Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How configure SBS 2011 built-in spam filter to stop domain spoofing emails

Posted on 2015-01-15
3
1,371 Views
Last Modified: 2015-01-15
What are the steps to configure SBS 2011 built-in anti-spam to stop spammers that spoof our domain name in emails?

We get emails that look like they are from our domain but in fact are not, they are from a different ip address than our mail server.

In other words, only allow our mail server's public ip address to send emails with our domain.
0
Comment
Question by:vled
  • 2
3 Comments
 
LVL 5

Assisted Solution

by:Leon Kammer
Leon Kammer earned 500 total points
ID: 40552083
Hi,

To enable the spam filter and content filter in SBS 2011:

Run the Exchange management Shell as an administrator.
When the Shell is ready, type the following:
CD \
CD "Program Files\Microsoft\Exchange Server\v14\scripts"
./install-antispamagents.ps1

When finished, restart the Microsoft Exchange Transport service, open a command prompt and type:
net stop MSExchangeTransport
net start MSExchangeTransport

Open the Exchange Management Console and in the Organization Configuration > Hub Transport You will notice a new tab labeled Anti-Spam.
Click on the tab.

The Content Filtering feature reads the content of the e-mails and determines whether or not it's spam using heuristics.
The IP Block List feature blocks e-mails from servers that have been flagged by RBL's (Real Time Block Lists) due to known spam activity.

To set up content filtering, double click on the content filtering feature and select the action tab.
By default, the Reject messages that have an SCL rating greater than or equal to.. is selected and set to 7.
The lower the SCL number, the less spam gets through. Since each company has their own preference and tolerance for spam, there is not a "best" number I can recommend to use.

To configure the Block List, double click on IP Block List Providers and click on the Providers tab. Click on the add button to add an RBL provider. SORBS is good, but there are many other RBL's...
http://www.sorbs.net/general/using.shtml this is the SORBS usage site.

In the Provider Name field enter a friendly name.
In the Lookup Domain enter the URL of the Real Time Block List (if you wish to use SORBS, it is spam.dnsbl.sorbs.net).
If you want rejected messages (NDR's or non-delivery responses) to have a custom message attached, click on the Error Messages button and enter your custom message.

Click OK several times until you have exited all of the EMC windows, then exit EMC.
Your spam filter is now active and blocking spam.

Remember to block outbound port 25 on your LAN subnet and allow ONLY the SBS 2011 to send SMTP mail.
This prevents your server's public IP address from winding up on an RBL if one of your LAN pc gets a virus or malware.

Cheers

Leon
1
 

Author Comment

by:vled
ID: 40552145
Thank you for the deployment steps and explanation.

 In the past, I used AVG for a spam filter, they had an anti spoofing  feature where you specified the public ip address of our mail server. It would block emails coming in from senders that used our domain name in the from line ( ex:  admin@ourdomain.com) that were not from the ip address of our mail server.  It stopped emails that looked like they were coming from users within the office being sent to other users in the office.

Unfortunately, AVG announced that they are no longer supporting their email server product with SBS 2011.

 Will the steps you listed above accomplish this specific scenario?
0
 
LVL 5

Accepted Solution

by:
Leon Kammer earned 500 total points
ID: 40552188
You are welcome.
Generally this will combat 90 odd% of the Spam coming in, the SBS AntiSpam filters are really very good.

You can also use the IP Allow list in Edge Transport to configure which IP addresses are allowed to send mail if you so wish.

Cheers

Leon
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question