?
Solved

Exchange Server and Spam

Posted on 2014-03-07
5
Medium Priority
?
1,074 Views
Last Modified: 2014-03-10
Our Exchange server was recently updated from 2003 to 2010.  We have never had any hardware or software anti-spam solutions implemented, but after moving to Exchange 2010, we have become inundated with spam.  We have DOZENS of domains added to our whitelist that were being blocked as spam and hundreds of spam emails every day that manage to get into our inboxes.  We never had an issue with 2003.  I "heard" somewhere that 2010's spam filter was pretty poor, with the intention that it was intended to be used with another anti-spam solution.  First, is there any truth to this?  Second, is there a reason why spam became an issue after the upgrade?  The company that did the upgrade wants to "come to the rescue" with, no doubt, an expensive solution, while it seems to me that the Exchange upgrade was somewhat incomplete to begin with.  I'm not necessarily looking for add-on anti-spam solutions, but more curious why the upgrade seems to have led to this and if there is anything built into Exchange 2010 that can help.  Anyone have some insight for me?  Thanks.
0
Comment
Question by:PowerEdgeTech
  • 2
  • 2
5 Comments
 
LVL 8

Expert Comment

by:Jeff Perry
ID: 39912771
We have always used a Cisco IronPort appliance for SPAM filtering/blocking.

At my previous job I used a diy Linux based solution called spamcop but I am pretty sure it has evolved into just being a blacklist service.

Spamcop settings for IMF
•Display Name: spamcop
•DNS Suffix: bl.spamcop.net

I am a little curious as to your statement "We have DOZENS of domains added to our whitelist that were being blocked..." whitelist's are allowed domains and if the spam is coming from those domains then that is a configuration error.

Configuring Intelligent Message Filtering for 2010 is covered in this TechNet article:

http://technet.microsoft.com/en-us/library/aa996604(v=exchg.141).aspx
0
 
LVL 33

Author Comment

by:PowerEdgeTech
ID: 39912855
"I am a little curious as to your statement "We have DOZENS of domains added to our whitelist that were being blocked..." whitelist's are allowed domains and if the spam is coming from those domains then that is a configuration error."

I know what whitelists are.  If we adjust the SCL filtering too low, trying to catch all the spam, then legitimate emails get blocked too (even at SCL 5), so we add them to the whitelist.  Spam is not coming from any of our whitelisted domains.  The domains we added are domains we do business with; we did not add domains like jibakker.com, mindthinksuccess.com, reggaecolombia.com, and enlargeyourmanhood.com.

Again, not looking for add-on solutions for now (we did not have an add-on solution with 2003) - trying to understand why the upgrade to 2010 led to such a drastic increase in spam.

I've looked through the article you posted before and have tried working with much of it ... maybe I need to delve deeper into it (I'm obviously not an Exchange guy), but it hasn't had much of an effect so far.

Thanks for you comments though.
0
 
LVL 8

Accepted Solution

by:
Jeff Perry earned 2000 total points
ID: 39913059
No problem I am just not familiar with native Exchange filtering or the SCL values.

I did not mean to imply that you didn't know what a whitelist was, I only meant to say that "domains added to our whitelist that were being blocked..." sounded odd.

My only guess as to why the increase in spam without adding a solution would be either:

the spam settings you had previously were not migrated correctly

or

message filtering wasn't enabled on the new server.

Since you seem to be using native filtering I am assuming a misconfiguration somewhere on the new exchange server.
0
 
LVL 33

Author Comment

by:PowerEdgeTech
ID: 39913262
My only guess as to why the increase in spam without adding a solution would be either:

the spam settings you had previously were not migrated correctly

or

message filtering wasn't enabled on the new server.

Since you seem to be using native filtering I am assuming a misconfiguration somewhere on the new exchange server.
That was my hope - it may give us some ammo in negotiating a solution with the company who did the upgrade.

I never had to do anything with the previous Exchange server, as far as spam went, so if there was any configuration at all, it was pretty darn good at weeding out spam.  Message filtering works on the new server, because as I block keywords or increase/decrease the SCL threshold for spam, it reacts most of the time, but SCL, when used alone, hasn't been a very good indicator of spam for us - too much spam still gets in when set too high; too much legit mail gets blocked when set too low ... SCL of 5 seems to be where we get into trouble ... lots of spam comes in at 5, but so does much of our legit email.

"'domains added to our whitelist that were being blocked...' sounded odd"

Sorry if I didn't make that very clear ... at one point, we tried quarantining SCL 5 messages, but about half of our legit email was being blocked, so we started adding the legit domains to the whitelist.  We have since bumped the SCL to 7 to allow most of the legit email (which is the most important thing at this point), but now we are bombarded with spam that comes in at 5 or 6.

I think we'll let the company handle the solution, with some push-back from our end for what seems to me to be an incomplete install/migration.

Thanks again.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39914395
I've always used Vamsoft ORF for Spam on Exchange and not been disappointed.  I'm not a fan of the built-in tools as they are way too inflexible, but I use some of them in conjunction with Vamsoft and get very low amounts of spam.

www.vamsoft.com

Alan
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will demonstrate that how to do a PST migration from Exchange Server to Office 365. This method allows importing one single PST, or multiple PST's at once.
What is the biggest problem in managing an exchange environment today? It is the lack of backups, disaster recovery (DR) plan, testing of the DR plan or believing that it won’t happen to us.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

593 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question