Hello Friends,
While going through the IMF article : http://exchangeserverinfo.com/2007/05/05/imf.aspx which is posted by Ashwin Kumar, I taught lets elaborate it little bit more further regarding this Spam Email in an Exchange server environment and how Microsoft come up with Anti-spam software inorder to reduce the spam mail flow in a Exchange Organization.
As you all aware what is unsolicited email message which is also known as junk e-mail messages or spam. It is normally sent from a single source with a intention of broadcasting to as many mailboxes as they can, at one time. Main intention of spammer is that they want each and every user should open it and read it so that they can make money out of this sort of transaction. But because of their own profit one better exchange organization will loose the good performance level and their business will get effected in one or other way round.
So inorder to reduce this spam mail chain Microsoft developed a FRAMEWORK which has the combination of different methods for fighting spam within Exchange server environment after the release of SP2 for exchange 2003. This framework is called as “Exchange Server 2003 Anti-Spam Framework “. With the help of this we can filter and categorize the spam.
Anti-spam works at three level – the connection level, the protocol level and the content level.
Connection-level protection
• IP connection filtering
• Real-time block lists
Protocol-level protection
• Recipient and sender blocking
• Sender ID
Content-level protection
• Exchange Intelligent Message Filter
• Outlook 2003 and Outlook Web Access Junk E-Mail
Connection-level protection is the first layer which comes under the ant-spam process. It is initial steps process which will identify whether the mail is spammed one or not based on the ip address which is being blocked. Advantage, if spam mail is initially identified then there would be very less chance of loop and wouldn’t be a mailflow traffic. Whenever any mail server communicate with exchange server it will go through port 25, that host is cross checked first based on the ip we have filtered or blocked if those message by-pass it that means it is validate and will move to our inbox folder.
Protocol-level Protection:
This is the second layer which is bit advanced from connection-level protection. It decide the mail is whether spam or no based on the Recipient and sender blocking & Sender ID. By implementing this, you can greatly reduce spam addressed from domain that have an Sender policy framework (SPF) record. The SMTP dialog between the sending SMTP host and the receiving SMTP host is analyzed to verify that the sender and recipients are allowed, and to determine the sender’s SMTP domain name.
Content-level Protection:
Third layer of anti-spam process. It will completely analize the mail whether it is spam or not based on the content level we filter it on the basis of characteristic. Under this Content-level protection we have IMF and Junk e-mail process. The filtering process done by characters but based on spam confidence level (SCL rate 1-9)
After IMF assigns an SCL to the message, it is evaluated against two thresholds configured by the administrator as follows:
1. Gateway blocking configuration: Block messages with an SCL rating greater than or equal to. If the SCL of a message is greater than or equal to the value set in this threshold, one of the following actions can be performed on the message :
• Archive
• Delete
• No action
• Reject
2. Store junk e-mail configuration: Move messages with an SCL rating greater than. If the message is greater than the value set in this threshold, the message will be delivered to the junk e-mail folder of the user’s inbox, unless the user has the sender on their safe senders list.
Anti-Pishing
It is a type of design which steal your identity, in other words to disclose valuable personal data such as credit card numbers etc. We have this anti-pishing technology in the IMF so that the pishing messages are assigned an appropriate SCL.
Based on the above Antispam process Spamming is reduced in the exchange server 2003 environment .
Let say I have Exchange Server 2003 environment in my organization and I have done lots of filterization rules based on the three level. Now my company wants Exchange 2007 which is not in the same forest or have huge list of allow/deny address, block list providers and blocked senders and domain in my existing exchange 2003 org. It is not so easy to re-do the same thing again.
Don’t worry my dear friend we have tool called as “Exchange 2007 Anti Spam Migration Tool.
This tool grap the information related to anti-spam setting and configuration from AD then converts them to Exchange 2007 code and writes them to a Power Shell script.
Inorder to avail this tool we should have windows2003\200, Microsoft .Net framerwork 1.1 or higher and the account under which this tool is run needs to have read rights to AD configuration container and read access to MSExchange.UCEContentFilter.xml.
Link for downloading this tool:
Exchange 2007 AntiSpam Migration Tool
Once we download this run “Exchange2007AnitSpamMigration.msi which will then extract the tool to C:\Program Files\Exchange2007AntiSpamMigration.
Note : We need to run this tool from the command lien as it doesn’t add any icons to the start menu.
Exchange2007AntiSpamMigration [/f:<full path to custom words file>] [/o:<outputfile name>] [/?]
/f: Optional full path to MSExchange.UCEContentFilter.xml file. If not specified, custom words or phrases are not migrated.
/o: Optional output file name. If not specified, output is written to MigratedSettings.ps1 in current directory.
/? Displays usage.
Thus by running Exchange2007AnitSpamMigration.exe we can export the setting and import our old setting back.
References
You can download the Microsoft Exchange Server 2003 Anti-Spam Framework Overview from the Microsoft Download Center at http://download.microsoft.com/download/0/E/6/0E6A7113-DDA4-4FD7-AABA-B9E264700225/Anti-Spam.doc.
The">download.microsoft.com/download/0/E/6/0E6A7113-DDA4-4FD7-AABA-B9E264700225/Anti-Spam.doc">http://download.microsoft.com/download/0/E/6/0E6A7113-DDA4-4FD7-AABA-B9E264700225/Anti-Spam.doc.
The Better Protection Against Spam topic in the Exchange Server 2003 SP2 Overview is available at www.microsoft.com/exchange/evaluation/sp2/overview.mspx#antispam.
Information about the Exchange Intelligent Message Filter (IMF) and updates for IMF are available from Microsoft TechNet at www.microsoft.com/technet/prodtechnol/exchange/downloads/2003/imf/default.mspx.
The white paper "Messaging Hygiene at Microsoft: How Microsoft IT Defends Against Spam, Viruses, and E-Mail Attacks" is available from Microsoft TechNet at www.microsoft.com/technet/itsolutions/msit/security/messaginghygienewp.mspx.
The article "Exchange Server 2003 Real-Time Block Lists" is available on Microsoft TechNet at www.microsoft.com/technet/prodtechnol/exchange/2003/insider/Block_Lists.mspx.
The Microsoft Knowledge Base article "How to configure connection filtering to use Realtime Block Lists (RBLs) and how to configure recipient filtering in Exchange 2003" is available at http://support.microsoft.com/default.aspx?scid=823866
Ismail Mohammed.
Unisys - Bangalore
