Remove VPN users - Mail blocked by IML / SCL

I have set up a remote VPN solution for a client (Cisco ASA running WebVPN) all appears to be fine, however remote users who are emailing other users in the same mail domain. are getting their mail blocked by the Exchange 2003 Intelligent Mail filter.

example header from a filtered email (X-SCL rating of 8) from home worker to office worker:
X-SCL: 8 91.28%

Now I know you can't "whitelist" against the IMF, but you are supposed to be able to bypass it by IP address, so Ive added the IP address of the firewall applieance, and the subnet thats being leased to the remote VPN users. (And enabled this on the Default SMTP virtual Server)

Still the problem remains?

Has anyone Cisco expert or Exchange Expert seen this before? Im loathed to log a call to Cisco TAC because they will blame Exchange and Im loather to call Microsoft for the same reason

Any thoughts?

LVL 58
Pete LongTechnical ConsultantAsked:
Who is Participating?
florin_sConnect With a Mentor Commented:

We do not use the IMF in our company but I might have found something that helps, it seems that there are some bugs related to the IMF:

Therefore, if you need messages with the SCL level of 8 to be blocked, and messaged with the SCL level of 6 to be moved to the user's Junk E-Mail folder, you will need to configure the threshold levels with 7 and 5 respectively:

Please see the following link:
Pete LongTechnical ConsultantAuthor Commented:
I had a read through that, which sent me round the houses to;en-us;867633 which tells me these guys should get stamped with an SCL of -1 anyway? The article above is more concerned with the wrong levels getting blocked, these guys should not get a high SCL rating at all - its essentially internal mail flow? - still head scrathing :(

Thanks for your input m8
florin_sConnect With a Mentor Commented:
As I said before I also have no real experience with IMF but as I see this might be a trial and error situation, try with different raitings.
I am curious about the result, anyway I will ask my colleagues if they encountered this before and post here.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Pete LongTechnical ConsultantAuthor Commented:
Call opened to Cisco TAC
Pete LongTechnical ConsultantAuthor Commented:
Still with TAC.........................
Do you have something until now, because until now I think it takes a bit long.
What did they tell you?
Pete LongTechnical ConsultantAuthor Commented:
waiting on third party to send info to CIsco :(
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.