As the administrator for my organization, I probably receive over 1000 pieces of spam email in about 3 days. The employees who have been here for years get three times as much as I do. We all get annoyed by it and there really is no way to get rid of spam 100% unless if we decided to not do e-mail communication. There are a few ways to combat spam and one of them is to install the built-in anti-spam that comes with Microsoft Exchange 2007.
To do this you'll have to login to your Exchange server and open Powershell and then:
- change directories to "Program Files\Microsoft\Exchange Server\Scripts"
- type "./install-AntispamAgents.ps1" and hit Enter
- Then you must restart the 'Microsoft Exchange Transport' service for the configuration to complete.
Configuring the anti-spam settings for the server is a cakewalk once it is installed.
The following steps are what I have applied to my own server in order to lower the amount of spam hitting our servers.
To configure your anti-spam settings on Exchange Server 2007:
Open the Exchange Management Console and expand Organization Configuration and select Hub Transport
On the details page select the Anti-spam tab
Here you will see a list of features. For a simple setup we are interested in Content Filtering | IP Block List Providers | Recipient Filtering and Sender Reputation.
Content Filtering
The purpose of this feature is to filter various email messages depending on their spam confidence level (SCL). I have set my server to delete any messages that have an SCL level of 9 or above. Typical email messages from your colleagues usually have an SCL of 5 or below. Anything with an SCL level of 6 or greater gets rejected and the sender receives a non-deliverable stating that their email was rejected because it may be considered spam. Any message with an SCL rating of 5 or greater gets quarantined in an inbox I have specified below, labeled 'scl@domain.com'. That quarantine inbox will need to be monitored for any false positives.
bypass the antispam filter. The sender just has to put the word '*bypass*' (the word I have specified) in the beginning of the message. You can also insert phrases or words at the bottom to allow the server to block any messages containing bad words or phrases.Recipient Filtering
The Recipient Filtering feature allows us to block any email messages to recipients that are not even listed in our Global Address list. This feature is very helpful and allows your Exchange server to work a lot less since it will not process any emails targeted to rogue accounts. I've seen our queue drop significantly after enabling this option.
Sender Reputation
You can enable the server to perform an open proxy test when determining sender confidence level. There is a little information bit underneath that checkbox that says:
An open proxy test tries to connect to the sender's originating IP address with an SMTP request. If the Microsoft Exchange Edge Transport server recieves an SMTP request through known open proxy ports and protocols, the sender is considered an open proxy and a potential threat, and the sender's send reputation level is adjusted accordingly.
Check the box if you would like Exchange 2007 anti-spam to be more accurate. The action tab allows you to set the aggressiveness of the Exchange anti-spam service. If you move the knob closer to Maximum(9), you may block valid senders. Too much to the left, Minimum(0), allows spam to get through to your users.
IP Block List Providers
To further protect your organization against spam, you can add an IP block list provider. In the screenshot, I have added Spam Haus to your filter. Spam Haus tracks Internet spammers and it is quite accurate. There are other lists you can add to Exchange server to have it more robust but that is all to your preference. For the information needed to add Spam Haus as an IP Block List Provider click here. Keep in mind, the Spam Haus Block List can only be added to your Exchange server as long as your traffic is "low". For larger organizations, Spam Haus allows you to purchase a subscription to their list.
Results
We have a 3rd party program installed in our network to help detect and deter spam and these were the results I would see in the morning report:
*The results vary from day to day depending on how many emails we receive and how much spam we get.
After implementing Exchange Server 2007 anti-spam, our reports show that most of the spam gets stopped at the server level:
As shown, there are a lot less messages scanned by our 3rd party anti-spam/virus thus also catching less spam. A lot of our users here are happier, of course, and productivity goes up since they are not spending as much time going through spam.
I'd like to hear from you on how you help your organization fight against spam. If you have any questions or comments about this article please let me know!
*Disclaimer: This article contains instructions are settings applied to my own server and strictly does not mean it will work 100%, with no issues, on any other setup. The following is simply informational and I am not liable for any damages occurred on your own server.
Posts
1 comments:
one of the most important features to fight spam in Exchange 2007 are blocklist providers.
there's a nice article over here explaining how these work...have a look:
http://www.allspammedup.com/2009/08/understanding-blocklist-providers/
Post a Comment