• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 460
  • Last Modified:

Exchange 2003 - Advice required on fine tuning IMF, Tar Pit, and other security functions

I need some advice on fine tuning exchange security features.  I have started receiving a lot of Spam directed at genuine mail addresses (Gets stopped by IMF, but worrying all the same!)

I set up the following last year:

IMF (Set to Archive)
Recipient Filtering (Filter recipients who are not in the directory)
Connection Filtering (DSBL Blacklist)
Sender Filter (Filter messages with a blank sender)
Tar Pit (Set to 10 Seconds)

I have 2 questions here:

1. I don't want to have lots of archive junkmail from the IMF bulding up in a folder.  What are the implications of setting the IMF to reject?  What is the best practice for this setting?

2. Tar Pit - after an increase in legitimate email addresses receiving spam I'm worried that my tar pit setting isn't set high enough.  Again what is the best practice for the tar pit setting, and what are the implications of setting it any higher?

Cheers
Scott
0
Scotty_Ed
Asked:
Scotty_Ed
  • 2
1 Solution
 
tgtranCommented:
1.  The idea behind archiving is for you to regularly go thru them to find any valid messages and dump the rest.  If you are not doing that, what is the point of archiving junkmail.
2.  Tarpit does not stop spam - not really.  It designed to slow down the spammer - let's say a non-tarpit server receives 100 msg/min, while a tarpit server receive 10 - This "slowness" is a way to fight back.. Too high settings will also slow down legit messages
0
 
Scotty_EdAuthor Commented:
1. I currently have IMF set to level 7 which quarantines 99% of my junk mail.  I have had no legitimate emails quarantined to date.  I am the sole admin and we get 20,000+ junkmail a week, I can't sift through that volume of mail anymore.  I want to know the implications of setting IMF to reject and is this good practice or not.
0
 
tgtranCommented:
1.  IMF level 7 is pretty good in terms of preventing fail positives.  If you have been on this level for awhile and no users complained missing emails, you can safely assume that you can have IMF rejecting msg with minimal consequences.  One caveat, if your company has facilities for unsolicited customer inquiries or sales leads (say someone interested in your product and want to find out more about it, email sent to a general mailbox from some obscure domain), you may never see these messages.
 
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now