Link to home
Start Free TrialLog in
Avatar of johnnymags
johnnymagsFlag for United States of America

asked on

How to configre anti-spam in Forefront Protection 2010 for Exchange

Last week I switched from Symantec Mail Security for Exchange which was running the anti-spam agent on an E2K3 box to Forefront Protection 2010 for Exchange on an E27K box. It seemed that Symantec caught more spam or virtually all of it. I am not sure if Forefront is configured right or if it is not a good as Syamntec. Below are my settings and spam examples that are getting through in large quantities.
Thanks for any help.
Spam-example.docx
Config1.jpg
Config2.jpg
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
Are all the engine updates sourced and deployed? Advanced options - update all engines - view all engines
Avatar of johnnymags
johnnymags
Flag of United States of America image

ASKER

yes they are
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
and adding the word viagra or viagra-store to the keyword block does not sort it out?
Avatar of johnnymags
johnnymags
Flag of United States of America image

ASKER

yes I did add and nope did not work, I have tried everything, that's why i posted on here..anyway below are two that I still can't block from the yahoo.com domain

thanks for looking at this

1.
Received: from wsmarth-swift.pas.sa.earthlink.net (207.217.120.253) by
 mail1.mapleton.com (192.168.2.20) with Microsoft SMTP Server (TLS) id
 8.2.254.0; Tue, 20 Apr 2010 10:05:17 -0700
Received: from domrl-brush.atl.sa.earthlink.net ([207.69.231.198])      by
 wsmarth-swift.pas.sa.earthlink.net with smtp (Exim 3.36 #4)      id
 1O4Gsv-00084y-00      for jmagyar@mapletoninvestments.com; Tue, 20 Apr 2010
 10:05:17 -0700
X-ELNK-Loop: john@jmagyar.com
Received: from haji-e6a3badf9d ([131.114.4.119])      by
 domrl-brush.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id
 1o4gSU78w3Nl5vE0      for <jmagyar@mapletoninvestments.com>; Tue, 20 Apr 2010
 13:05:16 -0400 (EDT)
Received: by mta-webmail.rezinpjtcprrx.com (Postfix, from userid 94216)      id
 INDSAC0040C4212; Sun, 19 Mar 2000 19:01:55 -0800
Received: from mail.lobxt       by localdomain with local (Postfix);      Sun, 19 Mar
 2000 19:01:55 -0800
Date: Sun, 19 Mar 2000 19:01:55 -0800
To: <john@jmagyar.com>
From: <usacanada2@yahoo.com>
Reply-To: usacanada2@yahoo.com
Subject: ###########USA CANADA DRUG########
Message-ID: <20000320030180817qgbvt@localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Return-Path: usacanada2@yahoo.com
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-Antispam-Report: v=1.1
 cv=6T7g28+stPFUmD/pL8v9Iko/FM48YqyBijkSt7olyrk= c=1 sm=1 a=GJ3jUI72UeAA:10
 a=qkleutdSrU4A:10 a=oJL9TIRMo0YA:10 a=nSIHA-kfN74A:10 a=8nJEP1OIZ-IA:10
 a=ftvXphmRuDk2HvqR3YtIeg==:17 a=5t_wNYsfAAAA:8 a=-Z1I6zKmfET59E-bUzoA:9
 a=xtk0rTMpCVMBiW79c4oB3ODJtHYA:4 a=wPNLvfGTeEIA:10
 a=DovQ0OSlC1XoSPfO04ShyA==:117;OrigIP:207.217

2.
Received: from wsmarth-swift.pas.sa.earthlink.net (207.217.120.253) by
 mail1.mapleton.com (192.168.2.20) with Microsoft SMTP Server (TLS) id
 8.2.254.0; Tue, 20 Apr 2010 10:05:17 -0700
Received: from domrl-brush.atl.sa.earthlink.net ([207.69.231.198])      by
 wsmarth-swift.pas.sa.earthlink.net with smtp (Exim 3.36 #4)      id
 1O4Gsv-00084y-00      for jmagyar@mapletoninvestments.com; Tue, 20 Apr 2010
 10:05:17 -0700
X-ELNK-Loop: john@jmagyar.com
Received: from haji-e6a3badf9d ([131.114.4.119])      by
 domrl-brush.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id
 1o4gSU78w3Nl5vE0      for <jmagyar@mapletoninvestments.com>; Tue, 20 Apr 2010
 13:05:16 -0400 (EDT)
Received: by mta-webmail.rezinpjtcprrx.com (Postfix, from userid 94216)      id
 INDSAC0040C4212; Sun, 19 Mar 2000 19:01:55 -0800
Received: from mail.lobxt       by localdomain with local (Postfix);      Sun, 19 Mar
 2000 19:01:55 -0800
Date: Sun, 19 Mar 2000 19:01:55 -0800
To: <john@jmagyar.com>
From: <usacanada2@yahoo.com>
Reply-To: usacanada2@yahoo.com
Subject: ###########USA CANADA DRUG########
Message-ID: <20000320030180817qgbvt@localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Return-Path: usacanada2@yahoo.com
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-Antispam-Report: v=1.1
 cv=6T7g28+stPFUmD/pL8v9Iko/FM48YqyBijkSt7olyrk= c=1 sm=1 a=GJ3jUI72UeAA:10
 a=qkleutdSrU4A:10 a=oJL9TIRMo0YA:10 a=nSIHA-kfN74A:10 a=8nJEP1OIZ-IA:10
 a=ftvXphmRuDk2HvqR3YtIeg==:17 a=5t_wNYsfAAAA:8 a=-Z1I6zKmfET59E-bUzoA:9
 a=xtk0rTMpCVMBiW79c4oB3ODJtHYA:4 a=wPNLvfGTeEIA:10
 a=DovQ0OSlC1XoSPfO04ShyA==:117;OrigIP:207.217.120.253;SCL:-1

Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
Interesting that the SCL (spam confidence level) is set to -1, this normally between 0 and 9 for delivered emails. The value of -1 is reserved for microsoft exchange internal email - ie mail that is sent within your own organisation as opposed to having arrived from outside.

http://msdn.microsoft.com/en-us/library/ms998863



ASKER CERTIFIED SOLUTION
Avatar of johnnymags
johnnymags
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
Excellent, sounds like I was on the right path but I am surprised MS have not notified the issue with 2007 and that a potential fix exists. That is a fairly naughty omission.