Exchange IMF classifies internal subdomain as junk

Our organization switched from Lotus Notes to Exchange/Outlook mail. But, as a Lotus Notes developer, I was permitted to stay with Notes. The problem is that any mail I send (or that any other Lotus Notes internal mailbox sends) to addresses in our company get classified as spam and sent by Exchange IMF to people's Junk folders.

The Exchange domain is ourhq.ourdomain.com, and the Lotus mail server domain is domino-mail.ourhq.ourdomain.com. And even if individuals add me to their Trusted Senders, IMF overrides this.

Searching experts-exchange and elsewhere, I've seen the whitelist solutions, but our Exchange admin doesn't want to complicate mail management with an add-in.

I have a gut feeling it has to do with IMF treating the subdomain as junk under some anti-relay, anti-spoofing heuristic or setting.

Solutions I might anticipate could include:
 - Free and easy whitelist capability (how could MS NOT include this!). Is that what this hack is: http://forums.msexchange.org/m_1800395576/mpage_1/key_/tm.htm ?
 - Fix IMF's bias against the sub-domain.
 - Implement an Outlook rule that IMF doesn't override, then apply that globally to our organization.

Thank you.  --David
davidqxoAsked:
Who is Participating?
 
ExchgenConnect With a Mentor Commented:
Nice...

Lets try an expriment if this is being done by exchange, i mean sending the email stright to junk folder..

Sit on client system, and

telnet IP (exchange server receiving the email from internet) 25
EHLO FQDN of domino server
mail from: dominouser@dominodomain
rcpt to: exchangeuser@exchangedomain
data
from: dominouser@dominodomain
to: exchangeuser@exchangedomain
subject: Please save this for me
Please save this message for me to look at on your computer. I'm working on the Exchange misclassification problem.

.
(end the smtp conversation with a period)

Expect the email in your inbox or your junk mail folder.

Send an email from lotus directly and you know for a fact that it would end up in the junk mail folder.

Perform the settings stated in the link below to expose the SCL rating for the message you received from domino and the message that was dropped on to exchange via telnet session. This would give us a fair idea on what is happening.

Check out the link below;
Exposing SCL (Spam Confidence Level) in Outlook
http://msexchangeteam.com/archive/2004/05/26/142607.aspx

Please perform the above steps and let me know the results, i may have a fair idea on what is happening.

Raghu
0
 
ExchgenCommented:
David,

You might want to check this out, this can be a possible solution;

Demystifying Exchange Server 2003 SP2 IMF Updates
http://msexchangeteam.com/archive/2006/04/12/425060.aspx

Raghu
0
 
davidqxoAuthor Commented:
That's great information on getting updates to IMF, and maybe, hopefully at some point Microsoft will address the limitation of no whitelist capability. But I see nothing here that talks about IMF making patently wrong spam determinations, or how to get around those wrong classifications.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
ExchgenCommented:
Hey sorry...

But i guess you missed the part in the link that speaks about "custom Weight List".

This is something that can be effectivly used to get positive or negative SCL rating to the email to consider an email as SPAM or NO-SPAM.

Microsoft Exchange Server 2003 Service Pack 2 Release Notes
http://download.microsoft.com/download/f/b/5/fb5c54af-fe5c-48e9-be97-f9e8207325ab/Ex_2003_SP2_RelNotes.htm

The link above tells you all about the feature i am trying to mention.

Raghu
0
 
davidqxoAuthor Commented:
You are correct, I did overlook the Custom Weighting Feature the first time through. An admin can use that feature to "...customize the behavior of Intelligent Message Filter, based on phrases that are in the body of an e-mail message, the subject line, or both." But I'm still not certain how that helps, other than in a crude sort of way. I suppose I could put some sort of special tag in my subject lines, like "[Hey, this truly is good stuff!] ...real subject..., " and then weight my tag to be non-spam. :)

I'm thinking there is a configuration issue at the heart of this problem ... something odd about the subdomain and anti-relaying, perhaps?

--David
0
 
ExchgenCommented:
IMF functions only on the content of the emails message. There is no way that we can make IMF stamp a positive or negative SCL rating except for the feature discussed above.

The process in which IMF refers to MSEXCHANGE.UCECONTENT.DLL is something that is totally out of our control. you might wanna change the body / subject contents on the email being sent, check devices in between that may be giving negetive SCL rating (symantec gateway protect), devices overwriting header information etc.

You might also want to check the settings on IMF to determine if its set to medium rather than being too harsh.

Can you possibly give an example of how the email address / domain look like from the lotus domain?

Raghu
0
 
davidqxoAuthor Commented:
Here is the example you requested. I've changed the real domain name to ourdomain and substituted ellipses for the addresses.

Microsoft Mail Internet Headers Version 2.0
Received: from domino-mail.ourhq.ourdomain.com ([192.168.100.1]) by mail.ourhq.ourdomain.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 6 Jun 2006 08:30:13 -0500
Subject: Please save this for me
To: mmarshall <...@ourdomain.com>
X-Mailer: Lotus Notes Release 6.5.1 January 21, 2004
Message-ID: <OF3E1FD467.147C327D-ON86257185.004A0DF3-86257185.004A575F@domino.ourdomain.com>
From: David Phillips <...@ourdomain.com>
Date: Tue, 6 Jun 2006 08:30:13 -0500
X-MIMETrack: Serialize by Router on DOMINO-MAIL/OUR(Release
6.5.1|January 21, 2004) at 06/06/2006 08:30:13 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Return-Path: ...@ourdomain.com
X-OriginalArrivalTime: 06 Jun 2006 13:30:14.0131 (UTC)
FILETIME=[57A1F430:01C6896D]

-----Original Message-----
From: D Phillips [mailto:...@ourdomain.com]
Sent: Tuesday, June 06, 2006 8:30 AM
To: M... Marshall
Subject: Please save this for me

Please save this message for me to look at on your computer. I'm working on the Exchange misclassification problem.

Thank you.
  --David
0
 
davidqxoAuthor Commented:
I did the test you describe (nice clear directions) and, alas, BOTH wound up in the junk folder.

That link "Exposing SCL" is a great find, particularly the discussion. Were you picking up on James Websters item about how internal App servers authenticating with Exchange would get an SCL of -1?

I going now to check with our Exchange admin to see if he will do the Expose the SCL bit.

Thank you for the good leads.
--David
0
 
ExchgenCommented:
David,

With experience i can tell you that system messages are normally given -1 SCL, hence the IMF just ignores those messages and lets them through.

Internal application servers authenticating with exchange causes SCL to go to -1 is something i feel would have been subimitted using CDO and not SMTP. If the application server authenticates via SMTP then it may be possible to give it -1 SCL.

I am not too sure if you can make the domino server authenticate via SMTP.

Raghu
0
 
davidqxoAuthor Commented:
My preliminary search of Domino Administrator help doesn't turn up anything on making Domino authenticate when connecting outbound with SMTP servers. I'll have to research that some more.

Nevertheless, I think the leads in the last link you provided give us enough tools to productively make more headway on this issue.

Thank you.
--David
0
 
davidqxoAuthor Commented:
Here http://vowe.net/archives/003031.html is a possible solution to having a Domino server authenticate outbound with an SMTP server with ASMTP.
0
 
ExchgenCommented:
David,

Thanks for the link, would add that to my list of bookmarks. :)

Raghu
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.