When Microsoft designed Exchange Server 2003, spam was already a huge problem and Redmond included many antispam features in Exchange 2003. While there are the various Software Development Kits (SDKs) that allow third-party companies to develop antispam products for Exchange and now Microsoft's Intelligent Message Filter is available, Exchange offers its own set of antispam capabilities.
In this tip I discuss four of the major features that Exchange 2003 offers to help reduce the amount of spam you receive. You can find more information and a list of these features at http://www.microsoft.com/exchange/techinfo/security/antispam.asp.
#1: Sender filtering. Sender filtering lets you establish a list of users that you do not want to receive mail from (similar to a blacklist). When new messages arrive, Exchange compares the From field to your blocked sender list to see if there is a match. If a match exists, Exchange can drop the connection with the sender rather than accepting the message.
If you want to enable sender filtering, you can do so by opening the Exchange System Manager and navigating to Global Settings | Message Delivery. Right click on the Message Delivery container and select the Properties command from the resulting shortcut menu to reveal the Message Delivery Properties sheet. Now, just select the Sender Filtering tab and then click the Add button to specify the sender that you would like to block.
#2: Recipient filtering. Another antispam option found on the Message Delivery Properties sheet is recipient filtering. Recipient filtering involves blocking messages sent to particular recipients. At first, such an option might sound ineffective in the war against spam, but if you look at the Recipient Filtering tab you will notice that the tab contains a check box labeled Filter Recipients Who Are Not In The Directory. This option allows Exchange to block all messages that are destined for users who do not exist within the Active Directory.
Think about it this way: A lot of spam is sent to random addresses at registered domains in hopes of hitting a legitimate e-mail box in the process. Normally, when a message arrives that's intended for a non-existent address, Exchange had to waste resources by generating and transmitting a Non Delivery Report (NDR). However, if you were to select this check box you can force Exchange to simply reject the message rather than respond with an NDR.
#3: Global Accept and Deny List.Yet another option that helps prevent spam is the Global Accept and Deny List. The options for the Global Accept and Deny List configuration are found on the Message Delivery Properties sheet's Connection Filtering tab.
The idea behind this option is that it works similarly to a blacklist /whitelist. For example, you probably have clients, customers, suppliers, consultants or someone who sends you important mail on a regular basis. Since these people routinely send you important messages, you don't want Exchange to ever flag the messages as spam. This is where the Accept and Deny list comes into play. Simply enter the person's IP address into the Accept portion of the list and mail from the person will never be flagged as spam (unless they use a different computer or have a dynamic IP address). Similarly, if you want to block all mail from a specific person, you can enter their IP address into the Deny list.
In my opinion, this is one area where Microsoft has really dropped the ball when it comes to spam filtering. Other third-party spam filtering solutions let you enter specific e-mail addresses or domains into the blacklist /whitelist. Sure, an e-mail address or domain can be spoofed by a spammer, but at least if you were to list someone on your whitelist by e-mail address, you don't have to worry about messages from the person being accidentally flagged as spam if they were to use a different computer. Additionally, some third-party antispam solutions will automatically update the whitelist any time that you send a message to someone. This guarantees that the reply to your message is never flagged as spam.
#4: Mail relaying. Mail relaying is one of those features that has received a lot of press over the last couple of years because of the way that it can be exploited by spammers. The idea is that spammers can relay mail through your Exchange organization making it look like the spam came from you. There are several problems with this. First, the world may think that you are a spammer. Second, you will probably get blacklisted, meaning that you will have trouble sending legitimate mail. Third, having spam routed through your Exchange organization means that you're being robbed of bandwidth and system resources.
However, mail relaying isn't entirely bad. There are legitimate needs for relaying mail. Fortunately, Exchange 2003 allows you to deny mail relay capabilities to spammers, while permitting mail relay to those with a legitimate need for it.
To do so, open the Exchange System Manager and navigate to Administrative Groups | your administrative group | Servers | your server | Protocols | SMTP | Default SMTP Virtual Server. Right click on the Default SMTP Virtual Server container and select the Properties command from the resulting shortcut menu. When you do this, you will see the Default SMTP Server Properties sheet. Select the properties sheet's Access tab and then click the Relay button. You will see a dialog box that allows you to explicitly assign relay access to individual users. You also have the option of allowing anyone who successfully authenticates to relay mail.
As you can see, Exchange 2003 has a lot of built-in antispam features. While these features can be used to reduce spam, they are no match for the features found in most third-party antispam products.
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, CNET, ZDNet, Tech Target, MSD2D, Relevant Technologies, and numerous other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.
Do you have a useful Exchange tip to share? Submit it to our monthly tip contest and you could win a prize and a spot in our Hall of Fame.