Solved

SPAM-is there a way to put rules in Exchange 5.5 at server level to block keywords, etc?, SPAM

Posted on 2002-07-13
13
217 Views
Last Modified: 2010-03-05
SPAM-is there a way to put rules in Exchange 5.5 at server level to block keywords, etc?, SPAM, pcumming

We have Outlook 2002 and Exchange 5.5. We have been receiving an increasing amount of SPAM. We are educating our employees on the do's and dont's of using the Internet and giving out a work email address in certain situations.

Question 1. Is there a way to block keywords or add rules at the Exchange Server level (version 5.5) at each of our Exchange servers?
Is there a limit on keywords or rules, etc?? We have Outlook 2002 and can create it at the client level but prefer not to.

Since spammers can send jpegs and bmps of course we cannot filter on them. As a company we need to be able to send such to each other.

Also since spammers falsify header info, I think it would be a waste to try to capture a true from address or a made up domain name in the routing of the email or a false ISP.

Question 2. Therefore I am not sure an external product (which we are open to spending the necessary money on) would be as helpful as a decent set of rules.

Comments and answers to the above?

Thanks,
Peter
pcumming@yahoo.com
0
Comment
Question by:pacumming
  • 5
  • 5
  • 2
  • +1
13 Comments
 
LVL 10

Expert Comment

by:kevala
ID: 7151731
Here's how to stop the spamming....

1. Open the properties on the Exchange Server Internet Mail Service and select the Routing page. After the SP1 installation, this page will have an additional button called <Routing Restrictions...>.

2. Click Routing Restrictions to bring up a dialog box with additional Restrictions.

3. Check the box for "Hosts and Clients that Successfully Authenticate"

4. Restart the Internet Mail service

REF:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q196626

This will allow only users who authenticate to send mail off of your server.



IF you have pop 3 users, you will need to review the following article after apply the setting above.

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q279860

You have to modify a setting in pop3 users' profiles to allow them to send mail off the server....

This should do the trick!!
0
 

Author Comment

by:pacumming
ID: 7151736
We do not have POP 3 turned on via exchange.
However of course we do receive email via Pop3.

Now with respect to authenticating.
The Q article states
"Hosts and clients that successfully authenticate:
Messages sent from hosts and clients with valid logon information are relayed. "

We do not want to allow relaying of course off of our server. I am not sure if this box is checked or not as I am not the Exchange admin.

But by checking this box what does Exchange do (in terms of authentication) when it receives an email perhaps from my own account at Yahoo to my corporate account that uses Exchange? Does it try to do a ping?

If the Spammer has a false (from) header that is not his own but is valid as well as  falsified (but a valid-not his own) ISP header info (if possible), then would this not pass all the rules for authentication?

Just asking

I know there are multiple solutions that may need to be employed to filter out perhaps 80% of abusive unsolicited, etc.  email.
We are not a fan of using blacklists since these change all too often.
Also too hard to have a list of addresses that we only will allow since we have about 8,000 employees.

Thanks.

Peter

Thanks< peter
0
 
LVL 10

Expert Comment

by:kevala
ID: 7151757
Peter,

By checking that box, (Hosts and clients that successfully authenticate) - it will actually prevent anyone from being able to RELAY off of your server....you would need to follow this article to prevent SPAM mail....

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q245465
0
 

Expert Comment

by:ferose
ID: 7154153
kevala :

The filtering option would require you to enetr each domain seperately. not an enviable task...

Earlier commecnts are anyway about relay control not spam...

My guess is that Exchange doesn't have an effective mechanism to curn spam. Third party software's if any might help..I haven't looked up for one so far... but i sure download.com should have few good ones listed.

ferose      
0
 

Author Comment

by:pacumming
ID: 7154374
Yes that is correct. My problem is SPAM, not relaying.

We have Exchange 5.5
Would like to without third party software add filter words for ALL emails that come in to our 4 Exchange Servers. However I think that 5.5 does not support this only Exchange 2000. Can someone verify this and how robust Exchange 2000 is in adding words to filter on subject and body?

Or would it be better to filter at client and perhaps faster?

Finally, if you know of some good 3rd party software that would be great. However due to the falsification of header info, domains always changing, not sure that a product can do it any better than key word searches.

However I am open to any suggestions, arguments,etc..

Thanks, Peter
0
 
LVL 4

Expert Comment

by:Nevaar
ID: 7154421
Check the following web pages for a list of anti-spam & content checker software:

http://www.msexchange.org/software/software.asp?cat=AntiSpam

http://www.msexchange.org/software/software.asp?cat=ContentChecking
0
Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

 

Author Comment

by:pacumming
ID: 7154646
Still would like a basic answer on these questions.

Can someone answer these please:
Would like to filter without third party software and add filter words for ALL emails that come in to our 4 Exchange Servers.

1.***However I think that 5.5 server does not support email word filtering at the server level. Can someone verify this?

2. Does Exchange 2000?


3. How good is it? Pros/Cons



Thanks, Peter
0
 
LVL 4

Expert Comment

by:Nevaar
ID: 7154726
Neither Exchange 5.5 nor 2000 have keyword email filtering built-in.
0
 

Author Comment

by:pacumming
ID: 7154934
Sure about Exchange 2000? I read somewhere that it did. Or are you saying it can only filter domains and blank from address, etc.. as opposed to checking words/content in emails?


Can one write their own add-in for this?

Thanks, Peter
0
 
LVL 4

Expert Comment

by:Nevaar
ID: 7154978
Exchange 2000 can do sender filtering, not content/keyword filtering.
0
 
LVL 4

Expert Comment

by:Nevaar
ID: 7154985
As far as writting add-ins, that's what the third-party venodrs are doing.  So it can be done, it's just a matter of time & money.
0
 

Author Comment

by:pacumming
ID: 7157707
Any commments on best packages, use of outsourcers to review spam, how to determine amount of spam in a company, etc..?


We have Exchange 5.5 and about 4,000 employees.
We still have a few hard questions we are trying to find some answers for our Senior Managment.

1. How can we determine what laws exist or retribution we may have if we receive SPAM or unsolicited email in the states in which our various corporation resides?
And with such laws, does anyone know how successful such cases may be against a sender, ISP, etc...?
Our goal is to determine what recourse we have against such senders, ISP's etc in our efforts to reduce SPAM.
Any websites, names or resources would be beneficial.


2. Is there any way to determine the probability perhaps based on industry averages of what percentage of SPAM, UCE comprises is the total of all inbound Internet email (not internal email)?

Is there any way to determine the % chance of an employee bringing action against the company they work for, for not being vigilant enough in action to reduce SPAM?
Any case studies would be great.

The only approach we came up with was:
A. Offer our employees an internal website form to report the number of unsolicited emails received. Then we perform an extrapolation and an average over a period of time. Or we could set up a mailbox for them to report this into along with the offending email.

B. Outsource some of our email to a service provider and have them perform the analysis over a 2 week period or so. The downside to this is the loss of control, hoping there is no interruption in service, that we as a company are content with  an outside party having access to all our emails, and finally-that they report accurate numbers to us through their algorithms as opposed to an inflated number to earn our business.

3. What are best practices in terms of policies for a corporation and employees to have in place regarding SPAM?


4. What is the best way to combat SPAM. I have heard that packages that use blacklists are not that effective, and those that use keywords are about the same 20% effective. To be more effective would require perhaps 1-2 people to assist in monitoring and tweaking filters and lists.

It was recommended that the best approach for our 4,000 user base was to outsource the email filtering process.

Not sure why fairly sophisticated keyword type rules could not catch perhaps up to 80%. I realize that spammers forge header info so adding the FROM info or domain name probably will not help.
I know pictures cannot be scanned correctly for the most part.
And emails that state "Click here to see my pictures", may be a valid email.

Perhaps some package can do keyword filters as well as authenticate the domain it came from without of course adding our name to their list. A ping perhaps. But then again, if they forge some of the MTA and Header info-then it could be a valid from address.

Comments?


Peter
0
 
LVL 4

Accepted Solution

by:
Nevaar earned 500 total points
ID: 7157803
I think that your questions will require a fair amount of research and, honestly, the effort would far exceed the time I'm willing to invest.

Start with the web (Google.com) and trade magazines to locate the background information you're looking for.

Good luck.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now