Exchange IMF - filtering html emails with xml file?

I am running exchange 2003 sp2 and have IMF v2 enabled.  IMF seems to be working well, however we are getting an influx of spoofed email.  In particular it's the email going around with varying (legitimate looking) subject lines, but the following in the body (see sample bmp).
"We ship worldwide! To all countries! To all destinations"
I attempted to setup the custom weight XML file with body filtering enabled for the phrase above, however since the email is in html form, i think it is bypassing it.  This rule is working as i sent a text email from a personal address with the phrase and it was caught, sending it to the UCEarchive folder.  Any thoughts on a new xml file entry that might catch this HTML email at the gateway before hitting my user's mailboxes?
Thanks in advance!
Sample.bmp
joseph_mummAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Phillip1687Commented:
Try using these settings to stop receiving emails on exchange server

Recepient Filtering - Checked Filter recipients who are not in directory.

Sender Filtering - Checked archive filtered messages,Filter messages with blank sender,accept messages without notifying sender of filtering.

Connection Filtering - Added zen.spamhaus.org and added the ip address 127.0.0.2 to 127.0.0.11 except 3 and 9.

IMF - Block messages with an SCL rating greater than or equal to 7
         Move messages with an SCL rating greater than or equal to 6      

Sender Id filtering - Accept

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tenaj-207Commented:
This doesn't use the IMF but....

Make sure reverse DNS checking is on.  You can turn it on under ESM > Administratove Groups > First administrative group > Servers > (your server name) > Protocol > SMTP > right click on Default SMTP Virtual Server >  click on the Delivery tab > click on the advance button > check the box that says Perform reverse DNS lookup on incoming messages.

If that doesn't work then a temporary fix would be to create a rule in Outlook to move any emails sent from the user  to the user to the junk email directory.  For the few users that do send email to their own email addresses setup a new folder called "Emails to myself" and have all the emails go their.

-Tenaj
joseph_mummAuthor Commented:
tenaj-207... any suggestions for external dns servers to query for the reverse lookup?
tenaj-207Commented:
Your defaults should be fine.  Any DNS server can do a reverse dns lookup, there's no need to configure the external dns servers.
joseph_mummAuthor Commented:
there was a bunch of RBL's in the conneciton filtering options, however connection filtering was not checked off in the smtp virtual server.  Thanks!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.