Exchange IMF - filtering html emails with xml file?

I am running exchange 2003 sp2 and have IMF v2 enabled.  IMF seems to be working well, however we are getting an influx of spoofed email.  In particular it's the email going around with varying (legitimate looking) subject lines, but the following in the body (see sample bmp).
"We ship worldwide! To all countries! To all destinations"
I attempted to setup the custom weight XML file with body filtering enabled for the phrase above, however since the email is in html form, i think it is bypassing it.  This rule is working as i sent a text email from a personal address with the phrase and it was caught, sending it to the UCEarchive folder.  Any thoughts on a new xml file entry that might catch this HTML email at the gateway before hitting my user's mailboxes?
Thanks in advance!
Who is Participating?
Try using these settings to stop receiving emails on exchange server

Recepient Filtering - Checked Filter recipients who are not in directory.

Sender Filtering - Checked archive filtered messages,Filter messages with blank sender,accept messages without notifying sender of filtering.

Connection Filtering - Added and added the ip address to except 3 and 9.

IMF - Block messages with an SCL rating greater than or equal to 7
         Move messages with an SCL rating greater than or equal to 6      

Sender Id filtering - Accept
This doesn't use the IMF but....

Make sure reverse DNS checking is on.  You can turn it on under ESM > Administratove Groups > First administrative group > Servers > (your server name) > Protocol > SMTP > right click on Default SMTP Virtual Server >  click on the Delivery tab > click on the advance button > check the box that says Perform reverse DNS lookup on incoming messages.

If that doesn't work then a temporary fix would be to create a rule in Outlook to move any emails sent from the user  to the user to the junk email directory.  For the few users that do send email to their own email addresses setup a new folder called "Emails to myself" and have all the emails go their.

joseph_mummAuthor Commented:
tenaj-207... any suggestions for external dns servers to query for the reverse lookup?
Your defaults should be fine.  Any DNS server can do a reverse dns lookup, there's no need to configure the external dns servers.
joseph_mummAuthor Commented:
there was a bunch of RBL's in the conneciton filtering options, however connection filtering was not checked off in the smtp virtual server.  Thanks!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.