?
Solved

Exchange IMF classifies internal subdomain as junk

Posted on 2006-06-05
12
Medium Priority
?
711 Views
Last Modified: 2007-12-19
Our organization switched from Lotus Notes to Exchange/Outlook mail. But, as a Lotus Notes developer, I was permitted to stay with Notes. The problem is that any mail I send (or that any other Lotus Notes internal mailbox sends) to addresses in our company get classified as spam and sent by Exchange IMF to people's Junk folders.

The Exchange domain is ourhq.ourdomain.com, and the Lotus mail server domain is domino-mail.ourhq.ourdomain.com. And even if individuals add me to their Trusted Senders, IMF overrides this.

Searching experts-exchange and elsewhere, I've seen the whitelist solutions, but our Exchange admin doesn't want to complicate mail management with an add-in.

I have a gut feeling it has to do with IMF treating the subdomain as junk under some anti-relay, anti-spoofing heuristic or setting.

Solutions I might anticipate could include:
 - Free and easy whitelist capability (how could MS NOT include this!). Is that what this hack is: http://forums.msexchange.org/m_1800395576/mpage_1/key_/tm.htm ?
 - Fix IMF's bias against the sub-domain.
 - Implement an Outlook rule that IMF doesn't override, then apply that globally to our organization.

Thank you.  --David
0
Comment
Question by:davidqxo
  • 6
  • 6
12 Comments
 
LVL 9

Expert Comment

by:Exchgen
ID: 16837222
David,

You might want to check this out, this can be a possible solution;

Demystifying Exchange Server 2003 SP2 IMF Updates
http://msexchangeteam.com/archive/2006/04/12/425060.aspx

Raghu
0
 

Author Comment

by:davidqxo
ID: 16837941
That's great information on getting updates to IMF, and maybe, hopefully at some point Microsoft will address the limitation of no whitelist capability. But I see nothing here that talks about IMF making patently wrong spam determinations, or how to get around those wrong classifications.
0
 
LVL 9

Expert Comment

by:Exchgen
ID: 16838187
Hey sorry...

But i guess you missed the part in the link that speaks about "custom Weight List".

This is something that can be effectivly used to get positive or negative SCL rating to the email to consider an email as SPAM or NO-SPAM.

Microsoft Exchange Server 2003 Service Pack 2 Release Notes
http://download.microsoft.com/download/f/b/5/fb5c54af-fe5c-48e9-be97-f9e8207325ab/Ex_2003_SP2_RelNotes.htm

The link above tells you all about the feature i am trying to mention.

Raghu
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:davidqxo
ID: 16838922
You are correct, I did overlook the Custom Weighting Feature the first time through. An admin can use that feature to "...customize the behavior of Intelligent Message Filter, based on phrases that are in the body of an e-mail message, the subject line, or both." But I'm still not certain how that helps, other than in a crude sort of way. I suppose I could put some sort of special tag in my subject lines, like "[Hey, this truly is good stuff!] ...real subject..., " and then weight my tag to be non-spam. :)

I'm thinking there is a configuration issue at the heart of this problem ... something odd about the subdomain and anti-relaying, perhaps?

--David
0
 
LVL 9

Expert Comment

by:Exchgen
ID: 16840396
IMF functions only on the content of the emails message. There is no way that we can make IMF stamp a positive or negative SCL rating except for the feature discussed above.

The process in which IMF refers to MSEXCHANGE.UCECONTENT.DLL is something that is totally out of our control. you might wanna change the body / subject contents on the email being sent, check devices in between that may be giving negetive SCL rating (symantec gateway protect), devices overwriting header information etc.

You might also want to check the settings on IMF to determine if its set to medium rather than being too harsh.

Can you possibly give an example of how the email address / domain look like from the lotus domain?

Raghu
0
 

Author Comment

by:davidqxo
ID: 16842415
Here is the example you requested. I've changed the real domain name to ourdomain and substituted ellipses for the addresses.

Microsoft Mail Internet Headers Version 2.0
Received: from domino-mail.ourhq.ourdomain.com ([192.168.100.1]) by mail.ourhq.ourdomain.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 6 Jun 2006 08:30:13 -0500
Subject: Please save this for me
To: mmarshall <...@ourdomain.com>
X-Mailer: Lotus Notes Release 6.5.1 January 21, 2004
Message-ID: <OF3E1FD467.147C327D-ON86257185.004A0DF3-86257185.004A575F@domino.ourdomain.com>
From: David Phillips <...@ourdomain.com>
Date: Tue, 6 Jun 2006 08:30:13 -0500
X-MIMETrack: Serialize by Router on DOMINO-MAIL/OUR(Release
6.5.1|January 21, 2004) at 06/06/2006 08:30:13 AM
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Return-Path: ...@ourdomain.com
X-OriginalArrivalTime: 06 Jun 2006 13:30:14.0131 (UTC)
FILETIME=[57A1F430:01C6896D]

-----Original Message-----
From: D Phillips [mailto:...@ourdomain.com]
Sent: Tuesday, June 06, 2006 8:30 AM
To: M... Marshall
Subject: Please save this for me

Please save this message for me to look at on your computer. I'm working on the Exchange misclassification problem.

Thank you.
  --David
0
 
LVL 9

Accepted Solution

by:
Exchgen earned 750 total points
ID: 16842593
Nice...

Lets try an expriment if this is being done by exchange, i mean sending the email stright to junk folder..

Sit on client system, and

telnet IP (exchange server receiving the email from internet) 25
EHLO FQDN of domino server
mail from: dominouser@dominodomain
rcpt to: exchangeuser@exchangedomain
data
from: dominouser@dominodomain
to: exchangeuser@exchangedomain
subject: Please save this for me
Please save this message for me to look at on your computer. I'm working on the Exchange misclassification problem.

.
(end the smtp conversation with a period)

Expect the email in your inbox or your junk mail folder.

Send an email from lotus directly and you know for a fact that it would end up in the junk mail folder.

Perform the settings stated in the link below to expose the SCL rating for the message you received from domino and the message that was dropped on to exchange via telnet session. This would give us a fair idea on what is happening.

Check out the link below;
Exposing SCL (Spam Confidence Level) in Outlook
http://msexchangeteam.com/archive/2004/05/26/142607.aspx

Please perform the above steps and let me know the results, i may have a fair idea on what is happening.

Raghu
0
 

Author Comment

by:davidqxo
ID: 16843068
I did the test you describe (nice clear directions) and, alas, BOTH wound up in the junk folder.

That link "Exposing SCL" is a great find, particularly the discussion. Were you picking up on James Websters item about how internal App servers authenticating with Exchange would get an SCL of -1?

I going now to check with our Exchange admin to see if he will do the Expose the SCL bit.

Thank you for the good leads.
--David
0
 
LVL 9

Expert Comment

by:Exchgen
ID: 16843292
David,

With experience i can tell you that system messages are normally given -1 SCL, hence the IMF just ignores those messages and lets them through.

Internal application servers authenticating with exchange causes SCL to go to -1 is something i feel would have been subimitted using CDO and not SMTP. If the application server authenticates via SMTP then it may be possible to give it -1 SCL.

I am not too sure if you can make the domino server authenticate via SMTP.

Raghu
0
 

Author Comment

by:davidqxo
ID: 16843493
My preliminary search of Domino Administrator help doesn't turn up anything on making Domino authenticate when connecting outbound with SMTP servers. I'll have to research that some more.

Nevertheless, I think the leads in the last link you provided give us enough tools to productively make more headway on this issue.

Thank you.
--David
0
 

Author Comment

by:davidqxo
ID: 16843664
Here http://vowe.net/archives/003031.html is a possible solution to having a Domino server authenticate outbound with an SMTP server with ASMTP.
0
 
LVL 9

Expert Comment

by:Exchgen
ID: 16843715
David,

Thanks for the link, would add that to my list of bookmarks. :)

Raghu
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question