Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Remove VPN users - Mail blocked by IML / SCL

Posted on 2008-10-24
7
Medium Priority
?
668 Views
Last Modified: 2013-11-16
I have set up a remote VPN solution for a client (Cisco ASA running WebVPN) all appears to be fine, however remote users who are emailing other users in the same mail domain. are getting their mail blocked by the Exchange 2003 Intelligent Mail filter.

_______
example header from a filtered email (X-SCL rating of 8) from home worker to office worker:
 
x-sender: usera@domainname.org.uk
x-receiver: userb@domainname.org.uk
X-SCL: 8 91.28%

Now I know you can't "whitelist" against the IMF, but you are supposed to be able to bypass it by IP address, so Ive added the IP address of the firewall applieance, and the subnet thats being leased to the remote VPN users. (And enabled this on the Default SMTP virtual Server)

Still the problem remains?

Has anyone Cisco expert or Exchange Expert seen this before? Im loathed to log a call to Cisco TAC because they will blame Exchange and Im loather to call Microsoft for the same reason

Any thoughts?

0
Comment
Question by:Pete Long
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 12

Accepted Solution

by:
florin_s earned 2000 total points
ID: 22794846
Hi,

We do not use the IMF in our company but I might have found something that helps, it seems that there are some bugs related to the IMF:

Therefore, if you need messages with the SCL level of 8 to be blocked, and messaged with the SCL level of 6 to be moved to the user's Junk E-Mail folder, you will need to configure the threshold levels with 7 and 5 respectively:

Please see the following link:

http://www.petri.co.il/bug_in_imf_interface.htm
0
 
LVL 57

Author Comment

by:Pete Long
ID: 22794895
I had a read through that, which sent me round the houses to http://support.microsoft.com/default.aspx?scid=kb;en-us;867633 which tells me these guys should get stamped with an SCL of -1 anyway? The article above is more concerned with the wrong levels getting blocked, these guys should not get a high SCL rating at all - its essentially internal mail flow? - still head scrathing :(

Thanks for your input m8
0
 
LVL 12

Assisted Solution

by:florin_s
florin_s earned 2000 total points
ID: 22798782
As I said before I also have no real experience with IMF but as I see this might be a trial and error situation, try with different raitings.
I am curious about the result, anyway I will ask my colleagues if they encountered this before and post here.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 57

Author Comment

by:Pete Long
ID: 22812228
Call opened to Cisco TAC
0
 
LVL 57

Author Comment

by:Pete Long
ID: 22921625
Still with TAC.........................
0
 
LVL 12

Expert Comment

by:florin_s
ID: 22922089
Do you have something until now, because until now I think it takes a bit long.
What did they tell you?
0
 
LVL 57

Author Comment

by:Pete Long
ID: 22922509
waiting on third party to send info to CIsco :(
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question