Exchange 2003 - Advice required on fine tuning IMF, Tar Pit, and other security functions

I need some advice on fine tuning exchange security features.  I have started receiving a lot of Spam directed at genuine mail addresses (Gets stopped by IMF, but worrying all the same!)

I set up the following last year:

IMF (Set to Archive)
Recipient Filtering (Filter recipients who are not in the directory)
Connection Filtering (DSBL Blacklist)
Sender Filter (Filter messages with a blank sender)
Tar Pit (Set to 10 Seconds)

I have 2 questions here:

1. I don't want to have lots of archive junkmail from the IMF bulding up in a folder.  What are the implications of setting the IMF to reject?  What is the best practice for this setting?

2. Tar Pit - after an increase in legitimate email addresses receiving spam I'm worried that my tar pit setting isn't set high enough.  Again what is the best practice for the tar pit setting, and what are the implications of setting it any higher?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TG TranIT guyCommented:
1.  The idea behind archiving is for you to regularly go thru them to find any valid messages and dump the rest.  If you are not doing that, what is the point of archiving junkmail.
2.  Tarpit does not stop spam - not really.  It designed to slow down the spammer - let's say a non-tarpit server receives 100 msg/min, while a tarpit server receive 10 - This "slowness" is a way to fight back.. Too high settings will also slow down legit messages
Scotty_EdAuthor Commented:
1. I currently have IMF set to level 7 which quarantines 99% of my junk mail.  I have had no legitimate emails quarantined to date.  I am the sole admin and we get 20,000+ junkmail a week, I can't sift through that volume of mail anymore.  I want to know the implications of setting IMF to reject and is this good practice or not.
TG TranIT guyCommented:
1.  IMF level 7 is pretty good in terms of preventing fail positives.  If you have been on this level for awhile and no users complained missing emails, you can safely assume that you can have IMF rejecting msg with minimal consequences.  One caveat, if your company has facilities for unsolicited customer inquiries or sales leads (say someone interested in your product and want to find out more about it, email sent to a general mailbox from some obscure domain), you may never see these messages.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Forced accept.

EE Admin
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.