Configuring Antispam and Message Filtering Options

Previous page
Table of content
Next page

Every minute users spend dealing with unsolicited commercial e-mail (called spam) or other unwanted e-mail is a minute they cannot do their work and deal with other issues. To deter spammers and other senders from whom users don't want to receive messages, you can use message filtering to block these people from sending messages to your organization. Not only can you filter messages that claim to be from a particular sender or that are sent to a particular receiver, you can also establish connection filtering rules based on real-time block lists. The sections that follow discuss these and other antispam options.

As you configure message filtering, keep in mind that Exchange Server 2007 is designed to combat the most commonly used spammer techniques, but cannot block all of them. Like the techniques of those who create viruses, the techniques of those who send spam frequently change, and you won't be able to prevent all unwanted email from going through. You should, however, be able to substantially reduce the flow of spam into your organization.

Filtering Spam and Other Unwanted E-mail by Sender

Sometimes, when you are filtering spam or other unwanted e-mail, you'll know specific e-mail addresses or e-mail domains from which you don't want to accept messages. In this case, you can block messages from these senders or e-mail domains by configuring sender filtering. Another sender from which you probably don't want to accept messages is a blank sender. If the sender is blank, it means the From field of the e-mail message wasn't filled in and the message is probably from a spammer.

Sender filtering is enabled by default. To configure filtering according to the sender of the message, follow these steps:

  1. Start Exchange Management Console. On an Edge Transport server, select Edge Transport, and then click the Anti-Spam tab in the details pane. On a Hub Transport server for which you've enabled spam filtering, expand the Organization Configuration node, select Hub Transport, and then click the Anti-Spam tab in the details pane.

  2. Right-click Sender Filtering, and then select Properties. The Sender Filtering Properties dialog box appears.

  3. On the Blocked Senders tab (shown in Figure 15-8), the Senders list box shows the current sender filters, if any.

    image from book
    Figure 15-8: Use sender filtering to set restrictions on addresses and domains that can send mail to your organization.

  4. You can add a sender filter by clicking Add. In the Add Blocked Senders dialog box, select Individual E-mail Address if the filter is for a specific e-mail address, or select Domain if you want to filter all e-mail sent from a particular domain. Type the e-mail address or domain name, as appropriate, and then click OK.

  5. You can remove a filter by selecting it, and then clicking Remove.

  6. To edit a filter, double-click the filter entry, enter a new value, and then click OK.

  7. On the Blocked Senders tab, you can also filter messages that don't have an e-mail address in the From field. To do this, select the Block Messages From Blank Senders check box.

  8. On the Action tab, specify how messages from blocked senders are to be handled. If you want to ensure that Exchange doesn't waste processing power and other resources dealing with messages from filtered senders, select the Reject Message check box. If you want to mark messages as being from a blocked sender and continue processing them, select Stamp Message With Blocked Sender And Continue Processing. Click OK.

Filtering Spam and Other Unwanted E-mail by Recipient

In any organization, you'll have users whose e-mail addresses change, perhaps because they request it, leave the company, or change office locations. Although you might be able to forward e-mail to these users for a time, you probably won't want to forward email indefinitely. At some point, you, or someone else in the organization, will decide it's time to delete the user's account, mailbox, or both. If the user is subscribed to mailing lists or other services that deliver automated e-mail, the automated messages continue to come in, unless you manually unsubscribe the user or reply to each e-mail that you don't want to receive the messages. That's a measure that wastes time, but Exchange administrators often find themselves doing this. It's much easier to add the old or invalid e-mail address to a recipient filter list and specify that Exchange shouldn't accept messages for users who aren't in the Exchange directory. Once you do this, Exchange won't attempt to deliver messages for filtered or invalid recipients, and you won't see related nondelivery reports (NDRs), either.

Recipient filtering is enabled by default. To configure filtering according to the message recipient, follow these steps:

  1. Start Exchange Management Console. On an Edge Transport server, select Edge Transport, and then click the Anti-Spam tab in the details pane. On a Hub Transport server for which you've enabled spam filtering, expand the Organization Configuration node, select Hub Transport, and then click the Anti-Spam tab in the details pane.

  2. Right-click Recipient Filtering, and then select Properties. The Recipient Filtering Properties dialog box appears.

  3. On the Blocked Recipients tab (shown in Figure 15-9), the Recipients list box shows the current recipient filters, if any.

    image from book
    Figure 15-9: Use recipient filtering to set restrictions for specific or invalid recipients.

  4. You can filter messages that are sent to recipients who don't have e-mail addresses and aren't listed as recipients in your Exchange organization. To do this, select the Block Messages Sent To Recipients Not Listed In the Recipient List check box.

  5. Before you can add other recipient filters, you must select the Block The Following Recipients check box. You can then add a recipient filter by typing the address you'd like to filter, and then clicking Add. Addresses can refer to a specific e-mail address, such as walter@microsoft.com, or a group of e-mail addresses designated with the wildcard character (*), such as *@microsoft.com, to filter all e-mail addresses from http://microsoft.com; or *@*.microsoft.com, to filter all e-mail addresses from child domains of http://microsoft.com.

  6. You can remove a filter by selecting it, and then clicking Remove.

  7. To edit a filter, double-click the filter entry, enter a new value, and then press Enter. Click OK.

Filtering Connections with Real-Time Block Lists

If you find that sender and recipient filtering isn't enough to stem the flow of spam into your organization, you might want to consider subscribing to a real-time block list service. Here's how this works:

  • You subscribe to a real-time block list service. Typically, you'll have to pay a monthly service fee. In return, the service lets you query their servers for known sources of unsolicited e-mail and known relay servers.

  • The service provides you with domains you can use for validation and a list of status codes to watch for. You configure Exchange to use the specified domains and enter connection filtering rules to match the return codes. Then you configure any exceptions for recipient e-mail addresses or sender IP addresses.

  • Each time an incoming connection is made, Exchange performs a lookup of the source IP address in the block list domain. A "host not found" error is returned to indicate the IP address is not on the block list and that there is no match. If there is a match, the block list service returns a status code that indicates the suspected activity. For example, a status code of 127.0.0.3 might mean that the IP address is from a known source of unsolicited e-mail.

  • If there is a match between the status code returned and the filtering rules you've configured, Exchange returns an error message to the user or server attempting to make the connection. The default error message says that the IP address has been blocked by a connection filter rule, but you can specify a custom error message to return instead.

The sections that follow discuss applying real-time block lists, setting provider priority, defining custom error messages to return, and configuring block list exceptions. These are all tasks you'll perform when you work with real-time block lists.

Applying Real-Time Block Lists

Before you get started, you'll need to know the domain of the block list service provider, and you should also consider how you want to handle the status codes the provider returns. Exchange allows you to specify that any return status code is a match, that only a specific code matched to a bit mask is a match, or that any of several status codes that you designate can match.

Table 15-1 shows a list of typical status codes that might be returned by a provider service. Rather than filter all return codes, in most cases, you'll want to be as specific as possible about the types of status codes that match. This ensures that you don't accidentally filter valid e-mail. For example, based on the list of status codes of the provider, you might decide that you want to filter known sources of unsolicited e-mail and known relay servers, but not filter known sources of dial-up user accounts, which might or might not be sources of unsolicited e-mail.

Table 15-1: Typical Status Codes Returned by Block List Provider Services
Open table as spreadsheet

Return Status Code

Code Description

Code Bit Mask

Return Status Code

127.0.0.2

Dial-up user account

0.0.0.2

127.0.0.2

127.0.0.3

Known source of unsolicited e-mail

0.0.0.3

127.0.0.3

127.0.0.4

Known relay server

0.0.0.4

127.0.0.4

127.0.0.5

Dial-up user account using a known source of unsolicited e-mail

0.0.0.5

127.0.0.5

127.0.0.6

Dial-up user account using a known relay server

0.0.0.6

127.0.0.6

127.0.0.7

Known source of unsolicited e-mail and a known relay server

0.0.0.7

127.0.0.7

127.0.0.9

Dial-up user, known source of unsolicited e-mail, and known relay server

0.0.0.9

127.0.0.9

You can filter connections using real-time block lists by completing the following steps:

  1. Start Exchange Management Console. On an Edge Transport server, select Edge Transport, and then click the Anti-Spam tab in the details pane. On a Hub Transport server for which you've enabled spam filtering, expand the Organization Configuration node, select Hub Transport, and then click the Anti-Spam tab in the details pane.

  2. Right-click IP Block List Providers, and then select Properties. The IP Block List Providers Properties dialog box appears.

  3. Click the Providers tab. The Block List Providers list box shows the current Block List providers, if any.

  4. Click Add to add a Block List provider. The Add IP Block List Provider dialog box appears, shown in Figure 15-10.

    image from book
    Figure 15-10: Configure the Block List provider.

  5. Type the name of the provider in the Provider Name text box.

  6. In the Lookup Domain text box, type the domain name of the block list provider service, such as http://proseware.com.

  7. Under Return Status Codes, select Match To Any Return Code to match any return code (other than an error) received from the provider service, or select one or more of the following options:

    • q Match To Any Return Code Select this option to match any return code (other than an error) received from the provider service.

    • q Match To The Following Mask Select this option to match a specific return code from the provider service. For example, if the return code for a known relay server is 127.0.0.4 and you want to match this specific code, you would type the mask 0.0.0.4.

    • q Match To Any Of The Following Responses Select this option to match specific values in the return status codes. Type a return status code to match, and then click Add. Repeat as necessary for each return code that you want to add.

  8. Click OK to start using real-time block lists from the block list provider.

Setting Priority and Enabling Block List Providers

You can configure multiple block list providers. Each provider is listed in priority order, and if Exchange makes a match using a particular provider, the other providers are not checked for possible matches. In addition to priority, providers can also be enabled or disabled. If you disable a provider, it is ignored when looking for possible status code matches.

You can set block list provider priority and enable or disable providers by completing the following steps:

  1. Start Exchange Management Console. On an Edge Transport server, select Edge Transport, and then click the Anti-Spam tab in the details pane. On a Hub Transport server for which you've enabled spam filtering, expand the Organization Configuration node, select Hub Transport, and then click the Anti-Spam tab in the details pane.

  2. Right-click IP Block List Providers, and then select Properties. The IP Block List Providers Properties dialog box appears.

  3. Click the Providers tab. The Block List Providers list box shows the current Block List providers in priority order.

  4. To change the priority of a provider, select it, and then click the Move Up or Move Down button to change its order in the list.

  5. To disable a provider, select it, and then click Disable.

  6. To enable a provider, select it, and then click Enable.

  7. Click OK to close the Properties dialog box.

Specifying Custom Error Messages to Return

When a match is made between the status code returned and the filtering rules you've configured for block list providers, Exchange returns an error message to the user or server attempting to make the connection. The default error message says that the IP address has been blocked by a connection filter rule. If you want to override the default error message, you can specify a custom error message to return on a per-rule basis. The error message can contain the following substitution values:

  • %0 to insert the connecting IP address

  • %1 to insert the name of the connection filter rule

  • %2 to insert the domain name of the block list provider service

    Some examples of custom error messages include the following:

  • The IP address (%1) was blocked and not allowed to connect.

  • %1 was rejected by %2 as a potential source of unsolicited e-mail.

Using the substitution values, you can create a custom error message for each block list provider by following these steps:

  1. Start Exchange Management Console. On an Edge Transport server, select Edge Transport, and then click the Anti-Spam tab in the details pane. On a Hub Transport server for which you've enabled spam filtering, expand the Organization Configuration node, select Hub Transport, and then click the Anti-Spam tab in the details pane.

  2. Right-click IP Block List Providers, and then select Properties. The IP Block List Providers Properties dialog box appears.

  3. On the Providers tab, the Block List Providers list box shows the current block list providers in priority order. Select the block list provider for which you want to create a custom error message, and then click Edit.

  4. In the Edit IP Block List Provider dialog box, click Error Messages.

  5. In the IP Block List Provider Error Message dialog box, select Custom Error message, and then type the error message to return. Click OK twice.

Defining Block List Exceptions and Global Allow/Block Lists

Sometimes, you'll find that an IP address, a network, or an e-mail address shows up incorrectly on a block list. The easiest way to correct this problem is to create a block list exception that indicates that the specific IP address, network, or e-mail address shouldn't be filtered.

Creating or Removing Connection Filter Exceptions for E-mail Addresses

You can define connection filter exceptions for e-mail addresses by completing the following steps:

  1. Start Exchange Management Console. On an Edge Transport server, select Edge Transport, and then click the Anti-Spam tab in the details pane. On a Hub Transport server for which you've enabled spam filtering, expand the Organization Configuration node, select Hub Transport, and then click the Anti-Spam tab in the details pane.

  2. Right-click IP Block List Providers, and then select Properties. The IP Block List Providers Properties dialog box appears.

  3. On the Exceptions tab, any current exceptions are listed by e-mail address. Type the e-mail address to add as an exception, such as abuse@adatum.com, and then click Add.

  4. To delete an exception, select an existing e-mail address, and then click Remove.

  5. Click OK to save your settings.

Creating or Removing Global Allowed Lists for IP Addresses and Networks

Exchange will accept e-mail from any IP address or network on the global allowed list. To define allowed entries for IP addresses and networks, complete the following steps:

  1. Start Exchange Management Console. On an Edge Transport server, select Edge Transport, and then click the Anti-Spam tab in the details pane. On a Hub Transport server, expand the Organization Configuration node, select Hub Transport, and then click the Anti-Spam tab in the details pane.

  2. Right-click IP Allow List, and then select Properties. The IP Allow List Properties dialog box appears.

  3. On the Allowed Addresses tab, you'll see a list of current IP addresses and networks that are configured on the allowed list.

  4. Click Add to add an IP address or network to the allowed list:

    • q To allow a single IP address, type the IP address in the text box provided, such as 192.168.10.45, and then click OK.

    • q To allow all IP addresses on a network, type the network address, such as 192.168.0.0/24, and then click OK.

  5. To remove an existing entry from the allowed list, click the entry, and then click Remove.

  6. Click OK to save your settings.

Creating or Removing Global Block Lists for IP Addresses and Networks

Exchange will reject e-mail from any IP address or network on the block list. To define block list entries for IP addresses and networks, complete the following steps:

  1. Start Exchange Management Console. On an Edge Transport server, select Edge Transport, and then click the Anti-Spam tab in the details pane. On a Hub Transport server, expand the Organization Configuration node, select Hub Transport, and then click the Anti-Spam tab in the details pane.

  2. Right-click IP Block List, and then select Properties. The IP Block List Properties dialog box appears.

  3. On the Blocked Addresses tab, you'll see a list of current IP addresses and networks that are configured on the block list. Click Add to add an IP address or network to the block list:

    • q To block a single IP address, type the IP address in the text box provided, such as 192.168.10.45, and then click OK.

    • q To block all IP addresses on a network, type the network address, such as 192.168.0.0/24, and then click OK.

  4. To remove an entry from the block list, select the entry, and then click Remove.

  5. Click OK to save your settings.



Previous page
Table of content
Next page
Microsoft Exchange Server 2007 Administrator's Pocket Consultant
Microsoft Exchange Server 2007 Administrators Pocket Consultant Second Edition
ISBN: 0735625867
EAN: 2147483647
Year: 2007
Pages: 119
Authors: William R. Stanek
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
MySQL Stored Procedure Programming
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Developing Tablet PC Applications (Charles River Media Programming)
Microsoft VBScript Professional Projects
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy