No announcement yet.

Filter email on inet header

  • Filter
  • Time
  • Show
Clear All
new posts

  • Filter email on inet header

    Any recommendations on an AV package that will filter on the content of the Inet header of each inbound email? I am trying to solve for a couple of problems:

    First, my customer has a spam filtering service that is tagging messages with a spam score before forwarding them to us. The tag is ssssss and greater s 'es. I can use an outlook 2003 rule to catch these, but would rather do it at the Exchange level before they hit anyone's mailbox. Also, no way to add the rule globally that I know of without a 3rd party add-on.

    Second, and really more serious, problem:
    This Exchange server is having its supply of mapi named properties exhausted. Basically, if you are unfamiliar with this gem, you get 32,000 or so named properties in an Exchange db. Every time someone sends an email in that has something like this in the inet header...
    x: <some kind of random garbage> takes up one of those properties.
    Here is a detailed explanation of the problem:

    The drip of spam is taking up about 300 properties a day, give or take. It is amounting to a slow motion DOS attack.

    After working on these for a while, I think what I need is a product that has a killer filter before messages hit the exchange server. Currently, I'm using Trend Micro Messaging Security Agent and have had a ticket open for the first issue, they haven't been forthcoming with a way to filter for the ssssss tag let alone the other stuff.

    Any ideas on a product or way to filter on ssssss and/or the malicious x: entries?

  • #2
    Re: Filter email on inet header

    Solution: we started dropping spam at the firewall - Fortinet walked me through a way to filter on the tag. The use of named properties has dropped to an acceptable level.