Re: Using IMF in conjunction with Trend CSM
- From: "Les Connor [SBS Community Member - SBS MVP]" <les.connor@xxxxxxxxxxxx>
- Date: Sat, 28 Oct 2006 09:06:49 -0500
I think you want to know how they got in the list. Does the user have JMF
turned on, or did she put these in the list manually with a right click? Did
Trend also tag them as spam (check the icon, or the header).
My bet is there's not much point in doing anything with them - most of the
time these are a one-time addy used by a spammer, and they're invalid
addresses to boot. They're only in there because that's the default way JMF
in outlook work. Personally, I'd turn off JMF and delete the list of blocked
addresses.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
understand." - Confucius
"Gregg Hill" <bogus@xxxxxxxxxxx> wrote in message
news:ODURPgj%23GHA.3952@xxxxxxxxxxxxxxxxxxxxxxx
I just looked at the user's Blocked Senders list and all the ones in the
JMF were on her blocked senders. She has a ton of blocked addresses. Do you
know if the IMF can import them into its Sender Filtering list?
And, yes, I have my IMF block and move to JMF both set the same, currently
at 6 with no false positives other than Backup Exec getting flagged, and
it is on the same server as Exchange.
Gregg Hill
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@xxxxxxxxxxxx>
wrote in message news:%23Nz89se%23GHA.2180@xxxxxxxxxxxxxxxxxxxxxxx
The users could be putting it there manually though. (r-click and select
block sender). I use that method, just to keep track of what isn't picked
up by any of the layers of anti-spam.
Also, I think if you have the JMF threshold set in IMF to a number less
than the reject setting, you can expect some mail to be delivered to the
users JMF. AFAIK, that works even when the JMF is turned off client-side.
It's possible you might be able to tell which mail in JMF would_have bee
picked up by Trend Anti-Spam, by the icon. It doesn't seem to work
reliably though - so the best method is to look at the message header -
the trend A/S yes/no is stamped there, as well as the A/S version number.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
understand." - Confucius
"Gregg Hill" <bogus@xxxxxxxxxxx> wrote in message
news:OipHwPe%23GHA.4740@xxxxxxxxxxxxxxxxxxxxxxx
Hi, Les!
I had forgotten that I actually do have the Junk email set to "No
Protection" via a GPO to prevent them having to look in two places. It
must not be working, because some users have spam in their junk email
folder.
I will look at their setup again next week.
Gregg Hill
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@xxxxxxxxxxxx>
wrote in message news:evrSQjI%23GHA.1168@xxxxxxxxxxxxxxxxxxxxxxx
I'd recommend not using the Outlook JMF if you're using EUQ - it just
confuses the issue (and the end user).
1. Connection filtering (spamhaus is good).
2. IMF set to reject at whatever number you feel good about *and* set
the JMF to the same number.
3. Recipient filtering
4. Trend Anti-Spam <high>
5. Turn JMF *off* in Outlook.
Use the JMF folder in Outlook *only* for spam or unwanted email that
makes it through to the inbox - the end user then only needs to r-click
the message and send to JMF folder.
This way, EUQ and JMF don't fight over spam, spreading it over both
folders. And, it's a good way to see how much spam actually makes it
through to the Inbox, as these are stored in Outlooks JMF by the user.
If you're getting more than 5-10 spams a day into the inbox, then IMHO
the solution isn't working and you may need to tighten up if you can,
or implement other measures. Same with EUQ, you should be able to
achieve 10-20 per day there.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and
I'll understand." - Confucius
"Gregg Hill" <bogus@xxxxxxxxxxx> wrote in message
news:%23a9Ts5H%23GHA.4404@xxxxxxxxxxxxxxxxxxxxxxx
Hello!
I have Trend CSM 3.0 SP1 (build 1147) on my SBS 2003 server and some
of my clients' SBS 2003 servers.
By default, the SMEX portion of Trend CSM will create a "Spam Folder"
in each users' mailbox. This is the End User Quarantine, or EUQ. What
I found was that most users failed to check that folder for possible
false positives, or they did not even see the folder in Outlook
because they had so many folders above it. "Out of sight, out of mind"
seems to be the phrase that applies here.
So what I have done is remove the EUQ and then re-install it, but I
named the folder as * Possible Spam during the re-installation of the
EUQ (that is "* Possible Spam" without the quotation marks) so it
stays at the top of the Outlook folders. Now everyone sees it and
checks it.
The problem now is that some users get 5000 messages every two weeks
(according to the SBS usage report) and most of that is spam. In order
to reduce the time they spend looking for legitimate messages, I have
implemented Connection Filtering (sbl-xbl.spamhaus.org) as well as the
IMF in Exchange SP2. Recipient Filtering was added a long time ago
with tarpitting (I know the end user never sees the result).
I have the IMF set to archive messages over SCL 6 (I may go to 7) and
move to Junk at 5. So far, an SCL of 6 has only trapped one valid
message, and that was from Backup Exec running on the same server (see
thread "Strange IMF Behavior").
Trend EUQ still has a bunch of spam in it as well. I have Outlook set
to show the SCL and I am reviewing those caught by Trend to see if I
can safely lower the gateway SCL in IMF.
Currently, users have to look in two places to make sure no valid
message got flagged as spam. I wish Trend's product would integrate
better into Outlook so users could look in one location and use one
method to approve and/or block mail. I though about naming the Trend
EUQ as "Junk E-mail" folder so everything goes into one box, but then
I get the "out of sight..." problem again, and I am not sure what
would happen if both IMF and Trend dumped into that folder, since they
have different methods of approving users.
How have the rest of you Trend CSM users been handling this concern?
Gregg Hill
.
- Follow-Ups:
- Re: Using IMF in conjunction with Trend CSM
- From: Gregg Hill
- Re: Using IMF in conjunction with Trend CSM
- References:
- Using IMF in conjunction with Trend CSM
- From: Gregg Hill
- Re: Using IMF in conjunction with Trend CSM
- From: Les Connor [SBS Community Member - SBS MVP]
- Re: Using IMF in conjunction with Trend CSM
- From: Gregg Hill
- Re: Using IMF in conjunction with Trend CSM
- From: Les Connor [SBS Community Member - SBS MVP]
- Re: Using IMF in conjunction with Trend CSM
- From: Gregg Hill
- Using IMF in conjunction with Trend CSM
- Prev by Date: Re: Domains or workgroups
- Next by Date: Re: Is R2 upgrade worth it.....?
- Previous by thread: Re: Using IMF in conjunction with Trend CSM
- Next by thread: Re: Using IMF in conjunction with Trend CSM
- Index(es):
Relevant Pages
|
