[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Exchange IMF - filtering html emails with xml file?

Posted on 2009-02-24
Medium Priority
Last Modified: 2012-05-06
I am running exchange 2003 sp2 and have IMF v2 enabled.  IMF seems to be working well, however we are getting an influx of spoofed email.  In particular it's the email going around with varying (legitimate looking) subject lines, but the following in the body (see sample bmp).
"We ship worldwide! To all countries! To all destinations"
I attempted to setup the custom weight XML file with body filtering enabled for the phrase above, however since the email is in html form, i think it is bypassing it.  This rule is working as i sent a text email from a personal address with the phrase and it was caught, sending it to the UCEarchive folder.  Any thoughts on a new xml file entry that might catch this HTML email at the gateway before hitting my user's mailboxes?
Thanks in advance!
Question by:joseph_mumm
  • 2
  • 2

Accepted Solution

Phillip1687 earned 1000 total points
ID: 23723447
Try using these settings to stop receiving emails on exchange server

Recepient Filtering - Checked Filter recipients who are not in directory.

Sender Filtering - Checked archive filtered messages,Filter messages with blank sender,accept messages without notifying sender of filtering.

Connection Filtering - Added zen.spamhaus.org and added the ip address to except 3 and 9.

IMF - Block messages with an SCL rating greater than or equal to 7
         Move messages with an SCL rating greater than or equal to 6      

Sender Id filtering - Accept
LVL 15

Expert Comment

ID: 23723586
This doesn't use the IMF but....

Make sure reverse DNS checking is on.  You can turn it on under ESM > Administratove Groups > First administrative group > Servers > (your server name) > Protocol > SMTP > right click on Default SMTP Virtual Server >  click on the Delivery tab > click on the advance button > check the box that says Perform reverse DNS lookup on incoming messages.

If that doesn't work then a temporary fix would be to create a rule in Outlook to move any emails sent from the user  to the user to the junk email directory.  For the few users that do send email to their own email addresses setup a new folder called "Emails to myself" and have all the emails go their.


Author Comment

ID: 23724901
tenaj-207... any suggestions for external dns servers to query for the reverse lookup?
LVL 15

Expert Comment

ID: 23724953
Your defaults should be fine.  Any DNS server can do a reverse dns lookup, there's no need to configure the external dns servers.

Author Closing Comment

ID: 31550644
there was a bunch of RBL's in the conneciton filtering options, however connection filtering was not checked off in the smtp virtual server.  Thanks!

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses
Course of the Month18 days, 18 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question