Announcement

Collapse
No announcement yet.

Exchagne Server 2007 Anti-Spam Not Working

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchagne Server 2007 Anti-Spam Not Working

    Hello! This is my first time posting on this forum (first time posting on a forum asking for technical help at all actually)...

    I have searched for a similar topic before posting by the way

    I am running a SBS 2008 box with Server 2007.

    Two users in my Domain were receiving heavy amounts of spam before I adjusted the Spam Filter. I created a list of common words used in the spam e-mails and added them to the list of Custom Blocked Words. One of the users has reported much less spam but I have personally observed the other user receiving 60+ spam e-mails a day.

    The thing that has me puzzled is that the majority of spam this user is receiving contains words that are in the Custom Blocked Words filter...

    If I send the user an e-mail from my personal e-mail with words from the Custom Blocked Words (in either the subject or body) it is properly rejected and I am notified.

    How come my e-mails are blocked but the real spam is not?

    I appreciate any help or education on the subject. Thanks!

  • #2
    Re: Excahgne Server 2007 Anti-Spam Not Working

    Safe senders is the usual reason for the antispam not working correctly.
    On one of the spam email messages, open the message then look at the headers (Access to the headers varies depending on the version of Outlook). You should see something like this:

    X-MS-Exchange-Organization-SCL: 0
    X-MS-Exchange-Organization-PCL: 2
    X-MS-Exchange-Organization-Antispam-Report: DV:3.3.10603.477;OrigIP:83.222.333.444
    X-MS-Exchange-Organization-AuthSource: server.domain.local
    X-MS-Exchange-Organization-AuthAs: Anonymous

    That will give you an idea of what Exchange Antispam agents thought about it.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Excahgne Server 2007 Anti-Spam Not Working

      Thank you for your response I found it quite helpful, but I'm not sure how to decipher the headers.

      Ultimately I am wondering if this spammer is a safe sender and what adjustments I may need to make. Thanks!!

      EDIT: I'm sure I could adjust the Spam Filter to reject e-mails with a rating over 4, but this may be too restrictive and I would like to know how to effectively use a Custom Blocked Words List.

      Here are some samples: *I have replaced sensitive information with asterisks

      Received: from yourb6e1402e78 (116.126.11.115) by remote.*****.ca
      (192.168.1.2) with Microsoft SMTP Server id 8.1.240.5; Thu, 13 Oct 2011
      09:09:39 -0300
      Received: (qmail 1269 by uid 269); Thu, 13 Oct 2011 21:06:03 -0900
      From: Enlargement pils Free trial <[email protected]>
      To: <*****@*****.ca>
      Subject: Your package is set to grow
      Date: Thu, 13 Oct 2011 20:33:01 -0900
      Message-ID: <[email protected]>
      MIME-Version: 1.0
      Content-Type: multipart/alternative;
      boundary="----=_NextPart_000_0041_01CC89EC.6A64CD60"
      X-Mailer: Microsoft Office Outlook 12.0
      Thread-Index: Acjqh+j/h5SV5mjJeWYIWrfULbm0wg==
      Content-Language: en-us
      Return-Path: [email protected]
      X-MS-Exchange-Organization-PRD: yahoo.com
      X-MS-Exchange-Organization-SenderIdResult: None
      Received-SPF: None (*****.*****.local: [email protected]
      does not designate permitted sender hosts)
      X-MS-Exchange-Organization-SCL: 5
      X-MS-Exchange-Organization-PCL: 2
      X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;SID:SenderIDStatus
      None;TIME:TimeBasedFeatures;OrigIP:116.126.11.115









      Received: from system (120.56.211.253) by remote.*****.ca (192.168.1.2)
      with Microsoft SMTP Server id 8.1.240.5; Thu, 13 Oct 2011 08:57:28 -0300
      Received: (qmail 6815 by uid 815); Thu, 13 Oct 2011 17:34:23 -0530
      From: Enlargement supplement Sample <[email protected]>
      To: <*****@*****.ca>
      Subject: Make her a happy camper
      Date: Thu, 13 Oct 2011 16:43:27 -0530
      Message-ID: <[email protected]>
      MIME-Version: 1.0
      Content-Type: multipart/alternative;
      boundary="----=_NextPart_000_0059_01CC89CD.5CF346D0"
      X-Mailer: Microsoft Office Outlook 12.0
      Thread-Index: AcjqN9NgE5cCASmXWUZCDRwiQQzPyQ==
      Content-Language: en-us
      Return-Path: [email protected]
      X-MS-Exchange-Organization-PRD: northwest-wine.com
      X-MS-Exchange-Organization-SenderIdResult: None
      Received-SPF: None (*****.*****.local:
      [email protected] does not designate permitted sender hosts)
      X-MS-Exchange-Organization-SCL: 6
      X-MS-Exchange-Organization-PCL: 2
      X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;SID:SenderIDStatus
      None;TIME:TimeBasedFeatures;OrigIP:120.56.211.253








      Received: from snowg (92.81.23.1) by remote.*****.ca (192.168.1.2) with
      Microsoft SMTP Server id 8.1.240.5; Thu, 13 Oct 2011 07:18:16 -0300
      Received: (qmail 9960 by uid 960); Thu, 13 Oct 2011 13:15:30 -0200
      From: Get BIGGER with Promo <[email protected]>
      To: <*****@*****.ca>
      Subject: What really happened on the TONIGHT show
      Date: Thu, 13 Oct 2011 12:29:07 -0200
      Message-ID: <[email protected]>
      MIME-Version: 1.0
      Content-Type: multipart/alternative;
      boundary="----=_NextPart_000_0047_01CC89AA.91689E60"
      X-Mailer: Microsoft Office Outlook 12.0
      Thread-Index: AcjqFDw6Xf10ALLp/AQJ3obrNSAImA==
      Content-Language: en-us
      Return-Path: [email protected]
      X-MS-Exchange-Organization-PRD: galiciajewishmuseum.org
      X-MS-Exchange-Organization-SenderIdResult: PermError
      Received-SPF: PermError (*****.*****.local: domain of
      [email protected] used an invalid SPF mechanism)
      X-MS-Exchange-Organization-SCL: 2
      X-MS-Exchange-Organization-PCL: 2
      X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;SID:SenderIDStatus
      PermError;TIME:TimeBasedFeatures;OrigIP:92.81.23.1






      Received: from balaji (122.176.208.147) by remote.*****.ca
      (192.168.1.2) with Microsoft SMTP Server id 8.1.240.5; Wed, 12 Oct 2011
      17:42:12 -0300
      Received: (qmail 8437 by uid 437); Thu, 13 Oct 2011 02:09:22 -0530
      From: Free trial sample Men's Supplement
      <[email protected]>
      To: <*****@*****.ca>
      Subject: Your erection will become huge
      Date: Thu, 13 Oct 2011 01:43:27 -0530
      Message-ID: <[email protected]>
      MIME-Version: 1.0
      Content-Type: multipart/alternative;
      boundary="----=_NextPart_000_005B_01CC894D.83682770"
      X-Mailer: Microsoft Office Outlook 12.0
      Thread-Index: AcjnwwoNtsmcuIyiDPJ0VBBdQSOb3w==
      Content-Language: en-us
      Return-Path: [email protected]
      X-MS-Exchange-Organization-PRD: business-humanrights.org
      X-MS-Exchange-Organization-SenderIdResult: None
      Received-SPF: None (*****.*****.local:
      [email protected] does not designate permitted sender
      hosts)
      X-MS-Exchange-Organization-SCL: 5
      X-MS-Exchange-Organization-PCL: 2
      X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;SID:SenderIDStatus
      None;TIME:TimeBasedFeatures;OrigIP:122.176.208.147





      Received: from balaji (122.176.208.147) by remote.*****.ca
      (192.168.1.2) with Microsoft SMTP Server id 8.1.240.5; Wed, 12 Oct 2011
      17:42:12 -0300
      Received: (qmail 8437 by uid 437); Thu, 13 Oct 2011 02:09:22 -0530
      From: Free trial sample Men's Supplement
      <[email protected]>
      To: <*****@*****.ca>
      Subject: Your erection will become huge
      Date: Thu, 13 Oct 2011 01:43:27 -0530
      Message-ID: <[email protected]>
      MIME-Version: 1.0
      Content-Type: multipart/alternative;
      boundary="----=_NextPart_000_005B_01CC894D.83682770"
      X-Mailer: Microsoft Office Outlook 12.0
      Thread-Index: AcjnwwoNtsmcuIyiDPJ0VBBdQSOb3w==
      Content-Language: en-us
      Return-Path: [email protected]
      X-MS-Exchange-Organization-PRD: business-humanrights.org
      X-MS-Exchange-Organization-SenderIdResult: None
      Received-SPF: None (*****.*****.local:
      [email protected] does not designate permitted sender
      hosts)
      X-MS-Exchange-Organization-SCL: 5
      X-MS-Exchange-Organization-PCL: 2
      X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;SID:SenderIDStatus
      None;TIME:TimeBasedFeatures;OrigIP:122.176.208.147

      Comment


      • #4
        Re: Exchange Server 2007 Anti-Spam Not Working

        The fact that you are getting SCL and PCL values in the email message header means the antispam agents are working, it is simply that your custom word are not as the SCL value isn't being inflated.

        The first thing I would do is restart the Microsoft Exchange Transport service. That will force the updated configuration to be read and be used.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment

        Working...
        X