
>>> However this is not a easy a method to do this, I may use the IMF to
>>> filter
>>> messages and use the tool "IMF Archive Manager" to check the archived
>>> messages.
>>>
>>> For more information about how IMF works with Outlook 2003 built-in junk
>>> mail filters, please refer to the IMF Deployment Guide below (from page
> #4
>>> to #6).
>>>
>>>
> http://www.microsoft.com/downloads/details.aspx?FamilyId=B1218D8C-E8B3-48FB-
>>> 9208-6F75707870C2&displaylang=en
>>>
>>> The IMF Archive Manager utility is available at:
>>>
> http://www.gotdotnet.com/workspaces/workspace.aspx?id=e8728572-3a4e-425a-9b2
>>> 6-a3fda0d06fee
>>>
>>> NOTE: This response contains a reference to a third party World Wide Web
>>> site. Microsoft is providing this information as a convenience to you.
>>> Microsoft does not control these sites and has not tested any software
>>> or
>>> information found on these sites; therefore, Microsoft cannot make any
>>> representations regarding the quality, safety, or suitability of any
>>> software or information found there. There are inherent dangers in the
> use
>>> of any software found on the Internet, and Microsoft cautions you to
>>> make
>>> sure that you completely understand the risk before retrieving any
>>> software
>>> from the Internet.
>>>
>>> Hope above information helps! I am happy to be of assistance to you and
>>> look forward to your reply!
>>>
>>> Have a nice day!
>>>
>>> Sincerely,
>>>
>>> Jenny Wu
>>> Microsoft CSS Online Newsgroup Support
>>> Get Secure! - www.microsoft.com/security
>>> ======================================================
>>> This newsgroup only focuses on SBS technical issues. If you have issues
>>> regarding other Microsoft products, you'd better post in the
> corresponding
>>> newsgroups so that they can be resolved in an efficient and timely
> manner.
>>> You can locate the newsgroup here:
>>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>>
>>> When opening a new thread via the web interface, we recommend you check
>>> the
>>> "Notify me of replies" box to receive e-mail notifications when there
>>> are
>>> any updates in your thread. When responding to posts via your
>>> newsreader,
>>> please "Reply to Group" so that others may learn and benefit from your
>>> issue.
>>>
>>> Microsoft engineers can only focus on one issue per thread. Although we
>>> provide other information for your reference, we recommend you post
>>> different incidents in different threads to keep the thread clean. In
>>> doing
>>> so, it will ensure your issues are resolved in a timely manner.
>>>
>>> For urgent issues, you may want to contact Microsoft CSS directly.
>>> Please
>>> check http://support.microsoft.com for regional support phone numbers.
>>>
>>> Any input or comments in this thread are highly appreciated.
>>> ======================================================
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>> --------------------
>>>>Reply-To: "Gregg Hill" <bogus@xxxxxxxxxxx>
>>>>From: "Gregg Hill" <bogus@xxxxxxxxxxx>
>>>>Subject: Spam filtering with Connection Filtering
>>>>Date: Mon, 23 Jan 2006 16:27:47 -0800
>>>>Lines: 8
>>>>X-Priority: 3
>>>>X-MSMail-Priority: Normal
>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>>>>X-RFC2646: Format=Flowed; Original
>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>>>>Message-ID: <uc$YB0HIGHA.2320@xxxxxxxxxxxxxxxxxxxx>
>>>>Newsgroups: microsoft.public.windows.server.sbs
>>>>NNTP-Posting-Host: rrcs-67-52-120-182.west.biz.rr.com 67.52.120.182
>>>>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
>>>>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:238802
>>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>>
>>>>Hello!
>>>>
>>>>On SBS 2003, is there a way to see what messages have been rejected by
>>> using
>>>>Exchange 2003 Connection Filtering?
>>>>
>>>>Gregg Hill
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>
.
- References:
- Spam filtering with Connection Filtering
- From: Gregg Hill
- RE: Spam filtering with Connection Filtering
- From: "Jenny wu [MSFT]"
- Re: Spam filtering with Connection Filtering
- From: Gregg Hill
- Re: Spam filtering with Connection Filtering
- From: "Jenny wu [MSFT]"
- Spam filtering with Connection Filtering
- Prev by Date: RE: Post Exchange SP2
- Next by Date: RE: SBS 2003 - Odd remote access problem
- Previous by thread: Re: Spam filtering with Connection Filtering
- Next by thread: Re: Spam filtering with Connection Filtering
- Index(es):
Relevant Pages
|
Loading
