Exchange Intelligent Messaging Service
- Thread starter Voltage
- Start date
Yup, used it extensively.
Make sure you have Exchange Service Pack 2 installed as it greatly improves the IMF.
enable it by ticking it in the advanced properties of your SMTP virtual server.
In message delivery you have the Intelligent message filter tab, in here you set SCL ratings for messages to be blocked.
These values are from 1-9.
1 being the strictest and 9 being least.
If you set a value of 1 you will almost defintely see legitimate mail being blocked.
At 9 hardly anthing will be blocked.
You have to tweak so make incremental changes, restart the SMTP virtual server, and monitor the difference.
The Top value is the value where the connection will be dropped if a piece of spam is detected. Set the action to reject so that it returns a 5.7.1 error to the sender.
The bottom value is the value where it decides to send mail to Outlook 2003's junk mail folder.
Basically it's an "I don't know so I'm sending it to your junk mail folder for you to decide".
you can create whitelists in the registry and custom filters to let mail through as theyre is no easy whitelist function
You do need to call Microsoft PSS to get the hotfix mentioned in KBA 912587 - http://support.microsoft.com/?id=912587. This updates MSGFILTER.DLL to version 6.5.7650.22.
With the hotfix applied, you need to fire up regedit and
- create a new key called ContentFilter in HKLM\Software\Microsoft\Exchange.
- create a new DWORD value called CheckRecipients
- if you want to use an exclusive list - which means messages IMF will bypass (not scan) the message if ALL recipients in the message are on the list, modify CheckRecipients DWORD value you just created and type 2 in Value data
- Create a new Multi-String value called RecipList - and add names of recipients you want to exclude from IMF filtering.
To create a custom filter you need to register the MSExchange.UceContentFilter.dll file, you do this by opening a command prompt then issue the following command:
regsvr32 Drive_letter:\Program Files\Exchsrvr\bin\MSCFV2\MSExchange.UceContentFilter.dll
When the MSExchange.UceContentFilter.dll file has been registered you can start to add words or phrases to the MSExchange.UceContentFilter.xml, normally Notepad would be sufficient for this task (just make sure you save the file as a .xml in the Unicode format)
This is an example XML file
?xml version="1.0" encoding="UTF-16"?>
<CustomWeightEntries xmlns="http://schemas.microsoft.com/2005/CustomWeight">
<CustomWeightEntry Type="BODY" Change="1" Text="Tortured with health problems?"/>
<CustomWeightEntry Type="BODY" Change="-2" Text=" Cigar Sampler and Bonus Gifts for Xmas"/>
<CustomWeightEntry Type="BODY" Change=”4" Text="Special offer"/>
<CustomWeightEntry Type="BODY" Change="-7" Text="Gratis piller"/>
<CustomWeightEntry Type="SUBJECT" Change="MIN" Text="Free Pills"/>
<CustomWeightEntry Type="BOTH" Change="MAX" Text="Cheap Viagra"/>
</CustomWeightEntries>
Make sure you open it in IE before using it or else the IMF filter will fail to load.
The XML needs to be perfect or else IMF is broken.
If you change the UCL to 0 then the message is Assigned an SCL of MIN and gets through.
then you just need to think about your keywords.
Make sure you have Exchange Service Pack 2 installed as it greatly improves the IMF.
enable it by ticking it in the advanced properties of your SMTP virtual server.
In message delivery you have the Intelligent message filter tab, in here you set SCL ratings for messages to be blocked.
These values are from 1-9.
1 being the strictest and 9 being least.
If you set a value of 1 you will almost defintely see legitimate mail being blocked.
At 9 hardly anthing will be blocked.
You have to tweak so make incremental changes, restart the SMTP virtual server, and monitor the difference.
The Top value is the value where the connection will be dropped if a piece of spam is detected. Set the action to reject so that it returns a 5.7.1 error to the sender.
The bottom value is the value where it decides to send mail to Outlook 2003's junk mail folder.
Basically it's an "I don't know so I'm sending it to your junk mail folder for you to decide".
you can create whitelists in the registry and custom filters to let mail through as theyre is no easy whitelist function
You do need to call Microsoft PSS to get the hotfix mentioned in KBA 912587 - http://support.microsoft.com/?id=912587. This updates MSGFILTER.DLL to version 6.5.7650.22.
With the hotfix applied, you need to fire up regedit and
- create a new key called ContentFilter in HKLM\Software\Microsoft\Exchange.
- create a new DWORD value called CheckRecipients
- if you want to use an exclusive list - which means messages IMF will bypass (not scan) the message if ALL recipients in the message are on the list, modify CheckRecipients DWORD value you just created and type 2 in Value data
- Create a new Multi-String value called RecipList - and add names of recipients you want to exclude from IMF filtering.
To create a custom filter you need to register the MSExchange.UceContentFilter.dll file, you do this by opening a command prompt then issue the following command:
regsvr32 Drive_letter:\Program Files\Exchsrvr\bin\MSCFV2\MSExchange.UceContentFilter.dll
When the MSExchange.UceContentFilter.dll file has been registered you can start to add words or phrases to the MSExchange.UceContentFilter.xml, normally Notepad would be sufficient for this task (just make sure you save the file as a .xml in the Unicode format)
This is an example XML file
?xml version="1.0" encoding="UTF-16"?>
<CustomWeightEntries xmlns="http://schemas.microsoft.com/2005/CustomWeight">
<CustomWeightEntry Type="BODY" Change="1" Text="Tortured with health problems?"/>
<CustomWeightEntry Type="BODY" Change="-2" Text=" Cigar Sampler and Bonus Gifts for Xmas"/>
<CustomWeightEntry Type="BODY" Change=”4" Text="Special offer"/>
<CustomWeightEntry Type="BODY" Change="-7" Text="Gratis piller"/>
<CustomWeightEntry Type="SUBJECT" Change="MIN" Text="Free Pills"/>
<CustomWeightEntry Type="BOTH" Change="MAX" Text="Cheap Viagra"/>
</CustomWeightEntries>
Make sure you open it in IE before using it or else the IMF filter will fail to load.
The XML needs to be perfect or else IMF is broken.
If you change the UCL to 0 then the message is Assigned an SCL of MIN and gets through.
then you just need to think about your keywords.
from:
http://www.microsoft.com/technet/prodtechnol/exchange/downloads/2003/imf/default.mspx
---------------------------------------
Note for SBS and other POP Users:
The POP3 connector on SBS2003 uses CDO through the pickup folder for delivery and therefore it misses the "End of Data" event sink used by IMF. Therefore messages delivered through the POP3 connector won’t be scanned by IMF.
---------------------------------------
although I guess SMTP is OK, I didn't know what you are using
I've not had a look at the IMF before, is keyword scanning all it does ?
I can give you 50 ways to (mis)spell "Cheap Viagra", so I'm not sure it will catch much...
.
http://www.microsoft.com/technet/prodtechnol/exchange/downloads/2003/imf/default.mspx
---------------------------------------
Note for SBS and other POP Users:
The POP3 connector on SBS2003 uses CDO through the pickup folder for delivery and therefore it misses the "End of Data" event sink used by IMF. Therefore messages delivered through the POP3 connector won’t be scanned by IMF.
---------------------------------------
although I guess SMTP is OK, I didn't know what you are using
I've not had a look at the IMF before, is keyword scanning all it does ?
I can give you 50 ways to (mis)spell "Cheap Viagra", so I'm not sure it will catch much...
.
Last edited:
