We help IT Professionals succeed at work.

Outlook Junk mail issues

Medium Priority
457 Views
Last Modified: 2012-08-13
Hi Folks,

Okay, I am really starting to show some wear on this one...so please, HELP!

I have exchange 2003 running IMF. My clients are all OWA 2003 or Outlook 2003 (cached). Gateway Threshold is 6 and move to Junk is 3.

I am getting spammed and the sender/reply address is a spoofed address from our domain. Despite IMF assigning the message an SCL rating of 5 Outlook seems to place these messages in user's Inboxes. Now, the interesting thing is, is that Outlook is not doing this consistently. Sometimes it moves the messages to Junk but other times it doesn't. I have no idea why it's doing this, but some insight would be great!!

Thanks,

Justin
Comment
Watch Question

Commented:
You need to look into SPF, as natively Exchange doesn't handle this.


GFI MailEssentials has a trial available, which after the trial period ends the SPF module continues to function as freeware.

http://www.msexchange.org/articles/SPF-support-Exchange-freeware.html

The above link will give you all the info you need.

Note, you'll need to add a record to your external DNS servers to get this working correctly. See below link for details on that.

http://www.openspf.org/

Commented:
Oh, and it's not Outlook that's not catching it consistently. Exchange is catching the mails it considers to be spam correctly, but it's ignoring some of them as they're not meeting it's criteria. It's allowing them through as although it didn't send them, as far as it's concerned they are from your domain.

The DNS record will define which servers are allowed to send mail for that domain. GFI's SPF module will then use this to identify mail that isn't from you.

I've just installed the same thing on my server and it's drastically cut the amount of spoofed mail people are receiving. It's also helped alot with spam in general, so Trend Scanmail might be out the door at the end of this trial period!

Author

Commented:
Hi skiddy89,

I have thought about using an SPF record and then configuring Exchange to block all emails that come from servers without matching SPF records. However an attempt at making this work for me failed horribly. It turns out that several companies/service providers/end users have SPF records that are setup incorrectly thus leading to a problem where if they send us an email it always gets rejected and I cannot change that without changing it globally.


Justin

Author

Commented:
I wasn't sure if it was IMF or Outlook, because I can see IMF assign the messages an SCL of 5 but when it gets to outlook it doesn't place it in Junk. In any case I do believe there is merit to IMF thinking that it is from us because if I remember correctly by default IMF does not check sending server but rather the "To" and "from" fields.

Ill have a look at GFI as soon as I get the chance.


Justin
Commented:
Don't configure anything to block mails from companies without SPF records, just configure it to tag mails that claim to come from your domain but fail their SPF check to be spam.

If you set it to be restrictive to the point of not allowing any mail except from domains which explicitly pass their SPF check then you'll have a very quiet inbox, as it's not that widely implemented yet.

The GFI module has four different levels of "paranoia". I've got my server set to the second one down, which does occasionally let the odd one through. If you still have issues with a specific domain, just add them to the whitelist.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Well, initially what i Had setup was...

IMF:

Check For SPF:
 - None, continue Filtering through IMF
 - Had SPF but sending server wasn't listed: Block, Sender responsible for NDR
 - Otherwise pass message onto IMF for delivery.

Author

Commented:
Have to admit it wasn't the answer I was hoping for but this solves my problem and in a fairly inexpensive manner. I was quite impressed with the solution and I think it will work well for me.

Thanks!!!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.