Excessive SPAM on Exchange server

We are averaging around 22-25% of SPAM on our Exchange 2010 server.  Is there a best practices document for locking down Exchange (receive connector, smarthost, reverse DNS, etc)?  Not an open relay, but think server is not as tightly secured as it needs to be.  We are using Trend Micro's Antispam along with the built-in Spam filter that comes with Exchange.
Who is Participating?
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
The antispam fitlers on an internal server are not different to those on the Edge filter.
Don't change the receive connectors, they will have nothing to do with the level of spam that you have on the server.
Do you have recipient filtering enabled?

IP Block Lists are fine, as long as you are happy with someone else (who is not covered by any law) to decide what email you can receive.

How are you identifying "We are averaging around 22-25% of SPAM". Do you mean that 25% of your email is spam? If so you are doing well, I have clients where it is 80-90% - I have one where statistically 100% of their email is spam (the legitimate email is a rounding error).

Giovanni HewardConnect With a Mentor Commented:
Enable IP Block List Providers:

        Provider name: SpamCop
            DNS suffix: bl.spamcop.net
            Custom error message: {1} has blocked your IP address ({0}) using list '{2}'.  Please see http://www.spamcop.net/w3m?action=checkblock&ip={0} for further information.

        Provider name: SpamHaus
            DNS suffix: zen.spamhaus.org
            Custom error message: {1} has blocked your IP address ({0}) using list '{2}'.  Please see http://www.spamhaus.org/query/bl?ip={0} for further information.
I QasmiCommented:
Try enabling the all the antispam features on the server.

Also it would be better if you implement a transport rule in such a way

That messages from users outside the organisation to the users outside the organisation

set the status as reject as spam will do the work for you.
WebccAuthor Commented:
Have the antispam filtering installed on the transport server.  Seems that they work better if you have an Edge transport server.  Will try to setup IP Blocklist providers.  Hopefully, they will work.  
How should the Receive connectors be setup optimally?  
Have just the default and client connectors.  

Default:  Authentication tab --> TLS, Basic, Exchange Server and Integrated are selected.
               Permissions tab -->  Everything selected except Partners
Client:    Authentication tab -->  TLS, BASIC and Integrated are selected.
               Permission tab -->  Everything selected except Partners

We have an SSL cert for our site.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.