Solved

How configure SBS 2011 built-in spam filter to stop domain spoofing emails

Posted on 2015-01-15
3
1,052 Views
Last Modified: 2015-01-15
What are the steps to configure SBS 2011 built-in anti-spam to stop spammers that spoof our domain name in emails?

We get emails that look like they are from our domain but in fact are not, they are from a different ip address than our mail server.

In other words, only allow our mail server's public ip address to send emails with our domain.
0
Comment
Question by:vled
  • 2
3 Comments
 
LVL 5

Assisted Solution

by:Leon Kammer
Leon Kammer earned 500 total points
ID: 40552083
Hi,

To enable the spam filter and content filter in SBS 2011:

Run the Exchange management Shell as an administrator.
When the Shell is ready, type the following:
CD \
CD "Program Files\Microsoft\Exchange Server\v14\scripts"
./install-antispamagents.ps1

When finished, restart the Microsoft Exchange Transport service, open a command prompt and type:
net stop MSExchangeTransport
net start MSExchangeTransport

Open the Exchange Management Console and in the Organization Configuration > Hub Transport You will notice a new tab labeled Anti-Spam.
Click on the tab.

The Content Filtering feature reads the content of the e-mails and determines whether or not it's spam using heuristics.
The IP Block List feature blocks e-mails from servers that have been flagged by RBL's (Real Time Block Lists) due to known spam activity.

To set up content filtering, double click on the content filtering feature and select the action tab.
By default, the Reject messages that have an SCL rating greater than or equal to.. is selected and set to 7.
The lower the SCL number, the less spam gets through. Since each company has their own preference and tolerance for spam, there is not a "best" number I can recommend to use.

To configure the Block List, double click on IP Block List Providers and click on the Providers tab. Click on the add button to add an RBL provider. SORBS is good, but there are many other RBL's...
http://www.sorbs.net/general/using.shtml this is the SORBS usage site.

In the Provider Name field enter a friendly name.
In the Lookup Domain enter the URL of the Real Time Block List (if you wish to use SORBS, it is spam.dnsbl.sorbs.net).
If you want rejected messages (NDR's or non-delivery responses) to have a custom message attached, click on the Error Messages button and enter your custom message.

Click OK several times until you have exited all of the EMC windows, then exit EMC.
Your spam filter is now active and blocking spam.

Remember to block outbound port 25 on your LAN subnet and allow ONLY the SBS 2011 to send SMTP mail.
This prevents your server's public IP address from winding up on an RBL if one of your LAN pc gets a virus or malware.

Cheers

Leon
1
 

Author Comment

by:vled
ID: 40552145
Thank you for the deployment steps and explanation.

 In the past, I used AVG for a spam filter, they had an anti spoofing  feature where you specified the public ip address of our mail server. It would block emails coming in from senders that used our domain name in the from line ( ex:  admin@ourdomain.com) that were not from the ip address of our mail server.  It stopped emails that looked like they were coming from users within the office being sent to other users in the office.

Unfortunately, AVG announced that they are no longer supporting their email server product with SBS 2011.

 Will the steps you listed above accomplish this specific scenario?
0
 
LVL 5

Accepted Solution

by:
Leon Kammer earned 500 total points
ID: 40552188
You are welcome.
Generally this will combat 90 odd% of the Spam coming in, the SBS AntiSpam filters are really very good.

You can also use the IP Allow list in Edge Transport to configure which IP addresses are allowed to send mail if you so wish.

Cheers

Leon
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now