Solved

How configure SBS 2011 built-in spam filter to stop domain spoofing emails

Posted on 2015-01-15
3
1,488 Views
Last Modified: 2015-01-15
What are the steps to configure SBS 2011 built-in anti-spam to stop spammers that spoof our domain name in emails?

We get emails that look like they are from our domain but in fact are not, they are from a different ip address than our mail server.

In other words, only allow our mail server's public ip address to send emails with our domain.
0
Comment
Question by:vled
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 5

Assisted Solution

by:Leon Kammer
Leon Kammer earned 500 total points
ID: 40552083
Hi,

To enable the spam filter and content filter in SBS 2011:

Run the Exchange management Shell as an administrator.
When the Shell is ready, type the following:
CD \
CD "Program Files\Microsoft\Exchange Server\v14\scripts"
./install-antispamagents.ps1

When finished, restart the Microsoft Exchange Transport service, open a command prompt and type:
net stop MSExchangeTransport
net start MSExchangeTransport

Open the Exchange Management Console and in the Organization Configuration > Hub Transport You will notice a new tab labeled Anti-Spam.
Click on the tab.

The Content Filtering feature reads the content of the e-mails and determines whether or not it's spam using heuristics.
The IP Block List feature blocks e-mails from servers that have been flagged by RBL's (Real Time Block Lists) due to known spam activity.

To set up content filtering, double click on the content filtering feature and select the action tab.
By default, the Reject messages that have an SCL rating greater than or equal to.. is selected and set to 7.
The lower the SCL number, the less spam gets through. Since each company has their own preference and tolerance for spam, there is not a "best" number I can recommend to use.

To configure the Block List, double click on IP Block List Providers and click on the Providers tab. Click on the add button to add an RBL provider. SORBS is good, but there are many other RBL's...
http://www.sorbs.net/general/using.shtml this is the SORBS usage site.

In the Provider Name field enter a friendly name.
In the Lookup Domain enter the URL of the Real Time Block List (if you wish to use SORBS, it is spam.dnsbl.sorbs.net).
If you want rejected messages (NDR's or non-delivery responses) to have a custom message attached, click on the Error Messages button and enter your custom message.

Click OK several times until you have exited all of the EMC windows, then exit EMC.
Your spam filter is now active and blocking spam.

Remember to block outbound port 25 on your LAN subnet and allow ONLY the SBS 2011 to send SMTP mail.
This prevents your server's public IP address from winding up on an RBL if one of your LAN pc gets a virus or malware.

Cheers

Leon
1
 

Author Comment

by:vled
ID: 40552145
Thank you for the deployment steps and explanation.

 In the past, I used AVG for a spam filter, they had an anti spoofing  feature where you specified the public ip address of our mail server. It would block emails coming in from senders that used our domain name in the from line ( ex:  admin@ourdomain.com) that were not from the ip address of our mail server.  It stopped emails that looked like they were coming from users within the office being sent to other users in the office.

Unfortunately, AVG announced that they are no longer supporting their email server product with SBS 2011.

 Will the steps you listed above accomplish this specific scenario?
0
 
LVL 5

Accepted Solution

by:
Leon Kammer earned 500 total points
ID: 40552188
You are welcome.
Generally this will combat 90 odd% of the Spam coming in, the SBS AntiSpam filters are really very good.

You can also use the IP Allow list in Edge Transport to configure which IP addresses are allowed to send mail if you so wish.

Cheers

Leon
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question