wwts
asked on
Whitelist Exchange IMF
We are currently running Exchange 2003 Sp2 and using the IMF (Intelligent mail filter) that is included as a second layer of spam filtering. I have a local application that automatically sends users an email on a daily basis. I have a local account sending these emails xxxx@mylocaldomain.com. For some reason the IMF filter always grabs these messages and places them in the users "Junk Mail" folder. I'm looking for a way without the use of 3rd party add-ons to GLOBALLY allow messages from this user so they bypass the filter and go straight to the inbox.
ASKER
This is to "exclude particular recipient(s)" whereas we are needing to exclude a particular sender.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have had good luck with IMF Custom Weighting. If these emails have a specific subject, you could add the subject to the custom weighting feature and decrease the SCL value by a certain amount.
http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF-v2.html
There is also IMF tune which adds loads of functionatlity to IMF in an easy to manage console.
http://www.windeveloper.com/imftune/
http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF-v2.html
There is also IMF tune which adds loads of functionatlity to IMF in an easy to manage console.
http://www.windeveloper.com/imftune/
If the messages all come from one known IP address, then you can add the IP address to the Global Accept List.
Exchange System Manager/Global Settings/Message Deliver/Properties/Connect
Then you will need to look at the properties of your Default SMTP Virtual Server, and make sure that Connection Filtering is enabled.
Exchange System Manager/Global Settings/Message Deliver/Properties/Connect
Then you will need to look at the properties of your Default SMTP Virtual Server, and make sure that Connection Filtering is enabled.
I was facing the same problem - wanting to allow certain emails to come through IMF. I wrote a small VBScript that processes the mail that IMF has *already* flagged and put into its UCEArchive folder. The script checks the X-Sender header of the email and compares it to a WhiteList.txt file. The entries in the Whitelist file can be user@domain.com or *@domain.com for wildcards (obviously you wouldn't want to include *@yahoo.com or *@aol.com). It's pretty simple. I don't know why I didn't see this solution before; I'm sure I'm not the first to write something like it. The script assumes IMF is set up and working correctly already, and that these false positives are getting caught in the UCEArchive folder. Review the script, test it on a local computer first (just copy the VSI 1 folder from your Exchange box). Copy the entire script below and save it to a UCEArchive.VBS, update the paths as appropriate and run it. I've scheduled it to run every minute on my box and it keeps the UCEArchive folder clean. It is very fast the first time - I processed 43,000 emails in 3 mins. Emails that aren't in the whitelist are placed in subfolders for further review, archive, or deletion, and so that subsequent processing only looks at new emails. Hope this helps - it has for me!
----Start copying here-----
Option Explicit
'-------------------------
'The following script was developed to work with MS Exchange Server's
'Intelligent Message Filter when UCE messages are archived. This script
'was developed as simply and plainly as possible so that non-developers
'can apply it to their own environment.
'
'This script is provided to help Exchange admins. It may or may not be
'helpful to you and, depending on your environment may adversely affect
'your mail delivery. It is strongly recommended that you review this
'script in its entirety and, if possible, apply it to a test environment
'before using it on your production server.
'
'Standard disclaimer: This script is not guaranteed or warrantied. You
'are on your own.
'
'Installation:
'Just copy this script some place on your Exchange Server. It is
'recommended you put this script underneath the UCEArchive folder for
'easy locating and to avoid accidental deletion. It is recommended
'that you keep the Whitelist file in the same location.
'
'Running:
'Just double-click the VBS file to run it. After the inital run, the
'script should only take a few seconds to process, and therefore you can
'schedule it in your Task Scheduler to run every minute.
'
'Process
'This script will examine the X-Sender header in each EML file in the
'specified UCEArchive folder for valid sender's email address, based on
'entries in a Whitelist text file.
'
'The format for the Whitelist text file is very simple: one email
'address (user@domain.com) or domain wildcard (*@domain.com) per line.
'These are valid senders, not recipients. To specify internal recipients
'that should not have IMF rules applied to them, use the Connection
'Filtering|Exceptions option in IMF.
'
'During the scan, as soon as a match is found, the email is considered
'valid and moved to the Pickup folder for delivery.
'
'If the X-Sender field does not match any whitelist entry, the email
'is considered UCE. To avoid re-scanning, the message is moved to a
'weekly folder that is created based on the timestamp of the email.
'
'-------------------------
Dim objFSO 'File System Object
Dim objArchiveFolder 'Archive Folder Object
Dim objFile 'Archive File Object
Dim objUCE 'Archived email Object
Dim objWhiteList 'WhiteList file Object
Dim objNewFolder 'New Archive Folder object to create
Dim strServerPath 'Path of server (typically the vsi 1 folder)
Dim strArchivePath 'Path of archived UCE mail
Dim strPickupPath 'Path of mail to be processed by server
Dim strWhiteListName 'Full path and filename of the WhiteList file
Dim strWhiteList 'Contents of WhiteList file
Dim strReadLine 'Email line
Dim strXSender 'X-Sender Value
Dim strXSenderDomain 'X-Sender's domain
Dim bMatchSender 'InStr match result for sender
Dim bMatchDomain 'InStr match result for domain
Dim dtYear 'Year of Email
Dim dtWeek 'Week of Email
'Set variables. Make sure paths have a trailing '\'
strServerPath = "D:\Program Files\Exchsrvr\Mailroot\vs
strArchivePath = "D:\Program Files\Exchsrvr\Mailroot\vs
strPickupPath = "D:\Program Files\Exchsrvr\Mailroot\vs
strWhiteListName = "D:\Program Files\Exchsrvr\Mailroot\vs
'Set the FilesystemObject variable, set the folder variable
Set objFSO = CreateObject("Scripting.Fi
Set objArchiveFolder = objFSO.GetFolder(strArchiv
'Read the entire WhiteList file into a single string for easy searching
Set objWhiteList = objFSO.OpenTextFile(strWhi
strWhiteList = objWhiteList.ReadAll
'Run through the archive folder. Process each email (.EML)
For Each objFile in objArchiveFolder.Files
If Right(objFile,3) = "EML" then
'Email found
Set objUCE = objFSO.OpenTextFile(strArc
'Read the first line of the file (should be X-Sender line)
strReadLine = objUCE.Readline
'Parse the line to only get the X-Sender value
strXSender = Right(strReadLine,Len(strR
'Use the In String function to find the X-Sender value in the WhiteList string
bMatchSender = InStr(1,strWhiteList,strXS
'If bMatchSender is greater than zero, then a match was found
If bMatchSender > 0 then
'Close the email, move it to the Pickup folder for mail server processing
objUCE.close
set objUCE = objFSO.getfile(strArchiveP
objUCE.Move(strPickupPath)
Else
'Sender match failed, so look for wildcard domain match
'Extract domain value from X-Sender string
strXSenderDomain = Right(strXSender,Len(strXS
'Use the In String function to find a wildcard domain entry in the WhileList string
'A wildcard domain entry is represented by *@ in front of the domain name.
bMatchDomain = Instr(1,strWhiteList,"*@" & strXSenderDomain,1)
'If bMatchDomain is greater than zero, then a match was found
If bMatchDomain > 0 then
'Close the email, move it to the Pickup folder for mail server processing
objUCE.close
set objUCE = objFSO.getfile(strArchiveP
objUCE.Move(strPickupPath)
Else
'Has failed both sender and sender domain match
'Close the email, move it to a folder named for the Year and week number of the year
'This cleans up the Archive folder so the messages are continuously scanned.
objUCE.close
'Get the Year and Week of the file
Set objUCE = objFSO.GetFile(strArchiveP
dtYear = DatePart("YYYY",objUCE.Dat
dtWeek = DatePart("WW",objUCE.DateC
'Create the year-week folder if necessary.
If Not objFSO.FolderExists(strArc
Set objNewFolder = objFSO.CreateFolder(strArc
End If 'end of folder check
'Move the email
objUCE.Move(strArchivePath
End If 'end of domain match check
End If 'end of sender match check
End If 'end of email check
Next 'get next file in folder
-----End copying here-----
----Start copying here-----
Option Explicit
'-------------------------
'The following script was developed to work with MS Exchange Server's
'Intelligent Message Filter when UCE messages are archived. This script
'was developed as simply and plainly as possible so that non-developers
'can apply it to their own environment.
'
'This script is provided to help Exchange admins. It may or may not be
'helpful to you and, depending on your environment may adversely affect
'your mail delivery. It is strongly recommended that you review this
'script in its entirety and, if possible, apply it to a test environment
'before using it on your production server.
'
'Standard disclaimer: This script is not guaranteed or warrantied. You
'are on your own.
'
'Installation:
'Just copy this script some place on your Exchange Server. It is
'recommended you put this script underneath the UCEArchive folder for
'easy locating and to avoid accidental deletion. It is recommended
'that you keep the Whitelist file in the same location.
'
'Running:
'Just double-click the VBS file to run it. After the inital run, the
'script should only take a few seconds to process, and therefore you can
'schedule it in your Task Scheduler to run every minute.
'
'Process
'This script will examine the X-Sender header in each EML file in the
'specified UCEArchive folder for valid sender's email address, based on
'entries in a Whitelist text file.
'
'The format for the Whitelist text file is very simple: one email
'address (user@domain.com) or domain wildcard (*@domain.com) per line.
'These are valid senders, not recipients. To specify internal recipients
'that should not have IMF rules applied to them, use the Connection
'Filtering|Exceptions option in IMF.
'
'During the scan, as soon as a match is found, the email is considered
'valid and moved to the Pickup folder for delivery.
'
'If the X-Sender field does not match any whitelist entry, the email
'is considered UCE. To avoid re-scanning, the message is moved to a
'weekly folder that is created based on the timestamp of the email.
'
'-------------------------
Dim objFSO 'File System Object
Dim objArchiveFolder 'Archive Folder Object
Dim objFile 'Archive File Object
Dim objUCE 'Archived email Object
Dim objWhiteList 'WhiteList file Object
Dim objNewFolder 'New Archive Folder object to create
Dim strServerPath 'Path of server (typically the vsi 1 folder)
Dim strArchivePath 'Path of archived UCE mail
Dim strPickupPath 'Path of mail to be processed by server
Dim strWhiteListName 'Full path and filename of the WhiteList file
Dim strWhiteList 'Contents of WhiteList file
Dim strReadLine 'Email line
Dim strXSender 'X-Sender Value
Dim strXSenderDomain 'X-Sender's domain
Dim bMatchSender 'InStr match result for sender
Dim bMatchDomain 'InStr match result for domain
Dim dtYear 'Year of Email
Dim dtWeek 'Week of Email
'Set variables. Make sure paths have a trailing '\'
strServerPath = "D:\Program Files\Exchsrvr\Mailroot\vs
strArchivePath = "D:\Program Files\Exchsrvr\Mailroot\vs
strPickupPath = "D:\Program Files\Exchsrvr\Mailroot\vs
strWhiteListName = "D:\Program Files\Exchsrvr\Mailroot\vs
'Set the FilesystemObject variable, set the folder variable
Set objFSO = CreateObject("Scripting.Fi
Set objArchiveFolder = objFSO.GetFolder(strArchiv
'Read the entire WhiteList file into a single string for easy searching
Set objWhiteList = objFSO.OpenTextFile(strWhi
strWhiteList = objWhiteList.ReadAll
'Run through the archive folder. Process each email (.EML)
For Each objFile in objArchiveFolder.Files
If Right(objFile,3) = "EML" then
'Email found
Set objUCE = objFSO.OpenTextFile(strArc
'Read the first line of the file (should be X-Sender line)
strReadLine = objUCE.Readline
'Parse the line to only get the X-Sender value
strXSender = Right(strReadLine,Len(strR
'Use the In String function to find the X-Sender value in the WhiteList string
bMatchSender = InStr(1,strWhiteList,strXS
'If bMatchSender is greater than zero, then a match was found
If bMatchSender > 0 then
'Close the email, move it to the Pickup folder for mail server processing
objUCE.close
set objUCE = objFSO.getfile(strArchiveP
objUCE.Move(strPickupPath)
Else
'Sender match failed, so look for wildcard domain match
'Extract domain value from X-Sender string
strXSenderDomain = Right(strXSender,Len(strXS
'Use the In String function to find a wildcard domain entry in the WhileList string
'A wildcard domain entry is represented by *@ in front of the domain name.
bMatchDomain = Instr(1,strWhiteList,"*@" & strXSenderDomain,1)
'If bMatchDomain is greater than zero, then a match was found
If bMatchDomain > 0 then
'Close the email, move it to the Pickup folder for mail server processing
objUCE.close
set objUCE = objFSO.getfile(strArchiveP
objUCE.Move(strPickupPath)
Else
'Has failed both sender and sender domain match
'Close the email, move it to a folder named for the Year and week number of the year
'This cleans up the Archive folder so the messages are continuously scanned.
objUCE.close
'Get the Year and Week of the file
Set objUCE = objFSO.GetFile(strArchiveP
dtYear = DatePart("YYYY",objUCE.Dat
dtWeek = DatePart("WW",objUCE.DateC
'Create the year-week folder if necessary.
If Not objFSO.FolderExists(strArc
Set objNewFolder = objFSO.CreateFolder(strArc
End If 'end of folder check
'Move the email
objUCE.Move(strArchivePath
End If 'end of domain match check
End If 'end of sender match check
End If 'end of email check
Next 'get next file in folder
-----End copying here-----
Very cool!
Thanks Matthew L. If you can in anyway help to test/refine it, the script might be useful to many others. I've posted it to a few open questions today.
What a great script TWBit. Thank you.
Hey...I know this thread is od, but I was having similar problems. WinDeveloper IMFTune worked for me. I was able to add the sender tothe whitelist, bypassing the IMF. Thanks!
http://support.microsoft.com/?id=912587
-red