Whitelist Exchange IMF

We are currently running Exchange 2003 Sp2 and using the IMF (Intelligent mail filter) that is included as a second layer of spam filtering. I have a local application that automatically sends users an email on a daily basis. I have a local account sending these emails xxxx@mylocaldomain.com. For some reason the IMF filter always grabs these messages and places them in the users "Junk Mail" folder. I'm looking for a way without the use of 3rd party add-ons to GLOBALLY allow messages from this user so they bypass the filter and go straight to the inbox.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

There is a hotfix for this;


wwtsAuthor Commented:
This is to "exclude particular recipient(s)" whereas we are needing to exclude a particular sender.
*shakes head* sorry about that, the only other tools are things you need to pay for.

For internal applications, you could try the above hotfix and copy a dedicated mailbox into all emails (and then whitelist that mailbox) - or, you could try this (more dangerous looking) option



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

I have had good luck with IMF Custom Weighting.  If these emails have a specific subject, you could add the subject to the custom weighting feature and decrease the SCL value by a certain amount.

There is also IMF tune which adds loads of functionatlity to IMF in an easy to manage console.
If the messages all come from one known IP address, then you can add the IP address to the Global Accept List.

Exchange System Manager/Global Settings/Message Deliver/Properties/Connection Filtering/Accept .

Then you will need to look at the properties of your Default SMTP Virtual Server, and make sure that Connection Filtering is enabled.
I was facing the same problem - wanting to allow certain emails to come through IMF.  I wrote a small VBScript that processes the mail that IMF has *already* flagged and put into its UCEArchive folder.  The script checks the X-Sender header of the email and compares it to a WhiteList.txt file.  The entries in the Whitelist file can be user@domain.com or *@domain.com for wildcards (obviously you wouldn't want to include *@yahoo.com or *@aol.com).  It's pretty simple.  I don't know why I didn't see this solution before; I'm sure I'm not the first to write something like it.  The script assumes IMF is set up and working correctly already, and that these false positives are getting caught in the UCEArchive folder.  Review the script, test it on a local computer first (just copy the VSI 1 folder from your Exchange box).   Copy the entire script below and save it to a UCEArchive.VBS, update the paths as appropriate and run it.  I've scheduled it to run every minute on my box and it keeps the UCEArchive folder clean.  It is very fast the first time - I processed 43,000 emails in 3 mins.  Emails that aren't in the whitelist are placed in subfolders for further review, archive, or deletion, and so that subsequent processing only looks at new emails.   Hope this helps - it has for me!

----Start copying here-----

Option Explicit

'The following script was developed to work with MS Exchange Server's
'Intelligent Message Filter when UCE messages are archived.  This script
'was developed as simply and plainly as possible so that non-developers
'can apply it to their own environment.
'This script is provided to help Exchange admins.  It may or may not be
'helpful to you and, depending on your environment may adversely affect
'your mail delivery.  It is strongly recommended that you review this
'script in its entirety and, if possible, apply it to a test environment
'before using it on your production server.
'Standard disclaimer: This script is not guaranteed or warrantied. You
'are on your own.
'Just copy this script some place on your Exchange Server.  It is
'recommended you put this script underneath the UCEArchive folder for
'easy locating and to avoid accidental deletion.  It is recommended
'that you keep the Whitelist file in the same location.
'Just double-click the VBS file to run it. After the inital run, the
'script should only take a few seconds to process, and therefore you can
'schedule it in your Task Scheduler to run every minute.
'This script will examine the X-Sender header in each EML file in the
'specified UCEArchive folder for valid sender's email address, based on
'entries in a Whitelist text file.
'The format for the Whitelist text file is very simple: one email
'address (user@domain.com) or domain wildcard (*@domain.com) per line.
'These are valid senders, not recipients.  To specify internal recipients
'that should not have IMF rules applied to them, use the Connection
'Filtering|Exceptions option in IMF.
'During the scan, as soon as a match is found, the email is considered
'valid and moved to the Pickup folder for delivery.
'If the X-Sender field does not match any whitelist entry, the email
'is considered UCE.  To avoid re-scanning, the message is moved to a
'weekly folder that is created based on the timestamp of the email.

Dim objFSO              'File System Object
Dim objArchiveFolder    'Archive Folder Object
Dim objFile             'Archive File Object
Dim objUCE              'Archived email Object
Dim objWhiteList        'WhiteList file Object
Dim objNewFolder        'New Archive Folder object to create

Dim strServerPath       'Path of server (typically the vsi 1 folder)
Dim strArchivePath      'Path of archived UCE mail
Dim strPickupPath       'Path of mail to be processed by server
Dim strWhiteListName    'Full path and filename of the WhiteList file

Dim strWhiteList        'Contents of WhiteList file
Dim strReadLine         'Email line
Dim strXSender          'X-Sender Value
Dim strXSenderDomain    'X-Sender's domain

Dim bMatchSender        'InStr match result for sender
Dim bMatchDomain        'InStr match result for domain
Dim dtYear              'Year of Email
Dim dtWeek              'Week of Email

'Set variables. Make sure paths have a trailing '\'
   strServerPath = "D:\Program Files\Exchsrvr\Mailroot\vsi 1\"
   strArchivePath = "D:\Program Files\Exchsrvr\Mailroot\vsi 1\UCEArchive\"
   strPickupPath = "D:\Program Files\Exchsrvr\Mailroot\vsi 1\Pickup\"
   strWhiteListName = "D:\Program Files\Exchsrvr\Mailroot\vsi 1\WhiteList.txt"

'Set the FilesystemObject variable, set the folder variable
   Set objFSO = CreateObject("Scripting.FileSystemObject")
   Set objArchiveFolder = objFSO.GetFolder(strArchivePath)

'Read the entire WhiteList file into a single string for easy searching
   Set objWhiteList = objFSO.OpenTextFile(strWhiteListName, 1)
   strWhiteList = objWhiteList.ReadAll

'Run through the archive folder.  Process each email (.EML)
   For Each objFile in objArchiveFolder.Files

      If Right(objFile,3) = "EML" then

         'Email found
         Set objUCE = objFSO.OpenTextFile(strArchivePath  & objFile.Name, 1)

         'Read the first line of the file (should be X-Sender line)
         strReadLine = objUCE.Readline

         'Parse the line to only get the X-Sender value
         strXSender = Right(strReadLine,Len(strReadLine)-10)

         'Use the In String function to find the X-Sender value in the WhiteList string
         bMatchSender = InStr(1,strWhiteList,strXSender,1)

         'If bMatchSender is greater than zero, then a match was found
         If bMatchSender > 0 then
                'Close the email, move it to the Pickup folder for mail server processing
                set objUCE = objFSO.getfile(strArchivePath  & objFile.Name)
                'Sender match failed, so look for wildcard domain match
                'Extract domain value from X-Sender string
                strXSenderDomain = Right(strXSender,Len(strXSender)-Instr(1,strXSender,"@",1))

                'Use the In String function to find a wildcard domain entry in the WhileList string
                'A wildcard domain entry is represented by *@ in front of the domain name.
                bMatchDomain = Instr(1,strWhiteList,"*@" & strXSenderDomain,1)

                'If bMatchDomain is greater than zero, then a match was found
                If bMatchDomain > 0 then
                   'Close the email, move it to the Pickup folder for mail server processing
                   set objUCE = objFSO.getfile(strArchivePath  & objFile.Name)

                   'Has failed both sender and sender domain match
                   'Close the email, move it to a folder named for the Year and week number of the year
                   'This cleans up the Archive folder so the messages are continuously scanned.

                   'Get the Year and Week of the file
                   Set objUCE = objFSO.GetFile(strArchivePath  & objFile.Name)
                   dtYear = DatePart("YYYY",objUCE.DateCreated)
                   dtWeek = DatePart("WW",objUCE.DateCreated)

                   'Create the year-week folder if necessary.
                   If Not objFSO.FolderExists(strArchivePath  & dtYear & dtWeek & "\") Then
                      Set objNewFolder = objFSO.CreateFolder(strArchivePath  & dtYear & dtWeek & "\")
                   End If  'end of folder check

                   'Move the email
                   objUCE.Move(strArchivePath  & dtYear & dtWeek & "\")

                End If  'end of domain match check

         End If  'end of sender match check

      End If  'end of email check

   Next 'get next file in folder

-----End copying here-----

Very cool!
Thanks Matthew L.  If you can in anyway help to test/refine it, the script might be useful to many others.  I've posted it to a few open questions today.
What a great script TWBit. Thank you.
Hey...I know this thread is od, but I was having similar problems. WinDeveloper IMFTune worked for me. I was able to add the sender tothe whitelist, bypassing the IMF.  Thanks!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet / Email Software

From novice to tech pro — start learning today.