We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Email - SPAM rejection Exchange McAfee

Medium Priority
1,904 Views
Last Modified: 2013-12-09
We are recieveing excessive spam and rejections from windows live and hotmail accounts.

The setup is as follows;

SBS 2003 Exchange smtp feed
Fixed ip address, McAfee ITotal Protection Service.

McAfee is catching a fair amount of spam for users, but they are still recieving too much.
Also users are having mail sent to hotmail windows live accounts rejected, with the following message.

host mx3.hotmail.com [65.54.244.200]: 550 SC-001 Mail rejected by Windows Live Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation problems. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit http://postmaster.live.com for email delivery information and support

When i do a rDNS lookup we have no-dns-yet.demon.co.uk ???  this is not our domain.

Any help apprecieted


Comment
Watch Question

SurajSenior System Engineer
CERTIFIED EXPERT
Commented:
Just Follow this :

1) fist and the formost thing is to enable all the spam filterings on the exchange server :

--> On the properties of Message Delivery under Global Settings in the Recipients Filtering tab checked the 'Filter recipients who are not in the directory'
--> On the Sender Filtering tab checked the 'Filter messages with blank sender'
-->  On the Connection Filtering tab added a rule in the Block List Service Configuration as a display name of Spam Haus, DNS suffix of zen.spamhaus.org and on the return status code clicked on the Match filter rule to any of the filter responses and added the IP address from 127.0.0.2 to 127.0.0.12 with an exception
of 127.0.0.1, 127.0.0.3 and 127.0.0.9
-->  On the IMF tab changed the Gateway Blocking Configuration threshold to 7 and Archive When blocking messages and the Store Junk Email Configuration threshold to 6
-> then go to properties of default smtp virtual server--> general tab-->advance button--> edit--> and check mark all the filters except sender id filtering.................

-> enable tarpeting through the registry path :
-> NOW we wil add a regustry key so that if the spammer is using any kind of script exchange will break it....HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC\Parameters and added a deword value TarpitTime and gave it a value of 5.

2) now stop the SMTP service. and go to "C:\Program Files\Exchsrvr\Mailroot location and rename Mailroot to MailrootOLD.
3) restart SMTP...... check the mail flow and monitor the queues......

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
SurajSenior System Engineer
CERTIFIED EXPERT

Commented:
check if the server is open for relay. properties of Default smtp virtual server ->access tab--> relay
you should have the first option selected there. "Only the List Below"
and there should be nothng there in the List
lemme know if you have any questions

-x
Expert of the Quarter 2009
Expert of the Year 2009
Commented:
Is your ISP Demon internet?
If so then you need to contact them to get a reverse DNS setup. The address you have posted is the default address that Demon apply to connections that do not have anything configured.

Lack of reverse DNS will cause a problem.
As an interim measure, re-run the Configure Email and Connection wizard and change the setting to use a smart host and then enter the host name of your ISPs SMTP Server. If it is Demon then it is post.demon.co.uk from memory.

If you follow the instructions above that will mean you are using a blacklist. Are you sure that you want to do that? Using a blacklist basically means that someone else is deciding what email you can receive and you may find that it blocks more email than you wish. You cannot do anything about it as there is no white list function in Exchange for blacklist support.

And if you are using McAfee then IMF isn't really going to do a great deal to block the spam to be honest.

-M

Author

Commented:
thanks for responses, i would prefer not to use the blacklist, although it may come to that, I will tune the exchanhe filters first.

Regards, reverse DNS we already use the demon smart host to send.??

Expert of the Quarter 2009
Expert of the Year 2009

Commented:
If you are sending email through the Demon smart host (not something I would advise personally, but that can wait for another day), then you shouldn't be getting those messages, unless Hotmail have blocked Demon's SMTP server cluster.

It could always be the content of your messages. Do you have graphics in your messages linked to external hosts, use stationery?

A blacklist isn't going to help with outbound email anyway.

-M

Author

Commented:
mestha

Thanks just got something back from demon saying that hotmail had blocked one of their gateways. and it has now been resolved.

Thanks

I am at the moment changing the values in Global Setting - Intelligent Message Delivery , i am reducing them to see if it improves things.

Although is suggests that you need ienable intelligemt message filtering in the vitrtual SMTP connector, i do not seem to have the option to enable. I am not sure if that is just for the gateway or for the junkmail filter.

am i wasting my time changing the thresholds?

Author

Commented:
I spotted how to add intelligent messaghe filtering to the Virtual SMTP connection ( edit apply ),
I have never used that before is it useful, do people keep it on?

SurajSenior System Engineer
CERTIFIED EXPERT

Commented:
Yes Ofcourse it is. it is one of the best Anti spam filter in Exch 2003 !!!
its scans the entire body , subhect of the email and rates the email an SCL rating.(1-9)
it will do this for Inbond internet mail...
it fires 2 times... One at Gateway and other at store...
Download the Guide :
http://technet.microsoft.com/en-us/library/aa996624(EXCHG.65).aspx
this will tell you each and every thing about it....

Just read this too... your all questions will be answered ;-)

http://support.microsoft.com/kb/555602

-x

Author

Commented:
Sorry to ask, is it good> or is your reply got some sarcasm in it, thanks for the links either way.
SurajSenior System Engineer
CERTIFIED EXPERT

Commented:
Its Good ! best practice !
its an inbuilt feature of spam filter By microsoft... so .. its good....
IMF does filterins based on words, characters .. which no other filter does.. you can also customise it...
so Thats why.. its called INTELLIGENT MESSAGE FILTER ;-)

-X
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
IMF is basic at best. It is good for free, but that is about it.
However as with all antispam solutions, it can work really well for some people and be totally useless for others. I have some clients who use nothing else, others where we had to go to a third party for antispam that worked.
However I do suggest that you try it, as it is built in to the product. However if it doesn't work for you then you will need to look elsewhere.

If you have licences for McAfee's antispam solution then I would be looking to see if that is running at optimum levels, however it can be the case that a product simply doesn't work for some people.

-M
Sorry meant to assign points to all that helped with info can they please be reassigned

Author

Commented:
thanks for the info
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.