• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 222
  • Last Modified:

Spam blocking Exchange Server

I have SBS 2003 with Exchange Server 2003
I already use Intelligent Message Filtering and use these two SBLs:
bl.spamcop.net
sbl.spamhaus.org

But I still get a lot of spams...What is the best way out there?  Please help...I reward 500 points.

Thanks
0
edmund7s
Asked:
edmund7s
  • 4
  • 4
  • 3
  • +4
3 Solutions
 
nightmare2Commented:
Use a good antispam software like Mail Essentials (www.gfi.com)
or an antispam appliance (www.barracudanetworks.com)
There are also some open source solutions (spamassassin.apache.org)
0
 
SembeeCommented:
There is no such thing as the "best" solution, because every site is different.
Some sites will swear by GFI ME, others will swear at it.
Ditto for things like Barracuda's or external services like Postini or message labs.

Personally I have seen a cut in the amount of spam received via greylisting. That is a technique, not an application. There are a number of tools that will do greylisting for you, such as Vamsoft ORF.

Whatever you decide to do, you must evaluate the product before purchasing, to ensure that they don't block too much legitimate email.

Simon.
0
 
kaushal2004Commented:
you may try an inexpensive hosted solution by http://www.spamstopshere.com

as mentioned above, what works for others may not work for you.  you have try options and see where it works and where it fails.  LOL.  This is called QA before Implementation.  Just a thought.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
Malli BoppeCommented:
we are using surf control and don't remember me getting a single spam email.Neither heard from any of our 1200 users that they are receiving spam.
0
 
bluetabCommented:
There's a couple things you do.  The first thing you can do is edit your MX records.  Most spammers only send mail to the first MX record and if the email doesn't go through the email gets dropped.  The reason they only send to the first mail server is that they are trying to get as much spam out as possible.  So you can edit your MX records as follows:
10 fake.domain.com
20 real.domain.com
30 fake1.domain.com
This procedure has been known to cut spam by as much as 50% to 70%.  And best of yet it's free.

The other thing you can do is utilize a service.  I've started using http://www.junkemailfilter.com and it's working great.  The service is relatively cheap.  For small domains they charge $10/month and for larger domains they charge by the number of emails delivered.  The way their service works is that the email is sent to their MX servers, they filter and then forward to your mail server.  
0
 
grbladesCommented:
bl.spamcop.net works well.
sbl.spamhaus.org is an outdated address. You should be using zen.spamhaus.org. Are you sure this is working as they firewall anyone using it relativly heavily so you might find it is not working. You need to subscribe to their feed service if you are a corporate user which is $500/year for 100 users.
0
 
SembeeCommented:
Blacklists are fine if you want someone else deciding what email you will receive.
I don't, so I don't use blacklists on any of my clients.

Simon.
0
 
edmund7sAuthor Commented:
grblades:
What do you mean by this?
>Are you sure this is working as they firewall anyone using it relativly heavily so you might find it is not
>working. You need to subscribe to their feed service if you are a corporate user which is $500/year
>for 100 users.

Because I've never paid and I just add their addresses to the IMF?
Please tell me more about this
0
 
grbladesCommented:
Have a look at http://www.spamhaus.org/datafeed/faq.lasso#153 (last section) and http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20How%20To%20Use#204

Basically companies and ISP's should be using their data feed service anyway. They have recently started identifying IP addresses which use their service extensivly and firewalling these (1st URL) so that the requests time out. There is a test you can do detailed in the 2nd URL which will tell you if it is working.
0
 
grbladesCommented:
To some extent I agree with Sembee. When I setup our new spam filter I did not use any RBLs on the MTA at all for the first 3 months. After that I produced a report of all identified non-spam messages which happened to match the RBL and only came across a single probable false positive out of 185000 spams and 30000 non-spam messages. This was perfectly acceptible so I implemented the RBL's on the MTA which reduced our incoming spam from about 2200 a day down to about 500.
0
 
edmund7sAuthor Commented:
How can I tell if my spam has decreased? Where can I check this from the server?
0
 
grbladesCommented:
I am not familiar with exchange but there should be some report which tells you how many emails the SMTP process has received or how many it has blocked due to RBL checks.
0
 
SembeeCommented:
Perfmon will give you numbers of messages that have been dropped, blocked etc.

Simon.
0
 
edmund7sAuthor Commented:
How do I use perfmon?  I typed in perfmon on command prompt on the SBS server and a performance window came out but I couldn't find what has been dropped.
0
 
SembeeCommented:
You have to configure perfmon yourself. Typing perfmon just brings up the interface. Once the interface has started, change it to report view using CTRL R.
Then add the counters that you need by pressing the + icon.
The counters are spread out, you will need to look through the counters to find ones that give the information that you need.

Simon.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 4
  • 4
  • 3
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now