baleman2
asked on
Exchange 2007 delivering email marked as SPAM
Our domain has a known manufacturer's firewall through which all email traffic must flow before reaching our Exchange Server.
We subscribe to Anti-Virus and Anti-Spyware services from this firewall manufacturer. Therefore, all email receives a scan while passing through this device. If Spam is detected by the firewall, the message is tagged and the word "SPAM" is added to the subject line. The email then passes through to the Exchange Server for delivery to the email recipient.
The firewall can be set to "discard" rather than "tag" the email as it comes through. However, the "discard" action can only be set for SMTP traffic, whereas POP3 traffic can only be set to "tag". I'm assuming that POP3 traffic would be emails from the outside world delivered to our domain via email senders using @Hotmail.com, @yahoomail.com, etc.
I would like to stop delivery of these messages to the email recipient.
I'm wondering if the Exchange Server can be set to recognize a key work in the subject line (in my case the word "SPAM") and simply NEVER deliver the email?
We subscribe to Anti-Virus and Anti-Spyware services from this firewall manufacturer. Therefore, all email receives a scan while passing through this device. If Spam is detected by the firewall, the message is tagged and the word "SPAM" is added to the subject line. The email then passes through to the Exchange Server for delivery to the email recipient.
The firewall can be set to "discard" rather than "tag" the email as it comes through. However, the "discard" action can only be set for SMTP traffic, whereas POP3 traffic can only be set to "tag". I'm assuming that POP3 traffic would be emails from the outside world delivered to our domain via email senders using @Hotmail.com, @yahoomail.com, etc.
I would like to stop delivery of these messages to the email recipient.
I'm wondering if the Exchange Server can be set to recognize a key work in the subject line (in my case the word "SPAM") and simply NEVER deliver the email?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, Pete.
I'd like to get more info concerning the destination of the discarded messages. When you mentioned the "Deleted Items" or "Spam" folder, would that be a newly created folder on the Exchange Server? Or, could the message continue to be delivered to the end recipient but automatically be delivered to a folder in his/her mailbox, i.e., "Junk", "Deleted Items", etc., thereby, bypassing the "Inbox" folder of the end recipient.
Our organization would benefit if the message could still be examined by the end recipient. This would come into play when the firewall detects a "false positive" in an email message. Right now, the message is still delivered so that the end recipient can inform me that the email "sender" is from a reliable source. I, in turn, will add that email "sender" to the White List in the firewall which allows delivery.
Although our White List now contains most of the email addresses of trusted "senders", a transport rule deleting all messages with the word "SPAM" in the subject line would prohibit an end recipient receiving a possibly important email.
I'm just beginning the process of thinking this through. Any additional input would be greatly appreciated.
I'd like to get more info concerning the destination of the discarded messages. When you mentioned the "Deleted Items" or "Spam" folder, would that be a newly created folder on the Exchange Server? Or, could the message continue to be delivered to the end recipient but automatically be delivered to a folder in his/her mailbox, i.e., "Junk", "Deleted Items", etc., thereby, bypassing the "Inbox" folder of the end recipient.
Our organization would benefit if the message could still be examined by the end recipient. This would come into play when the firewall detects a "false positive" in an email message. Right now, the message is still delivered so that the end recipient can inform me that the email "sender" is from a reliable source. I, in turn, will add that email "sender" to the White List in the firewall which allows delivery.
Although our White List now contains most of the email addresses of trusted "senders", a transport rule deleting all messages with the word "SPAM" in the subject line would prohibit an end recipient receiving a possibly important email.
I'm just beginning the process of thinking this through. Any additional input would be greatly appreciated.
"I'm assuming that POP3 traffic would be emails from the outside world delivered to our domain via email senders using @Hotmail.com, @yahoomail.com, etc."
Your assumption there is WRONG.
POP3 traffic would be traffic from your server to your own clients using POP3. With Exchange, you don't normally use POP3, you would use Outlook Anywhere.
Therefore all of your external email traffic is SMTP traffic - nothing else.
The simple method is the one that has been outlined - set your firewall to discard nothing, then configure a transport rule to assign an SCL value of 9 to all emails with the spam tag. The messages will then go in to the junk email folder within Outlook. This is also available through OWA. User can then sort through the messages themselves, deleting the spam and rescuing the valid.
Simon.
Your assumption there is WRONG.
POP3 traffic would be traffic from your server to your own clients using POP3. With Exchange, you don't normally use POP3, you would use Outlook Anywhere.
Therefore all of your external email traffic is SMTP traffic - nothing else.
The simple method is the one that has been outlined - set your firewall to discard nothing, then configure a transport rule to assign an SCL value of 9 to all emails with the spam tag. The messages will then go in to the junk email folder within Outlook. This is also available through OWA. User can then sort through the messages themselves, deleting the spam and rescuing the valid.
Simon.
ASKER
To Simon:
Before I received your post, I'd followed Pete's instructions and created a Transport Rule. If the word "SPAM" is detected in the Subject Line, the email never gets delivered by our Exchange Server. The word "SPAM" would be in the Subject Line ONLY if placed there as a "tag" by our hardware firewall (before passing the message along to the Exchange Server) - which would ONLY place the word "SPAM" there if something was detected based on its own malware/spyware/virus definitions.
In doing so, I found that (within the options provided) I could send a "bounceback" message to the original sender. I could also modify the message to read, "Our Exchange Server has detected a problem with your email. Please contact the Addressee with this information."
If there is not some undiscovered problem with this option, I may just leave it alone. This has already stopped nuisance emails from populating our end users' mailboxes. It also gives the "sender" (if a valid sender) the opportunity to call in and get on our White List. If the original sender is not a valid sender anyway, no harm done??????? If the original sender's email was indeed infected, the bounceback message would give them some warning of problems on their end.
Please advise.
Before I received your post, I'd followed Pete's instructions and created a Transport Rule. If the word "SPAM" is detected in the Subject Line, the email never gets delivered by our Exchange Server. The word "SPAM" would be in the Subject Line ONLY if placed there as a "tag" by our hardware firewall (before passing the message along to the Exchange Server) - which would ONLY place the word "SPAM" there if something was detected based on its own malware/spyware/virus definitions.
In doing so, I found that (within the options provided) I could send a "bounceback" message to the original sender. I could also modify the message to read, "Our Exchange Server has detected a problem with your email. Please contact the Addressee with this information."
If there is not some undiscovered problem with this option, I may just leave it alone. This has already stopped nuisance emails from populating our end users' mailboxes. It also gives the "sender" (if a valid sender) the opportunity to call in and get on our White List. If the original sender is not a valid sender anyway, no harm done??????? If the original sender's email was indeed infected, the bounceback message would give them some warning of problems on their end.
Please advise.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
PL