?
Solved

Outlook Junk mail issues

Posted on 2009-02-14
7
Medium Priority
?
431 Views
Last Modified: 2012-08-13
Hi Folks,

Okay, I am really starting to show some wear on this one...so please, HELP!

I have exchange 2003 running IMF. My clients are all OWA 2003 or Outlook 2003 (cached). Gateway Threshold is 6 and move to Junk is 3.

I am getting spammed and the sender/reply address is a spoofed address from our domain. Despite IMF assigning the message an SCL rating of 5 Outlook seems to place these messages in user's Inboxes. Now, the interesting thing is, is that Outlook is not doing this consistently. Sometimes it moves the messages to Junk but other times it doesn't. I have no idea why it's doing this, but some insight would be great!!

Thanks,

Justin
0
Comment
Question by:jchinyou
  • 4
  • 3
7 Comments
 
LVL 7

Expert Comment

by:skiddy89
ID: 23642897
You need to look into SPF, as natively Exchange doesn't handle this.


GFI MailEssentials has a trial available, which after the trial period ends the SPF module continues to function as freeware.

http://www.msexchange.org/articles/SPF-support-Exchange-freeware.html

The above link will give you all the info you need.

Note, you'll need to add a record to your external DNS servers to get this working correctly. See below link for details on that.

http://www.openspf.org/
0
 
LVL 7

Expert Comment

by:skiddy89
ID: 23642914
Oh, and it's not Outlook that's not catching it consistently. Exchange is catching the mails it considers to be spam correctly, but it's ignoring some of them as they're not meeting it's criteria. It's allowing them through as although it didn't send them, as far as it's concerned they are from your domain.

The DNS record will define which servers are allowed to send mail for that domain. GFI's SPF module will then use this to identify mail that isn't from you.

I've just installed the same thing on my server and it's drastically cut the amount of spoofed mail people are receiving. It's also helped alot with spam in general, so Trend Scanmail might be out the door at the end of this trial period!

0
 
LVL 1

Author Comment

by:jchinyou
ID: 23642916
Hi skiddy89,

I have thought about using an SPF record and then configuring Exchange to block all emails that come from servers without matching SPF records. However an attempt at making this work for me failed horribly. It turns out that several companies/service providers/end users have SPF records that are setup incorrectly thus leading to a problem where if they send us an email it always gets rejected and I cannot change that without changing it globally.


Justin
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Author Comment

by:jchinyou
ID: 23642929
I wasn't sure if it was IMF or Outlook, because I can see IMF assign the messages an SCL of 5 but when it gets to outlook it doesn't place it in Junk. In any case I do believe there is merit to IMF thinking that it is from us because if I remember correctly by default IMF does not check sending server but rather the "To" and "from" fields.

Ill have a look at GFI as soon as I get the chance.


Justin
0
 
LVL 7

Accepted Solution

by:
skiddy89 earned 1000 total points
ID: 23642934
Don't configure anything to block mails from companies without SPF records, just configure it to tag mails that claim to come from your domain but fail their SPF check to be spam.

If you set it to be restrictive to the point of not allowing any mail except from domains which explicitly pass their SPF check then you'll have a very quiet inbox, as it's not that widely implemented yet.

The GFI module has four different levels of "paranoia". I've got my server set to the second one down, which does occasionally let the odd one through. If you still have issues with a specific domain, just add them to the whitelist.
0
 
LVL 1

Author Comment

by:jchinyou
ID: 23642955
Well, initially what i Had setup was...

IMF:

Check For SPF:
 - None, continue Filtering through IMF
 - Had SPF but sending server wasn't listed: Block, Sender responsible for NDR
 - Otherwise pass message onto IMF for delivery.

0
 
LVL 1

Author Closing Comment

by:jchinyou
ID: 31547001
Have to admit it wasn't the answer I was hoping for but this solves my problem and in a fairly inexpensive manner. I was quite impressed with the solution and I think it will work well for me.

Thanks!!!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Today as you open your Outlook, you witness an error message: “Outlook is using an old copy of your Outlook Data File…”. Probably, Outlook is accessing an old OST file.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses
Course of the Month15 days, 4 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question