Re: Foreign Language SPAM and Exchange 2003 IMF





Thanks Robbin for a great summary.
I shall work through your recommendations with our client.
Regards
Norm Hughes




""Robbin Meng [MSFT]"" <v-robmen@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:okrcIyOZJHA.2212@xxxxxxxxxxxxxxxxxxxxxxxxx

Hello Norm,

Thank you for your post and also thanks for Jim's input.

Anti-Spam is an old and eternal topic. Blocking the spammer domain name/IP
every day is not recommended since most of the spammer will spoof the IP
address and domain name with dynamic ones. Therefore, this method is not
efficient and time-consuming.

Instead please check the following suggestions and links to know more
about
anti-spam deployment in Exchange server.


Suggestion One: Connection-Level Protection - [ IP Connection Filtering ]
=====================
Like Jim indicated, Connection filtering is used to configure Exchange
Server to contact a Realtime Block List (RBL) provider to determine
whether
the computer that an e-mail message is sent from appears in a list of
"blacklisted" computers. You can also configure exceptions to these
connection filters.

How to configure connection filtering to use Realtime Block Lists (RBLs)
and how to configure recipient filtering in Exchange 2003
http://support.microsoft.com/kb/823866/

Use a RBL and stop 90% of the spam. You want Exchange SP2 on your server.
http://msmvps.com/blogs/bgb/archive/2008/02/23/exchange-connection-filter-us
ing-a-real-time-block-list-and-imfperfmon-msc.aspx


Suggestions Two: Protocol-Level Protection - [Recipient and Sender
Filtering ]
=====================
Exchange Server 2003 provides a recipient filtering feature that can block
an e-mail message that has been sent to a recipient that does not exist.
The recipient filtering feature blocks the e-mail message by rejecting the
recipient that does not exist. The recipient filtering feature blocks the
e-mail message at the Simple Mail Transfer Protocol (SMTP) level. A side
effect of this feature is that a malicious sender or a sender of
unsolicited commercial e-mail can enumerate e-mail addresses that do exist
by using a technique that is known as a directory harvest attack.

If you click to select the "Filter recipients who are not in the
Directory"
check box when you configure the recipient filtering feature, directory
lookup for recipients is enabled. If directory lookup is enabled, senders
of unsolicited e-mail may discover valid e-mail addresses in your Exchange
Server organization.

How to prevent unsolicited commercial e-mail in Exchange 2003
http://support.microsoft.com/kb/821746/en-us


Suggestions Three: Content-Level Protection - [ Intelligent Message
Filter ]
=====================
Microsoft Exchange Server Intelligent Message Filter helps companies
reduce
the amount of unsolicited commercial e-mail (UCE), also known as spam,
received by users. This guide provides overall operational information to
help optimize the performance of Exchange Server Intelligent Message
Filter.

1. Microsoft Exchange Intelligent Message Filter£¨IMF£© Deployment Guide
http://www.microsoft.com/downloads/details.aspx?familyid=B1218D8C-E8B3-48FB-
9208-6F75707870C2&displaylang=en

2. Monitoring and Troubleshooting Exchange Server Intelligent Message
Filter
http://technet.microsoft.com/en-us/library/aa995865.aspx


Suggestion Four: SMTP tar pitting
=====================
Tar pitting is the practice of deliberately inserting a delay into certain
SMTP communications that are associated with spam or with other unwanted
traffic. To be effective, these kinds of communications typically rely on
generating a high volume of traffic. By slowing an SMTP conversation, you
can dramatically reduce the rate at which automated spam can be sent or at
which a dictionary attack can be conducted. Legitimate traffic may also be
slowed by tar pitting.

1. SMTP tar pit feature for Microsoft Windows Server 2003
http://support.microsoft.com/kb/842851/en-us

2. A software update is available to help prevent the enumeration of
Exchange Server 2003 e-mail addresses
http://support.microsoft.com/kb/899492/en-us


More related information:

Exchange Server 2003 Anti-Spam Framework Overview
http://download.microsoft.com/download/0/E/6/0E6A7113-DDA4-4FD7-AABA-B9E2647
00225/Anti-Spam.doc

Exchange server - New Weapons In The Fight Against Spam
http://technet.microsoft.com/zh-cn/magazine/cc161028(en-us).aspx

TechNet Support WebCast: Fighting spam using Microsoft Exchange Server
2003
http://support.microsoft.com/kb/841058/en-us

Microsoft Exchange Server 2003 Message Security Guide
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=2305
405c-faf1-488a-a856-ad467bb59b26

Anti-virus/Anti-spam
http://social.technet.microsoft.com/Forums/en-US/exchangesvrantivirusandanti
spam/threads/

At the same time, if possible, you may also consider install any anti-spam
program on the server to reduce more spam.


Hope this helps. Also, if you have any questions or concerns, please do
not
hesitate to let me know.

Thanks for your earlier feedback!


Sincerely,
Robbin Meng
Microsoft Online Newsgroup Support



.



Relevant Pages

  • Re: Foreign Language SPAM and Exchange 2003 IMF
    ... Connection filtering is used to configure Exchange ... Exchange Server 2003 provides a recipient filtering feature that can block ... help optimize the performance of Exchange Server Intelligent Message Filter. ...
    (microsoft.public.windows.server.sbs)
  • RE: Echange problem recieving mail (all else works (i think))
    ... Let us refer to the following steps to troubleshoot the issue: ... This may also occur if there is Recipient Filtering configured. ... open Exchange Server Manager, go to Global Settings -> Message Delivery, ... to enable message tracking log to further analyze the issue: ...
    (microsoft.public.windows.server.sbs)
  • Re: We are being blocked from various mail servers because of trojan
    ... Connection filtering is used to configure Exchange Server to contact a Realtime Block List provider to determine whether the computer ... Exchange Server 2003 provides a recipient filtering feature that can block an e-mail message that has been sent to a recipient that does not exist. ... How to configure connection filtering to use Realtime Block Lists and how to configure recipient filtering in Exchange 2003 ...
    (microsoft.public.windows.server.sbs)
  • RE: We are being blocked from various mail servers because of trojan
    ... Regarding your concern about how to find the originating IP addresses of spam and virus mail messages in SBS server, I am afraid that you may need to ... Connection filtering is used to configure Exchange Server to contact a Realtime Block List provider to determine whether the computer ... Exchange Server 2003 provides a recipient filtering feature that can block an e-mail message that has been sent to a recipient that does not exist. ...
    (microsoft.public.windows.server.sbs)
  • Re: "recipient Filtering and the Filter recipients who are not in the directory checkbox
    ... I not that the SENDER filtering ... but the RECIPIENT archiving does not. ... The recipient filtering feature is working. ...
    (microsoft.public.exchange2000.general)