Using Exchange s Spam Control Features

Using Exchange’s Spam Control Features

Exchange 2000 has a relatively small set of antispam features. That’s because its designers couldn’t have reasonably expected the volume of spam to grow to its current level. However, Exchange does allow you to block mail sent by specified individuals or domains and to block SMTP connections from particular IP addresses. The process of adding IP restrictions to an SMTP virtual server was discussed earlier, but the process of enabling filtering by sender or domain is different enough to warrant its own explanation.

Creating a Domain or Sender Filter

You add sender-based or domain-based restrictions with the Filtering tab of the Message Delivery Properties dialog box. To get there, open Exchange System Manager, open the Global Settings node, right-click the Message Delivery node, and select the Properties command. When the Properties dialog box appears, click the Filtering tab (see Figure 8-8).

Figure 8-8: Block senders or domains with the Filtering tab of the Message Delivery Properties dialog box.

The controls in the Filtering tab are easy to understand:

• The Senders list shows which current senders and domains you’ve chosen to block. You can add new senders with the Add button, edit existing ones with the Edit button, or remove them with the Remove button. You can use the * wildcard character in domain names. This feature allows you to block multiple domains or senders with judicious wildcarding.

• The Archive Filtered Messages check box controls whether Exchange will keep copies of messages that it filters. By default, those messages are stored in the Filter directory under the SMTP virtual servers directory in the server’s mailroot (for example, filtered messages for the first virtual server will be in \Program files\Exchsrvr\Mailroot\Vsi 1\Filter). When you select this check box, Exchange starts filtering messages, and it never removes the archived mail. You’ll need to create a script or scheduled task that periodically compresses or moves the archive contents.

• The Filter Messages With Blank Sender check box allows you to automatically filter messages that don’t contain a valid RFC 822–format sender name. Many spammers generate messages with a blank From line, so selecting this check box cuts those off. Unfortunately, Exchange system monitoring messages will be caught by this filter unless you upgrade your Exchange servers to Windows 2000 Service Pack 3 or later.

• The Accept Messages Without Notifying Sender Of Filtering check box determines whether an NDR is generated for each message that’s filtered. Normally, you’ll leave this check box cleared—after all, why give a spammer notice that your server is working properly? For machines with large filter lists and lots of incoming mail, generating NDRs can create a performance burden. (In addition, a malicious person could forge lots of fake messages and cause your server to generate a large volume of NDRs to an uninvolved third-party domain.)

Activating the Filter

Once you’ve specified filter settings in the Message Delivery Properties dialog box, you still have to tweak the SMTP virtual servers that accept mail from the Internet so that they honor the filter restrictions (see Figure 8-9). This behavior is by design; filtering has a performance cost, so it’s turned off by default. Fortunately, you can easily control filtering on individual virtual servers:

Figure 8.9: You must turn on filter evaluation on individual SMTP virtual servers.

1. Open the virtual server’s Properties dialog box, and click Advanced in the General tab.

2. In the Advanced dialog box, select the port and IP address combination for which you want to activate filtering, and then click Edit.

3. In the Identification dialog box, make sure the Apply Filter check box is selected.