Solved

Whitelist Exchange IMF

Posted on 2007-03-20
10
9,493 Views
Last Modified: 2012-05-05
We are currently running Exchange 2003 Sp2 and using the IMF (Intelligent mail filter) that is included as a second layer of spam filtering. I have a local application that automatically sends users an email on a daily basis. I have a local account sending these emails xxxx@mylocaldomain.com. For some reason the IMF filter always grabs these messages and places them in the users "Junk Mail" folder. I'm looking for a way without the use of 3rd party add-ons to GLOBALLY allow messages from this user so they bypass the filter and go straight to the inbox.
0
Comment
Question by:wwts
  • 2
  • 2
  • 2
  • +4
10 Comments
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18760186
There is a hotfix for this;

http://support.microsoft.com/?id=912587

-red
0
 

Author Comment

by:wwts
ID: 18760213
This is to "exclude particular recipient(s)" whereas we are needing to exclude a particular sender.
0
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 500 total points
ID: 18760244
*shakes head* sorry about that, the only other tools are things you need to pay for.

For internal applications, you could try the above hotfix and copy a dedicated mailbox into all emails (and then whitelist that mailbox) - or, you could try this (more dangerous looking) option

http://forums.msexchange.org/m_1800395576/mpage_1/key_/tm.htm

-red
0
 
LVL 10

Expert Comment

by:MATTHEW_L
ID: 18760327
I have had good luck with IMF Custom Weighting.  If these emails have a specific subject, you could add the subject to the custom weighting feature and decrease the SCL value by a certain amount.
http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF-v2.html

There is also IMF tune which adds loads of functionatlity to IMF in an easy to manage console.
http://www.windeveloper.com/imftune/
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 18764296
If the messages all come from one known IP address, then you can add the IP address to the Global Accept List.

Exchange System Manager/Global Settings/Message Deliver/Properties/Connection Filtering/Accept .

Then you will need to look at the properties of your Default SMTP Virtual Server, and make sure that Connection Filtering is enabled.
0
Do email signature updates give you a headache?

Do you spend too much time managing email signatures? Hate visiting every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Well, let Exclaimer give your company the email signature it deserves!

 
LVL 11

Expert Comment

by:TWBit
ID: 18785724
I was facing the same problem - wanting to allow certain emails to come through IMF.  I wrote a small VBScript that processes the mail that IMF has *already* flagged and put into its UCEArchive folder.  The script checks the X-Sender header of the email and compares it to a WhiteList.txt file.  The entries in the Whitelist file can be user@domain.com or *@domain.com for wildcards (obviously you wouldn't want to include *@yahoo.com or *@aol.com).  It's pretty simple.  I don't know why I didn't see this solution before; I'm sure I'm not the first to write something like it.  The script assumes IMF is set up and working correctly already, and that these false positives are getting caught in the UCEArchive folder.  Review the script, test it on a local computer first (just copy the VSI 1 folder from your Exchange box).   Copy the entire script below and save it to a UCEArchive.VBS, update the paths as appropriate and run it.  I've scheduled it to run every minute on my box and it keeps the UCEArchive folder clean.  It is very fast the first time - I processed 43,000 emails in 3 mins.  Emails that aren't in the whitelist are placed in subfolders for further review, archive, or deletion, and so that subsequent processing only looks at new emails.   Hope this helps - it has for me!

----Start copying here-----

Option Explicit

'-----------------------------------------------------------------------
'The following script was developed to work with MS Exchange Server's
'Intelligent Message Filter when UCE messages are archived.  This script
'was developed as simply and plainly as possible so that non-developers
'can apply it to their own environment.
'
'This script is provided to help Exchange admins.  It may or may not be
'helpful to you and, depending on your environment may adversely affect
'your mail delivery.  It is strongly recommended that you review this
'script in its entirety and, if possible, apply it to a test environment
'before using it on your production server.
'
'Standard disclaimer: This script is not guaranteed or warrantied. You
'are on your own.
'
'Installation:
'Just copy this script some place on your Exchange Server.  It is
'recommended you put this script underneath the UCEArchive folder for
'easy locating and to avoid accidental deletion.  It is recommended
'that you keep the Whitelist file in the same location.
'
'Running:
'Just double-click the VBS file to run it. After the inital run, the
'script should only take a few seconds to process, and therefore you can
'schedule it in your Task Scheduler to run every minute.
'
'Process
'This script will examine the X-Sender header in each EML file in the
'specified UCEArchive folder for valid sender's email address, based on
'entries in a Whitelist text file.
'
'The format for the Whitelist text file is very simple: one email
'address (user@domain.com) or domain wildcard (*@domain.com) per line.
'These are valid senders, not recipients.  To specify internal recipients
'that should not have IMF rules applied to them, use the Connection
'Filtering|Exceptions option in IMF.
'
'During the scan, as soon as a match is found, the email is considered
'valid and moved to the Pickup folder for delivery.
'
'If the X-Sender field does not match any whitelist entry, the email
'is considered UCE.  To avoid re-scanning, the message is moved to a
'weekly folder that is created based on the timestamp of the email.
'
'-----------------------------------------------------------------------

Dim objFSO              'File System Object
Dim objArchiveFolder    'Archive Folder Object
Dim objFile             'Archive File Object
Dim objUCE              'Archived email Object
Dim objWhiteList        'WhiteList file Object
Dim objNewFolder        'New Archive Folder object to create

Dim strServerPath       'Path of server (typically the vsi 1 folder)
Dim strArchivePath      'Path of archived UCE mail
Dim strPickupPath       'Path of mail to be processed by server
Dim strWhiteListName    'Full path and filename of the WhiteList file

Dim strWhiteList        'Contents of WhiteList file
Dim strReadLine         'Email line
Dim strXSender          'X-Sender Value
Dim strXSenderDomain    'X-Sender's domain

Dim bMatchSender        'InStr match result for sender
Dim bMatchDomain        'InStr match result for domain
Dim dtYear              'Year of Email
Dim dtWeek              'Week of Email

'Set variables. Make sure paths have a trailing '\'
   strServerPath = "D:\Program Files\Exchsrvr\Mailroot\vsi 1\"
   strArchivePath = "D:\Program Files\Exchsrvr\Mailroot\vsi 1\UCEArchive\"
   strPickupPath = "D:\Program Files\Exchsrvr\Mailroot\vsi 1\Pickup\"
   strWhiteListName = "D:\Program Files\Exchsrvr\Mailroot\vsi 1\WhiteList.txt"

'Set the FilesystemObject variable, set the folder variable
   Set objFSO = CreateObject("Scripting.FileSystemObject")
   Set objArchiveFolder = objFSO.GetFolder(strArchivePath)

'Read the entire WhiteList file into a single string for easy searching
   Set objWhiteList = objFSO.OpenTextFile(strWhiteListName, 1)
   strWhiteList = objWhiteList.ReadAll

'Run through the archive folder.  Process each email (.EML)
   For Each objFile in objArchiveFolder.Files

      If Right(objFile,3) = "EML" then

         'Email found
         Set objUCE = objFSO.OpenTextFile(strArchivePath  & objFile.Name, 1)

         'Read the first line of the file (should be X-Sender line)
         strReadLine = objUCE.Readline

         'Parse the line to only get the X-Sender value
         strXSender = Right(strReadLine,Len(strReadLine)-10)

         'Use the In String function to find the X-Sender value in the WhiteList string
         bMatchSender = InStr(1,strWhiteList,strXSender,1)

         'If bMatchSender is greater than zero, then a match was found
         If bMatchSender > 0 then
                'Close the email, move it to the Pickup folder for mail server processing
                objUCE.close
                set objUCE = objFSO.getfile(strArchivePath  & objFile.Name)
                objUCE.Move(strPickupPath)
         Else
                'Sender match failed, so look for wildcard domain match
                'Extract domain value from X-Sender string
                strXSenderDomain = Right(strXSender,Len(strXSender)-Instr(1,strXSender,"@",1))

                'Use the In String function to find a wildcard domain entry in the WhileList string
                'A wildcard domain entry is represented by *@ in front of the domain name.
                bMatchDomain = Instr(1,strWhiteList,"*@" & strXSenderDomain,1)

                'If bMatchDomain is greater than zero, then a match was found
                If bMatchDomain > 0 then
                   'Close the email, move it to the Pickup folder for mail server processing
                   objUCE.close
                   set objUCE = objFSO.getfile(strArchivePath  & objFile.Name)
                   objUCE.Move(strPickupPath)
                Else

                   'Has failed both sender and sender domain match
                   'Close the email, move it to a folder named for the Year and week number of the year
                   'This cleans up the Archive folder so the messages are continuously scanned.
                   objUCE.close

                   'Get the Year and Week of the file
                   Set objUCE = objFSO.GetFile(strArchivePath  & objFile.Name)
                   dtYear = DatePart("YYYY",objUCE.DateCreated)
                   dtWeek = DatePart("WW",objUCE.DateCreated)

                   'Create the year-week folder if necessary.
                   If Not objFSO.FolderExists(strArchivePath  & dtYear & dtWeek & "\") Then
                      Set objNewFolder = objFSO.CreateFolder(strArchivePath  & dtYear & dtWeek & "\")
                   End If  'end of folder check

                   'Move the email
                   objUCE.Move(strArchivePath  & dtYear & dtWeek & "\")

                End If  'end of domain match check

         End If  'end of sender match check

      End If  'end of email check

   Next 'get next file in folder

-----End copying here-----


0
 
LVL 10

Expert Comment

by:MATTHEW_L
ID: 18786022
Very cool!
0
 
LVL 11

Expert Comment

by:TWBit
ID: 18787355
Thanks Matthew L.  If you can in anyway help to test/refine it, the script might be useful to many others.  I've posted it to a few open questions today.
0
 

Expert Comment

by:paulmward
ID: 22109883
What a great script TWBit. Thank you.
0
 

Expert Comment

by:jcuervo96
ID: 32871992
Hey...I know this thread is od, but I was having similar problems. WinDeveloper IMFTune worked for me. I was able to add the sender tothe whitelist, bypassing the IMF.  Thanks!
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now