Microsoft has made an excellent toolset for reducing the spam (get your No Spam T-Shirt (Google Affiliate Ad) here!) sent through your Exchange 2003 server. In a future article I will address similar measures for Exchange 2007 and 2010 - the Exchange 2003 just happens to be what I worked on today and noted the steps for tonights blog entry.
- If you haven't already ( I won't judge, I promise) download and install Exchange 2003 Service Pack 2. I'll wait. Don't know which one you're on? On your server open the Exchange System Manager, go to Servers, then expand the fifth column, it will tell you there.
- Enable filtering based on free Real-Time Black Lists (free RBL? Wow!) following the instructions at http://support.microsoft.com/kb/823866/en-us and using the following servers:
Spamhaus zen.spamhaus.org* (this one gives a return code, see http://www.spamhaus.org/zen/)
SpamCop bl.spamcop.net
Surriel psbt.surriel.com
SORBS dnsbl.sorbs.net - Expand Global Settings then right click Message Delivery then select Properties. Click the Recipient tab then make certain the "Filter Recipients who are not in the Directory" box is checked. This prevents your server from bouncing non-deliverable reports to senders and places the burden of saying "sorry, noone here by that name" on the senders e-mail server where it belongs.
- Click the Intelligent Message Filter then change the Block SCL to 8 and set the action to "Reject" - after a few weeks of testing you can set this to "Block". The difference is that "Reject" sends a non-deliverable report back to the sender, allowing you to diagnose incorrect rejections. "Block" silently drops the message.
Set your store and Move to Junk Mail to 6. Later on you may tweak these if too many messages are marked as spam or you are receiving too much junk. - Now you need to enable your new filters. In the Exchange System Manager expand Servers,
, Protocols, SMTP, then right-click the Default SMTP Virtual Server and select Properties. Click the Advanced button on the first page, click Edit . . . the select the boxes next to Apply Recipient Filter, Apply Connection Filter, and Apply Intelligent Message Filter. Save these settings. - Restart your Exchange Store Service (if you've come this far you probably know how. . .)
Now you should send some messages from the outside world to an internal user. Use Gmail or Outlook.com or whatever you like.
Now that you're sending and receiving like you were before you may not be aware of whether this is really working. To see some metrics that reveal what's going on behind the scenes you will use the Performance Monitor.
- Go to Start, Administrative Tools, and open Performance Monitor.
- Delete the default counters then add the following:
SMTP Server -> Messages Delivered Total
MS Exchange Transport Filter Sink -> Connections rejected by Block List Providers
Intelligent Message Filter -> Total Messages Scanned for UCE
Intelligent Message Filter -> Total Messages Assigned an SCL Rating of 0-9 (add all ten!) - Click OK then change your report type to Histogram or Report.
After a few days you will notice a line at the higher end of the Total Messages Assigned an SCL Rating that is taller than the rest (normally 7 or 8). This should be what you set your Block SCL to - everything which receives that rating is typically junk and the junk volume often exceeds the volume of legitimate messages.
