What is the best practice for filtering email in an Exchange environment?

Posted on 2007-08-07
Medium Priority
Last Modified: 2013-11-22
What is the best practice for filtering email in an Exchange environment?

Do you use IMF in Exchange and then a third party app to further filter or do you use a third party app exclusively?

If you do use a third party app, what is it?  And could you explain how you use it in your environment?

Thanks for your time.

Question by:dgriffit55
LVL 11

Assisted Solution

TWBit earned 200 total points
ID: 19646413
I use IMF as it does a pretty good job of knocking down 90% of my spam.  I block at an SCL rating of 5 or greater, which for some people might be a little low - others may block in the 6-8 range.  Have such a low rating increases false-positives, which is why I developed a whitelisting script (although there are ones you can purchase).  I also have Sunbelt Software's Messaging Ninja for a select few other users who were receiving inordinate amounts of spam (before IMF was implemented, still in use afterwards).  It blocks just about all spam that manages to get through IMF.
LVL 18

Assisted Solution

PowerIT earned 200 total points
ID: 19648850
IMF didn't cut it for us. We have 89.5% of spam messages. Only a small percentage is legitimate mail. With IMF we had too many false postivis and still to much spam made it to the inboxes. Also, the users where not that happy to have to go through unwanted mail folder regularely.
So we use a third party appliance: a PineApp Mailsecure. http://www.pineapp.com/products.php?ms2000 
For us it blocks > 99...% spam with almost 0 false positives. The system also gets very frequent updates and Pineapp seems to be on top of the latest - and not so greatest - types of spam. They adapt fast!
Next to a very good and up to date anti-spam engine (and antivirus) it accomplishes this through the aid of the users. You can set things up so that users get a daily (or more frequent) list of all blocked and not blocked email. The mailuser himself can then release any false positives himself and also mark the sender as being safe. Blacklisten can also be handled by the user. In essence the user trains the system where necessary. After a few weeks things stabilize and only rarely do the users have to release/whitelist/blacklist anything.
It also takes away the burden of managing lists from the IT department.
It's very easy to set up. Basically you forward the SMTP traffic from your firewall to the appliance. And in the appliance you configure which is your exchange server. So it sits inline between your firewall and the exchange server. They have different classes of appliances depending on the load / number of users.
And no, I am not or shareholder, employee or distributer of PineApp ;-) Just a very happy user with very happy endusers.
Quote from my CEO: I can finally use my email again! Need I say more.

LVL 104

Accepted Solution

Sembee earned 400 total points
ID: 19648864
My solution is very simple.
Vamsoft ORF on the Exchange server. It does greylisting ONLY. IMF is also enabled.
That's it. Nothing else required. I have that combination on four sites working fine. Spam is a rare occurrence to the clients. A few items get through IMF and are archived, the archive is checked every day and has less than a dozen items in it.

LVL 25

Assisted Solution

by:Ron Malmstead
Ron Malmstead earned 200 total points
ID: 19677731

Author Comment

ID: 19769600
anybody else like to add anything?

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question