davidqxo
asked on
Exchange IMF classifies internal subdomain as junk
Our organization switched from Lotus Notes to Exchange/Outlook mail. But, as a Lotus Notes developer, I was permitted to stay with Notes. The problem is that any mail I send (or that any other Lotus Notes internal mailbox sends) to addresses in our company get classified as spam and sent by Exchange IMF to people's Junk folders.
The Exchange domain is ourhq.ourdomain.com, and the Lotus mail server domain is domino-mail.ourhq.ourdomai
Searching experts-exchange and elsewhere, I've seen the whitelist solutions, but our Exchange admin doesn't want to complicate mail management with an add-in.
I have a gut feeling it has to do with IMF treating the subdomain as junk under some anti-relay, anti-spoofing heuristic or setting.
Solutions I might anticipate could include:
- Free and easy whitelist capability (how could MS NOT include this!). Is that what this hack is: http://forums.msexchange.org/m_1800395576/mpage_1/key_/tm.htm ?
- Fix IMF's bias against the sub-domain.
- Implement an Outlook rule that IMF doesn't override, then apply that globally to our organization.
Thank you. --David
The Exchange domain is ourhq.ourdomain.com, and the Lotus mail server domain is domino-mail.ourhq.ourdomai
Searching experts-exchange and elsewhere, I've seen the whitelist solutions, but our Exchange admin doesn't want to complicate mail management with an add-in.
I have a gut feeling it has to do with IMF treating the subdomain as junk under some anti-relay, anti-spoofing heuristic or setting.
Solutions I might anticipate could include:
- Free and easy whitelist capability (how could MS NOT include this!). Is that what this hack is: http://forums.msexchange.org/m_1800395576/mpage_1/key_/tm.htm ?
- Fix IMF's bias against the sub-domain.
- Implement an Outlook rule that IMF doesn't override, then apply that globally to our organization.
Thank you. --David
ASKER
That's great information on getting updates to IMF, and maybe, hopefully at some point Microsoft will address the limitation of no whitelist capability. But I see nothing here that talks about IMF making patently wrong spam determinations, or how to get around those wrong classifications.
Hey sorry...
But i guess you missed the part in the link that speaks about "custom Weight List".
This is something that can be effectivly used to get positive or negative SCL rating to the email to consider an email as SPAM or NO-SPAM.
Microsoft Exchange Server 2003 Service Pack 2 Release Notes
http://download.microsoft.com/download/f/b/5/fb5c54af-fe5c-48e9-be97-f9e8207325ab/Ex_2003_SP2_RelNotes.htm
The link above tells you all about the feature i am trying to mention.
Raghu
But i guess you missed the part in the link that speaks about "custom Weight List".
This is something that can be effectivly used to get positive or negative SCL rating to the email to consider an email as SPAM or NO-SPAM.
Microsoft Exchange Server 2003 Service Pack 2 Release Notes
http://download.microsoft.com/download/f/b/5/fb5c54af-fe5c-48e9-be97-f9e8207325ab/Ex_2003_SP2_RelNotes.htm
The link above tells you all about the feature i am trying to mention.
Raghu
ASKER
You are correct, I did overlook the Custom Weighting Feature the first time through. An admin can use that feature to "...customize the behavior of Intelligent Message Filter, based on phrases that are in the body of an e-mail message, the subject line, or both." But I'm still not certain how that helps, other than in a crude sort of way. I suppose I could put some sort of special tag in my subject lines, like "[Hey, this truly is good stuff!] ...real subject..., " and then weight my tag to be non-spam. :)
I'm thinking there is a configuration issue at the heart of this problem ... something odd about the subdomain and anti-relaying, perhaps?
--David
I'm thinking there is a configuration issue at the heart of this problem ... something odd about the subdomain and anti-relaying, perhaps?
--David
IMF functions only on the content of the emails message. There is no way that we can make IMF stamp a positive or negative SCL rating except for the feature discussed above.
The process in which IMF refers to MSEXCHANGE.UCECONTENT.DLL is something that is totally out of our control. you might wanna change the body / subject contents on the email being sent, check devices in between that may be giving negetive SCL rating (symantec gateway protect), devices overwriting header information etc.
You might also want to check the settings on IMF to determine if its set to medium rather than being too harsh.
Can you possibly give an example of how the email address / domain look like from the lotus domain?
Raghu
The process in which IMF refers to MSEXCHANGE.UCECONTENT.DLL is something that is totally out of our control. you might wanna change the body / subject contents on the email being sent, check devices in between that may be giving negetive SCL rating (symantec gateway protect), devices overwriting header information etc.
You might also want to check the settings on IMF to determine if its set to medium rather than being too harsh.
Can you possibly give an example of how the email address / domain look like from the lotus domain?
Raghu
ASKER
Here is the example you requested. I've changed the real domain name to ourdomain and substituted ellipses for the addresses.
Microsoft Mail Internet Headers Version 2.0
Received: from domino-mail.ourhq.ourdomai
Subject: Please save this for me
To: mmarshall <...@ourdomain.com>
X-Mailer: Lotus Notes Release 6.5.1 January 21, 2004
Message-ID: <OF3E1FD467.147C327D-ON862
From: David Phillips <...@ourdomain.com>
Date: Tue, 6 Jun 2006 08:30:13 -0500
X-MIMETrack: Serialize by Router on DOMINO-MAIL/OUR(Release
6.5.1|January 21, 2004) at 06/06/2006 08:30:13 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Return-Path: ...@ourdomain.com
X-OriginalArrivalTime: 06 Jun 2006 13:30:14.0131 (UTC)
FILETIME=[57A1F430:01C6896
-----Original Message-----
From: D Phillips [mailto:...@ourdomain.com]
Sent: Tuesday, June 06, 2006 8:30 AM
To: M... Marshall
Subject: Please save this for me
Please save this message for me to look at on your computer. I'm working on the Exchange misclassification problem.
Thank you.
--David
Microsoft Mail Internet Headers Version 2.0
Received: from domino-mail.ourhq.ourdomai
Subject: Please save this for me
To: mmarshall <...@ourdomain.com>
X-Mailer: Lotus Notes Release 6.5.1 January 21, 2004
Message-ID: <OF3E1FD467.147C327D-ON862
From: David Phillips <...@ourdomain.com>
Date: Tue, 6 Jun 2006 08:30:13 -0500
X-MIMETrack: Serialize by Router on DOMINO-MAIL/OUR(Release
6.5.1|January 21, 2004) at 06/06/2006 08:30:13 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Return-Path: ...@ourdomain.com
X-OriginalArrivalTime: 06 Jun 2006 13:30:14.0131 (UTC)
FILETIME=[57A1F430:01C6896
-----Original Message-----
From: D Phillips [mailto:...@ourdomain.com]
Sent: Tuesday, June 06, 2006 8:30 AM
To: M... Marshall
Subject: Please save this for me
Please save this message for me to look at on your computer. I'm working on the Exchange misclassification problem.
Thank you.
--David
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did the test you describe (nice clear directions) and, alas, BOTH wound up in the junk folder.
That link "Exposing SCL" is a great find, particularly the discussion. Were you picking up on James Websters item about how internal App servers authenticating with Exchange would get an SCL of -1?
I going now to check with our Exchange admin to see if he will do the Expose the SCL bit.
Thank you for the good leads.
--David
That link "Exposing SCL" is a great find, particularly the discussion. Were you picking up on James Websters item about how internal App servers authenticating with Exchange would get an SCL of -1?
I going now to check with our Exchange admin to see if he will do the Expose the SCL bit.
Thank you for the good leads.
--David
David,
With experience i can tell you that system messages are normally given -1 SCL, hence the IMF just ignores those messages and lets them through.
Internal application servers authenticating with exchange causes SCL to go to -1 is something i feel would have been subimitted using CDO and not SMTP. If the application server authenticates via SMTP then it may be possible to give it -1 SCL.
I am not too sure if you can make the domino server authenticate via SMTP.
Raghu
With experience i can tell you that system messages are normally given -1 SCL, hence the IMF just ignores those messages and lets them through.
Internal application servers authenticating with exchange causes SCL to go to -1 is something i feel would have been subimitted using CDO and not SMTP. If the application server authenticates via SMTP then it may be possible to give it -1 SCL.
I am not too sure if you can make the domino server authenticate via SMTP.
Raghu
ASKER
My preliminary search of Domino Administrator help doesn't turn up anything on making Domino authenticate when connecting outbound with SMTP servers. I'll have to research that some more.
Nevertheless, I think the leads in the last link you provided give us enough tools to productively make more headway on this issue.
Thank you.
--David
Nevertheless, I think the leads in the last link you provided give us enough tools to productively make more headway on this issue.
Thank you.
--David
ASKER
Here http://vowe.net/archives/003031.html is a possible solution to having a Domino server authenticate outbound with an SMTP server with ASMTP.
David,
Thanks for the link, would add that to my list of bookmarks. :)
Raghu
Thanks for the link, would add that to my list of bookmarks. :)
Raghu
You might want to check this out, this can be a possible solution;
Demystifying Exchange Server 2003 SP2 IMF Updates
http://msexchangeteam.com/archive/2006/04/12/425060.aspx
Raghu