Exchange Server and Spam
Our Exchange server was recently updated from 2003 to 2010. We have never had any hardware or software anti-spam solutions implemented, but after moving to Exchange 2010, we have become inundated with spam. We have DOZENS of domains added to our whitelist that were being blocked as spam and hundreds of spam emails every day that manage to get into our inboxes. We never had an issue with 2003. I "heard" somewhere that 2010's spam filter was pretty poor, with the intention that it was intended to be used with another anti-spam solution. First, is there any truth to this? Second, is there a reason why spam became an issue after the upgrade? The company that did the upgrade wants to "come to the rescue" with, no doubt, an expensive solution, while it seems to me that the Exchange upgrade was somewhat incomplete to begin with. I'm not necessarily looking for add-on anti-spam solutions, but more curious why the upgrade seems to have led to this and if there is anything built into Exchange 2010 that can help. Anyone have some insight for me? Thanks.
ASKER
"I am a little curious as to your statement "We have DOZENS of domains added to our whitelist that were being blocked..." whitelist's are allowed domains and if the spam is coming from those domains then that is a configuration error."
I know what whitelists are. If we adjust the SCL filtering too low, trying to catch all the spam, then legitimate emails get blocked too (even at SCL 5), so we add them to the whitelist. Spam is not coming from any of our whitelisted domains. The domains we added are domains we do business with; we did not add domains like jibakker.com, mindthinksuccess.com, reggaecolombia.com, and enlargeyourmanhood.com.
Again, not looking for add-on solutions for now (we did not have an add-on solution with 2003) - trying to understand why the upgrade to 2010 led to such a drastic increase in spam.
I've looked through the article you posted before and have tried working with much of it ... maybe I need to delve deeper into it (I'm obviously not an Exchange guy), but it hasn't had much of an effect so far.
Thanks for you comments though.
I know what whitelists are. If we adjust the SCL filtering too low, trying to catch all the spam, then legitimate emails get blocked too (even at SCL 5), so we add them to the whitelist. Spam is not coming from any of our whitelisted domains. The domains we added are domains we do business with; we did not add domains like jibakker.com, mindthinksuccess.com, reggaecolombia.com, and enlargeyourmanhood.com.
Again, not looking for add-on solutions for now (we did not have an add-on solution with 2003) - trying to understand why the upgrade to 2010 led to such a drastic increase in spam.
I've looked through the article you posted before and have tried working with much of it ... maybe I need to delve deeper into it (I'm obviously not an Exchange guy), but it hasn't had much of an effect so far.
Thanks for you comments though.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My only guess as to why the increase in spam without adding a solution would be either:That was my hope - it may give us some ammo in negotiating a solution with the company who did the upgrade.
the spam settings you had previously were not migrated correctly
or
message filtering wasn't enabled on the new server.
Since you seem to be using native filtering I am assuming a misconfiguration somewhere on the new exchange server.
I never had to do anything with the previous Exchange server, as far as spam went, so if there was any configuration at all, it was pretty darn good at weeding out spam. Message filtering works on the new server, because as I block keywords or increase/decrease the SCL threshold for spam, it reacts most of the time, but SCL, when used alone, hasn't been a very good indicator of spam for us - too much spam still gets in when set too high; too much legit mail gets blocked when set too low ... SCL of 5 seems to be where we get into trouble ... lots of spam comes in at 5, but so does much of our legit email.
"'domains added to our whitelist that were being blocked...' sounded odd"
Sorry if I didn't make that very clear ... at one point, we tried quarantining SCL 5 messages, but about half of our legit email was being blocked, so we started adding the legit domains to the whitelist. We have since bumped the SCL to 7 to allow most of the legit email (which is the most important thing at this point), but now we are bombarded with spam that comes in at 5 or 6.
I think we'll let the company handle the solution, with some push-back from our end for what seems to me to be an incomplete install/migration.
Thanks again.
I've always used Vamsoft ORF for Spam on Exchange and not been disappointed. I'm not a fan of the built-in tools as they are way too inflexible, but I use some of them in conjunction with Vamsoft and get very low amounts of spam.
www.vamsoft.com
Alan
www.vamsoft.com
Alan
At my previous job I used a diy Linux based solution called spamcop but I am pretty sure it has evolved into just being a blacklist service.
Spamcop settings for IMF
•Display Name: spamcop
•DNS Suffix: bl.spamcop.net
I am a little curious as to your statement "We have DOZENS of domains added to our whitelist that were being blocked..." whitelist's are allowed domains and if the spam is coming from those domains then that is a configuration error.
Configuring Intelligent Message Filtering for 2010 is covered in this TechNet article:
http://technet.microsoft.com/en-us/library/aa996604(v=exchg.141).aspx