Re: Spam filtering with Connection Filtering
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Thu, 26 Jan 2006 10:50:52 GMT
Hi Gregg,
Thanks for your update.
I have discussed the issue with my colleagues for the issue. The SMTP
logging time actually is GMT time, we can not change it. This is by design.
Please let me know if you have any further question on the issue. I am
happy to be of assistance to you!
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Reply-To: "Gregg Hill" <bogus@xxxxxxxxxxx>
>From: "Gregg Hill" <bogus@xxxxxxxxxxx>
>References: <uc$YB0HIGHA.2320@xxxxxxxxxxxxxxxxxxxx>
<k9d8sdLIGHA.3152@xxxxxxxxxxxxxxxxxxxxx>
<O4jjmsLIGHA.1192@xxxxxxxxxxxxxxxxxxxx>
<xXwcrHXIGHA.3764@xxxxxxxxxxxxxxxxxxxxx>
<OktDg$YIGHA.3192@xxxxxxxxxxxxxxxxxxxx>
<Kxj25laIGHA.3680@xxxxxxxxxxxxxxxxxxxxx>
>Subject: Re: Spam filtering with Connection Filtering
>Date: Wed, 25 Jan 2006 08:16:34 -0800
>Lines: 422
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>X-RFC2646: Format=Flowed; Original
>Message-ID: <#Jmd3qcIGHA.1132@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: rrcs-67-52-120-182.west.biz.rr.com 67.52.120.182
>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:239267
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Jenny,
>
>I Googled "smtp logging gmt" and found that setting and it was already
>checked. That only sets local time for the creation of the file, but all
the
>Google posts said that the contents of those logs will be GMT. How
>ridiculous! But I guess I am stuck with it. I can always import the logs
>into Excel and subtract 8 hours from the times.
>
>Gregg Hill
>
>
>
>
>""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
>news:Kxj25laIGHA.3680@xxxxxxxxxxxxxxxxxxxxxxxx
>> Hi Gregg,
>>
>> Thanks for your update.
>>
>> Based on my research, W3C Extended log file format uses midnight
>> Coordinated Universal Time (Greenwich Mean Time, GMT). To resolve the
>> issue, I would like to suggest you use midnight local time to make the
>> time
>> is same with the local time and date of the server.
>>
>> To use midnight local time, click to select the "Use local time for file
>> naming and rollover" check box at SMTP Virtual
Server->Properties->General
>> tab->Properties->General Properties tab.
>>
>> And then please test the issue to see if it is resolved.
>>
>> More information:
>>
>> HOW TO: Configure Web Site Logging in Windows Server 2003
>> http://support.microsoft.com/?id=324279
>>
>> How To Enable IIS Logging Site Activity in Windows 2000
>> http://support.microsoft.com/kb/300390/en-us
>>
>> If the issue persists, please try to enable SMTP logging and send mails,
>> then send the SMTP log to me for analyze.
>>
>> Please note: please let me know the From mail address, To mail address,
>> send time and time zone.
>>
>> Have a nice day!
>>
>> Sincerely,
>>
>> Jenny Wu
>> Microsoft CSS Online Newsgroup Support
>> Get Secure! - www.microsoft.com/security
>> ======================================================
>> This newsgroup only focuses on SBS technical issues. If you have issues
>> regarding other Microsoft products, you'd better post in the
corresponding
>> newsgroups so that they can be resolved in an efficient and timely
manner.
>> You can locate the newsgroup here:
>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>
>> When opening a new thread via the web interface, we recommend you check
>> the
>> "Notify me of replies" box to receive e-mail notifications when there are
>> any updates in your thread. When responding to posts via your newsreader,
>> please "Reply to Group" so that others may learn and benefit from your
>> issue.
>>
>> Microsoft engineers can only focus on one issue per thread. Although we
>> provide other information for your reference, we recommend you post
>> different incidents in different threads to keep the thread clean. In
>> doing
>> so, it will ensure your issues are resolved in a timely manner.
>>
>> For urgent issues, you may want to contact Microsoft CSS directly. Please
>> check http://support.microsoft.com for regional support phone numbers.
>>
>> Any input or comments in this thread are highly appreciated.
>> ======================================================
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> --------------------
>>>Reply-To: "Gregg Hill" <bogus@xxxxxxxxxxx>
>>>From: "Gregg Hill" <bogus@xxxxxxxxxxx>
>>>References: <uc$YB0HIGHA.2320@xxxxxxxxxxxxxxxxxxxx>
>> <k9d8sdLIGHA.3152@xxxxxxxxxxxxxxxxxxxxx>
>> <O4jjmsLIGHA.1192@xxxxxxxxxxxxxxxxxxxx>
>> <xXwcrHXIGHA.3764@xxxxxxxxxxxxxxxxxxxxx>
>>>Subject: Re: Spam filtering with Connection Filtering
>>>Date: Wed, 25 Jan 2006 01:15:23 -0800
>>>Lines: 285
>>>X-Priority: 3
>>>X-MSMail-Priority: Normal
>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>>>X-RFC2646: Format=Flowed; Original
>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>>>Message-ID: <OktDg$YIGHA.3192@xxxxxxxxxxxxxxxxxxxx>
>>>Newsgroups: microsoft.public.windows.server.sbs
>>>NNTP-Posting-Host: rrcs-67-52-120-182.west.biz.rr.com 67.52.120.182
>>>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
>>>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:239199
>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>
>>>Jenny,
>>>
>>>I just looked at my SMTP logs and I notice that the time listed for the
>>>connections is 8 hours ahead of the actual time here in California. Why
>>>would my server show the wrong time for the connections? Even when I send
>> a
>>>message, the time listed is 8 hours from now. It is as though it is using
>>>GMT instead of PST for my time zone. Yes, my time is correct on my server
>>>clock.
>>>
>>>Gregg Hill
>>>
>>>
>>>""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>>news:xXwcrHXIGHA.3764@xxxxxxxxxxxxxxxxxxxxxxxx
>>>> Hi Gregg,
>>>>
>>>> Thanks for your update.
>>>>
>>>> When the messages are blocked, the senders will receive NDR. If they
>>>> enable
>>>> SMTP logging, they will find the customize error message in SMTP log.
>>>> And
>>>> if the senders try to connect your exchange server using Telnet
command,
>>>> they also can receive the customize error message.
>>>>
>>>> 319426 How To Configure the SMTP Connector to Link to Internet Domains
>>>> in
>>>> Exchange
>>>> http://support.microsoft.com/default.aspx?scid=kb;EN-US;319426
>>>>
>>>> Please let me know if you have any further question on the issue. I am
>>>> happy to be of assistance to you!
>>>>
>>>> Have a nice day!
>>>>
>>>> Sincerely,
>>>>
>>>> Jenny Wu
>>>> Microsoft CSS Online Newsgroup Support
>>>> Get Secure! - www.microsoft.com/security
>>>> ======================================================
>>>> This newsgroup only focuses on SBS technical issues. If you have issues
>>>> regarding other Microsoft products, you'd better post in the
>> corresponding
>>>> newsgroups so that they can be resolved in an efficient and timely
>> manner.
>>>> You can locate the newsgroup here:
>>>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>>>
>>>> When opening a new thread via the web interface, we recommend you check
>>>> the
>>>> "Notify me of replies" box to receive e-mail notifications when there
>>>> are
>>>> any updates in your thread. When responding to posts via your
>>>> newsreader,
>>>> please "Reply to Group" so that others may learn and benefit from your
>>>> issue.
>>>>
>>>> Microsoft engineers can only focus on one issue per thread. Although we
>>>> provide other information for your reference, we recommend you post
>>>> different incidents in different threads to keep the thread clean. In
>>>> doing
>>>> so, it will ensure your issues are resolved in a timely manner.
>>>>
>>>> For urgent issues, you may want to contact Microsoft CSS directly.
>>>> Please
>>>> check http://support.microsoft.com for regional support phone numbers.
>>>>
>>>> Any input or comments in this thread are highly appreciated.
>>>> ======================================================
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>
>>>> --------------------
>>>>>Reply-To: "Gregg Hill" <bogus@xxxxxxxxxxx>
>>>>>From: "Gregg Hill" <bogus@xxxxxxxxxxx>
>>>>>References: <uc$YB0HIGHA.2320@xxxxxxxxxxxxxxxxxxxx>
>>>> <k9d8sdLIGHA.3152@xxxxxxxxxxxxxxxxxxxxx>
>>>>>Subject: Re: Spam filtering with Connection Filtering
>>>>>Date: Mon, 23 Jan 2006 23:52:38 -0800
>>>>>Lines: 169
>>>>>X-Priority: 3
>>>>>X-MSMail-Priority: Normal
>>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>>>>>X-RFC2646: Format=Flowed; Original
>>>>>Message-ID: <O4jjmsLIGHA.1192@xxxxxxxxxxxxxxxxxxxx>
>>>>>Newsgroups: microsoft.public.windows.server.sbs
>>>>>NNTP-Posting-Host: rrcs-67-52-120-182.west.biz.rr.com 67.52.120.182
>>>>>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
>>>>>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:238874
>>>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>>>
>>>>>Jenny,
>>>>>
>>>>>You understood my question perfectly and I have enabled logging on all
>>>>>checkboxes in the list. I will probably just do that for a month to
make
>>>>>sure legitimate mail gets through.
>>>>>
>>>>>I used http://support.microsoft.com/kb/823866/en-us to set up
Connection
>>>>>Filtering. I have it set to return a custom error message, per step 7
of
>>>>>that article, just in case a legitimate email gets bounced. My message
>> is,
>>>>>"Your mail server IP address %0 is listed as a spam site and was
>>>>>rejected
>>>> by
>>>>>the Realtime Block List provider %2. Please call your intended
recipient
>>>> and
>>>>>give them this exact error message." I did that so the rejected end
>>>>>user,
>>>> if
>>>>>he/she is a legitimate sender, would call the company to let them know
>>>> that
>>>>>I need to add them to the whitelist.
>>>>>
>>>>>When using the above settings, do the dropped connections send an
actual
>>>>>NDR, or is the message it returns not considered an NDR? The reason I
>>>>>ask
>>>> is
>>>>>that Default SMTP Virtual Server in Exchange System Manager, Messages
>> tab,
>>>>>has a choice to send a copy of the NDR to an address. I would like to
>> turn
>>>>>on this setting and send NDR copies to the administrator when a message
>>>> gets
>>>>>blocked by RBL lookups. I will probably just do that for a month to
make
>>>>>sure legitimate mail gets through.
>>>>>
>>>>>Thank you for your help!
>>>>>
>>>>>Gregg Hill
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>>>>news:k9d8sdLIGHA.3152@xxxxxxxxxxxxxxxxxxxxxxxx
>>>>>> Hi Gregg,
>>>>>>
>>>>>> Thanks for using the SBS newsgroup.
>>>>>>
>>>>>> From your description, I understand that you want to know if there
is
>>>>>> a
>>>>>> method can view the messages that are blocked by Exchange 2003
>>>>>> Connection
>>>>>> Filtering. If I am off base, please don't hesitate to let me know.
>>>>>>
>>>>>> Connection filtering is a rule that the Simple Mail Transfer Protocol
>>>>>> (SMTP) uses to determine whether a sending computer's Internet
>>>>>> Protocol
>>>>>> (IP) address appears on a Realtime Block List (RBL). An RBL is a
>>>>>> database
>>>>>> that is created by an entity to record potential sources of
>>>>>> unsolicited
>>>>>> commercial e-mail (UCE) or of bulk e-mail. UCE is also known as spam.
>>>> Some
>>>>>> of the potential sources of UCE or of bulk e-mail include e-mail
>> servers
>>>>>> that are configured as "open" relays or dial-up accounts.
>>>>>>
>>>>>> SMTP uses connection filtering to perform a Domain Name System (DNS)
>>>> query
>>>>>> for the IP address of the sending mail server. Exchange Server 2003
>>>>>> sends
>>>>>> the query to the RBL provider to see whether the host record (also
>> known
>>>>>> as
>>>>>> the A record) of the sending mail server appears in the RBL. The RBL
>>>>>> provider checks its DNS records for the existence of the sending mail
>>>>>> server's host record. If yes, the connection will be dropped and the
>>>>>> messages will not be delivered to your server. So we can not monitor
>>>>>> what
>>>>>> messages has been blocked by connection filters. However you can
>>>>>> enable
>>>>>> the
>>>>>> SMTP logging to record the incoming messages information, there is
>>>>>> only
>>>>>> senders' information not the mail content. You can refer to the
>>>>>> following
>>>>>> steps to enable the SMTP logging:
>>>>>>
>>>>>> 1) Open the properties page of the Default SMTP Virtual Server in
>>>> Exchange
>>>>>> System Manager.
>>>>>> 2) On the General tab, check the "Enable logging" box.
>>>>>> 3) Click Properties, click the Advanced tab and check all the boxes
on
>>>> the
>>>>>> list.
>>>>>> 4) Click OK twice.
>>>>>>
>>>>>> Go to the C:\WINDOWS\system32\LogFiles\SMTPSVC1 folder and check the
>> log
>>>>>> files.
>>>>>>
>>>>>> However this is not a easy a method to do this, I may use the IMF to
>>>>>> filter
>>>>>> messages and use the tool "IMF Archive Manager" to check the archived
>>>>>> messages.
>>>>>>
>>>>>> For more information about how IMF works with Outlook 2003 built-in
>> junk
>>>>>> mail filters, please refer to the IMF Deployment Guide below (from
>>>>>> page
>>>> #4
>>>>>> to #6).
>>>>>>
>>>>>>
>>>>
>>
http://www.microsoft.com/downloads/details.aspx?FamilyId=B1218D8C-E8B3-48FB-
>>>>>> 9208-6F75707870C2&displaylang=en
>>>>>>
>>>>>> The IMF Archive Manager utility is available at:
>>>>>>
>>>>
>>
http://www.gotdotnet.com/workspaces/workspace.aspx?id=e8728572-3a4e-425a-9b2
>>>>>> 6-a3fda0d06fee
>>>>>>
>>>>>> NOTE: This response contains a reference to a third party World Wide
>> Web
>>>>>> site. Microsoft is providing this information as a convenience to
you.
>>>>>> Microsoft does not control these sites and has not tested any
software
>>>>>> or
>>>>>> information found on these sites; therefore, Microsoft cannot make
any
>>>>>> representations regarding the quality, safety, or suitability of any
>>>>>> software or information found there. There are inherent dangers in
the
>>>> use
>>>>>> of any software found on the Internet, and Microsoft cautions you to
>>>>>> make
>>>>>> sure that you completely understand the risk before retrieving any
>>>>>> software
>>>>>> from the Internet.
>>>>>>
>>>>>> Hope above information helps! I am happy to be of assistance to you
>>>>>> and
>>>>>> look forward to your reply!
>>>>>>
>>>>>> Have a nice day!
>>>>>>
>>>>>> Sincerely,
>>>>>>
>>>>>> Jenny Wu
>>>>>> Microsoft CSS Online Newsgroup Support
>>>>>> Get Secure! - www.microsoft.com/security
>>>>>> ======================================================
>>>>>> This newsgroup only focuses on SBS technical issues. If you have
>>>>>> issues
>>>>>> regarding other Microsoft products, you'd better post in the
>>>> corresponding
>>>>>> newsgroups so that they can be resolved in an efficient and timely
>>>> manner.
>>>>>> You can locate the newsgroup here:
>>>>>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>>>>>
>>>>>> When opening a new thread via the web interface, we recommend you
>>>>>> check
>>>>>> the
>>>>>> "Notify me of replies" box to receive e-mail notifications when there
>>>>>> are
>>>>>> any updates in your thread. When responding to posts via your
>>>>>> newsreader,
>>>>>> please "Reply to Group" so that others may learn and benefit from
your
>>>>>> issue.
>>>>>>
>>>>>> Microsoft engineers can only focus on one issue per thread. Although
>>>>>> we
>>>>>> provide other information for your reference, we recommend you post
>>>>>> different incidents in different threads to keep the thread clean. In
>>>>>> doing
>>>>>> so, it will ensure your issues are resolved in a timely manner.
>>>>>>
>>>>>> For urgent issues, you may want to contact Microsoft CSS directly.
>>>>>> Please
>>>>>> check http://support.microsoft.com for regional support phone
numbers.
>>>>>>
>>>>>> Any input or comments in this thread are highly appreciated.
>>>>>> ======================================================
>>>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>>>> rights.
>>>>>>
>>>>>> --------------------
>>>>>>>Reply-To: "Gregg Hill" <bogus@xxxxxxxxxxx>
>>>>>>>From: "Gregg Hill" <bogus@xxxxxxxxxxx>
>>>>>>>Subject: Spam filtering with Connection Filtering
>>>>>>>Date: Mon, 23 Jan 2006 16:27:47 -0800
>>>>>>>Lines: 8
>>>>>>>X-Priority: 3
>>>>>>>X-MSMail-Priority: Normal
>>>>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>>>>>>>X-RFC2646: Format=Flowed; Original
>>>>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>>>>>>>Message-ID: <uc$YB0HIGHA.2320@xxxxxxxxxxxxxxxxxxxx>
>>>>>>>Newsgroups: microsoft.public.windows.server.sbs
>>>>>>>NNTP-Posting-Host: rrcs-67-52-120-182.west.biz.rr.com 67.52.120.182
>>>>>>>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
>>>>>>>Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.windows.server.sbs:238802
>>>>>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>>>>>
>>>>>>>Hello!
>>>>>>>
>>>>>>>On SBS 2003, is there a way to see what messages have been rejected
by
>>>>>> using
>>>>>>>Exchange 2003 Connection Filtering?
>>>>>>>
>>>>>>>Gregg Hill
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>
>
>
>
.
- References:
- Spam filtering with Connection Filtering
- From: Gregg Hill
- RE: Spam filtering with Connection Filtering
- From: "Jenny wu [MSFT]"
- Re: Spam filtering with Connection Filtering
- From: Gregg Hill
- Re: Spam filtering with Connection Filtering
- From: "Jenny wu [MSFT]"
- Re: Spam filtering with Connection Filtering
- From: Gregg Hill
- Re: Spam filtering with Connection Filtering
- From: "Jenny wu [MSFT]"
- Re: Spam filtering with Connection Filtering
- From: Gregg Hill
- Spam filtering with Connection Filtering
- Prev by Date: dsrestor error (Event ID:1005) in the application event log.
- Next by Date: Re: Server software on SBS Premium SP1
- Previous by thread: Re: Spam filtering with Connection Filtering
- Next by thread: Re: ISA 2004 on SBS 2003 Premium - Where to create Firewall Policy Rul
- Index(es):
Relevant Pages
|
