Thursday 8 January 2009

How to make your spam filter hardcore (IMF tweaking)

23:25 by 
NB. The following document makes the assumption that you are using Exchange 2003 SP2 and that connection filtering/IMF on the SMTP virtual connector is enabled.

Step 1: Enable Intelligent Message Filter (IMF) auto update -The regular updates to the Intelligent Message Filter (IMF) will place the newest spam definitions onto mail processing Exchange Servers. (http://msexchangeteam.com/archive/2005/12/14/416070.aspx)



Step 2: SCL rating - We need to find out the average SCL rating of legitimate mail and the SCL rating of SPAM so we can tweak the IMF. To do this we can add a SCL rating header within an Outlook client. (http://support.microsoft.com/kb/895091)



Step 3: Store Junk E-mail Configuration - We should now have the average (ish) SCL rating of legitimate mail and spam. Go into the IMF settings tab on the Exchange server and amend the Store Junk E-mail Configuration to a number higher than the legitimate mail threshold but lower or equal to the spam threshold. If you set this number too low, you’ll get false positives and legitimate emails will be placed into the junk folder.



Step 4: Gateway Blocking Configuration – Set the number pretty high, seven is always good. If you are using additional software such as Symantec Mail for Exchange then set the When blocking messages action to No Action. We do this because we want our additional software to handle the messages from now on. If however you are not using any additional software then set this to one of the other options Archive, Delete or Reject depending on how you want the IMF to handle the spam.


Step 5: Connection Filtering Tab – Here we can enter the Real-time Blacklists (RBL). RBL’s deny SMTP connections to your server. They have no concept of email addresses and can only block connections based on whether the remote address is listed or not. Using RBL’s will block vast amounts of spam so I would recommend it. The following RBL’s seem to be pretty good:


bl.spamcop.net

zen.spamhaus.org

bl.csma.biz

t1.dnsbl.net.au


If you are using additional software such as Symantec Mail for Exchange then don’t bother configuring the Connection filtering at this stage, instead it can be done using your additional software. If you are not using any additional software then add the lists mentioned above.

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Powered by Blogger.

My Blog List