• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2058
  • Last Modified:

How configure SBS 2011 built-in spam filter to stop domain spoofing emails

What are the steps to configure SBS 2011 built-in anti-spam to stop spammers that spoof our domain name in emails?

We get emails that look like they are from our domain but in fact are not, they are from a different ip address than our mail server.

In other words, only allow our mail server's public ip address to send emails with our domain.
0
vled
Asked:
vled
  • 2
2 Solutions
 
Leon KammerCommented:
Hi,

To enable the spam filter and content filter in SBS 2011:

Run the Exchange management Shell as an administrator.
When the Shell is ready, type the following:
CD \
CD "Program Files\Microsoft\Exchange Server\v14\scripts"
./install-antispamagents.ps1

When finished, restart the Microsoft Exchange Transport service, open a command prompt and type:
net stop MSExchangeTransport
net start MSExchangeTransport

Open the Exchange Management Console and in the Organization Configuration > Hub Transport You will notice a new tab labeled Anti-Spam.
Click on the tab.

The Content Filtering feature reads the content of the e-mails and determines whether or not it's spam using heuristics.
The IP Block List feature blocks e-mails from servers that have been flagged by RBL's (Real Time Block Lists) due to known spam activity.

To set up content filtering, double click on the content filtering feature and select the action tab.
By default, the Reject messages that have an SCL rating greater than or equal to.. is selected and set to 7.
The lower the SCL number, the less spam gets through. Since each company has their own preference and tolerance for spam, there is not a "best" number I can recommend to use.

To configure the Block List, double click on IP Block List Providers and click on the Providers tab. Click on the add button to add an RBL provider. SORBS is good, but there are many other RBL's...
http://www.sorbs.net/general/using.shtml this is the SORBS usage site.

In the Provider Name field enter a friendly name.
In the Lookup Domain enter the URL of the Real Time Block List (if you wish to use SORBS, it is spam.dnsbl.sorbs.net).
If you want rejected messages (NDR's or non-delivery responses) to have a custom message attached, click on the Error Messages button and enter your custom message.

Click OK several times until you have exited all of the EMC windows, then exit EMC.
Your spam filter is now active and blocking spam.

Remember to block outbound port 25 on your LAN subnet and allow ONLY the SBS 2011 to send SMTP mail.
This prevents your server's public IP address from winding up on an RBL if one of your LAN pc gets a virus or malware.

Cheers

Leon
1
 
vledAuthor Commented:
Thank you for the deployment steps and explanation.

 In the past, I used AVG for a spam filter, they had an anti spoofing  feature where you specified the public ip address of our mail server. It would block emails coming in from senders that used our domain name in the from line ( ex:  admin@ourdomain.com) that were not from the ip address of our mail server.  It stopped emails that looked like they were coming from users within the office being sent to other users in the office.

Unfortunately, AVG announced that they are no longer supporting their email server product with SBS 2011.

 Will the steps you listed above accomplish this specific scenario?
0
 
Leon KammerCommented:
You are welcome.
Generally this will combat 90 odd% of the Spam coming in, the SBS AntiSpam filters are really very good.

You can also use the IP Allow list in Edge Transport to configure which IP addresses are allowed to send mail if you so wish.

Cheers

Leon
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now