Solved

Exchange Server and Spam

Posted on 2014-03-07
5
966 Views
Last Modified: 2014-03-10
Our Exchange server was recently updated from 2003 to 2010.  We have never had any hardware or software anti-spam solutions implemented, but after moving to Exchange 2010, we have become inundated with spam.  We have DOZENS of domains added to our whitelist that were being blocked as spam and hundreds of spam emails every day that manage to get into our inboxes.  We never had an issue with 2003.  I "heard" somewhere that 2010's spam filter was pretty poor, with the intention that it was intended to be used with another anti-spam solution.  First, is there any truth to this?  Second, is there a reason why spam became an issue after the upgrade?  The company that did the upgrade wants to "come to the rescue" with, no doubt, an expensive solution, while it seems to me that the Exchange upgrade was somewhat incomplete to begin with.  I'm not necessarily looking for add-on anti-spam solutions, but more curious why the upgrade seems to have led to this and if there is anything built into Exchange 2010 that can help.  Anyone have some insight for me?  Thanks.
0
Comment
Question by:PowerEdgeTech
  • 2
  • 2
5 Comments
 
LVL 8

Expert Comment

by:Jeff Perry
ID: 39912771
We have always used a Cisco IronPort appliance for SPAM filtering/blocking.

At my previous job I used a diy Linux based solution called spamcop but I am pretty sure it has evolved into just being a blacklist service.

Spamcop settings for IMF
•Display Name: spamcop
•DNS Suffix: bl.spamcop.net

I am a little curious as to your statement "We have DOZENS of domains added to our whitelist that were being blocked..." whitelist's are allowed domains and if the spam is coming from those domains then that is a configuration error.

Configuring Intelligent Message Filtering for 2010 is covered in this TechNet article:

http://technet.microsoft.com/en-us/library/aa996604(v=exchg.141).aspx
0
 
LVL 32

Author Comment

by:PowerEdgeTech
ID: 39912855
"I am a little curious as to your statement "We have DOZENS of domains added to our whitelist that were being blocked..." whitelist's are allowed domains and if the spam is coming from those domains then that is a configuration error."

I know what whitelists are.  If we adjust the SCL filtering too low, trying to catch all the spam, then legitimate emails get blocked too (even at SCL 5), so we add them to the whitelist.  Spam is not coming from any of our whitelisted domains.  The domains we added are domains we do business with; we did not add domains like jibakker.com, mindthinksuccess.com, reggaecolombia.com, and enlargeyourmanhood.com.

Again, not looking for add-on solutions for now (we did not have an add-on solution with 2003) - trying to understand why the upgrade to 2010 led to such a drastic increase in spam.

I've looked through the article you posted before and have tried working with much of it ... maybe I need to delve deeper into it (I'm obviously not an Exchange guy), but it hasn't had much of an effect so far.

Thanks for you comments though.
0
 
LVL 8

Accepted Solution

by:
Jeff Perry earned 500 total points
ID: 39913059
No problem I am just not familiar with native Exchange filtering or the SCL values.

I did not mean to imply that you didn't know what a whitelist was, I only meant to say that "domains added to our whitelist that were being blocked..." sounded odd.

My only guess as to why the increase in spam without adding a solution would be either:

the spam settings you had previously were not migrated correctly

or

message filtering wasn't enabled on the new server.

Since you seem to be using native filtering I am assuming a misconfiguration somewhere on the new exchange server.
0
 
LVL 32

Author Comment

by:PowerEdgeTech
ID: 39913262
My only guess as to why the increase in spam without adding a solution would be either:

the spam settings you had previously were not migrated correctly

or

message filtering wasn't enabled on the new server.

Since you seem to be using native filtering I am assuming a misconfiguration somewhere on the new exchange server.
That was my hope - it may give us some ammo in negotiating a solution with the company who did the upgrade.

I never had to do anything with the previous Exchange server, as far as spam went, so if there was any configuration at all, it was pretty darn good at weeding out spam.  Message filtering works on the new server, because as I block keywords or increase/decrease the SCL threshold for spam, it reacts most of the time, but SCL, when used alone, hasn't been a very good indicator of spam for us - too much spam still gets in when set too high; too much legit mail gets blocked when set too low ... SCL of 5 seems to be where we get into trouble ... lots of spam comes in at 5, but so does much of our legit email.

"'domains added to our whitelist that were being blocked...' sounded odd"

Sorry if I didn't make that very clear ... at one point, we tried quarantining SCL 5 messages, but about half of our legit email was being blocked, so we started adding the legit domains to the whitelist.  We have since bumped the SCL to 7 to allow most of the legit email (which is the most important thing at this point), but now we are bombarded with spam that comes in at 5 or 6.

I think we'll let the company handle the solution, with some push-back from our end for what seems to me to be an incomplete install/migration.

Thanks again.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39914395
I've always used Vamsoft ORF for Spam on Exchange and not been disappointed.  I'm not a fan of the built-in tools as they are way too inflexible, but I use some of them in conjunction with Vamsoft and get very low amounts of spam.

www.vamsoft.com

Alan
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now