Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Whitelist and IMF
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
Whitelist and IMF - 17.Mar.2006 1:06:30 PM
|
|
|
dujohn
Posts: 77
Joined: 27.Sep.2003
From: United States
Status: offline
|
Is there a white list for IMF that we can control? I have emails from certain vendors that we want and IMF is blocking those emails. And i don't want to decrease the SCL rating just becuase of this.
Please help.
John
|
|
|
|
|
RE: Whitelist and IMF - 17.Mar.2006 4:36:56 PM
|
|
|
leilani
Posts: 14
Joined: 5.Oct.2005
Status: offline
|
Is this the only way to take care of this? I am having the same problems with detecting false positives but don't want to decrease the false positives. So the only way is to purchase a 3rd party application?
|
|
|
|
|
RE: Whitelist and IMF - 17.Mar.2006 5:16:23 PM
|
|
|
wklug
Posts: 8
Joined: 13.Mar.2006
Status: offline
|
The Custom Weighting Feature (CWF) can be used if you have Exchange SP2 and IMF v2. Check out this link:
http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF-v2.html
But, it doesn't allow you to actually whitelist. You can assign SCLs by scanning for particular phrases in the subject line or body of the message, but it doesn't check the sender email. Additionally, it doesn't have a very nice interface. You have to configure CWF by modifying the registry and creating an XML file. The tutorial above makes it rather simple though.
Wayne
|
|
|
|
|
RE: Whitelist and IMF - 19.Oct.2006 10:25:16 AM
|
|
|
bpannone
Posts: 2
Joined: 19.Oct.2006
Status: offline
|
I wanted a way to whitelist using IMF without also losing my ability to blacklist. If you convert the blacklist to a whitelist you lose your blacklist functionality.
To use the blacklist as a whitelist the prescribed method is as follows:
In the senders filter under Global settings->message filtering->properties->sender filtering
Add the addresses you want whitelisted.
Check the options and only the options
-Archive filtered messages
-accept messages without notifying sender
open up a command prompt and go to your mailroot folder
drive:\program files\exchsrver\Mailroot\vsi n\
Make an NTFS Junction with linkd (from Microsoft Resource Kit) or junction (from Sysinternals) with the following command
junction filter pickup
This will make a symbolic link to the directories pickup and filter. All messages filtered with the sender filter then are stored in the pickup folder and delivered to the correct inbox. I have found problems with this fix in that email from our corporate email servers would try to deliver the emails to recipients in the To: and CC: fields that were not part of our Exchange organization. And again, I lose my blacklist which I depend on for all those “double opt ins” that are hard to get rid of and very annoying. Lowering the SCL in IMF to a 1 reduced Spam to less than 1%, however the false positives were very high.
With that in mind I wanted a way to filter the UceArchive directory IMF generates as a placeholder for my SCL 1’s. I played around with a couple of command line options and finally hit upon the idea of using a whitelist to filter valid email from the UceArchive directory. The whitelist would validate email in the script which would then move that valid email from the UceArchive directory to the pickup directory. As I did not want to filter the same “Spam” in the UceArchive directory the script would also move “Spam” to a designated folder in the script. With this I had the best of all worlds.
1) I could lower the SCL to 1.
2) False positives would be resent by the script to the pickup directory.
3) I got to keep my blacklist for all those “double opt ins” we so love.
The first step is to build your whitelist as a simple text file. The script is not case sensitive and what you enter in the whitelist text file represents sub strings so be careful. For example allowing ford.com will also allow ashford.com. So if you truly mean to whitelist ford.com use @ford.com in the whitelist. As the script scans all text in the header and email you can get imaginative and use other fields such as TO:, Subject:, etc., etc.
A sample whitelist would look something like this:
.al.us
.apache.org
Next write the script and test file moves on a PC with the same ‘vsi n’ directory structure as your 2003 SP2 Exchange server.
Since the UceArchive directory cannot contain any of the script components, the script and associated sleep.exe utility must be placed outside of this directory.
WList.bat
////////////////////////////////////////////////
cd UceArchive
:Start
FOR /F "delims=" %%F IN ('FINDSTR /I /M /G:"D:\Program Files\Exchsrvr\Mailroot\vsi 1\Wlist.txt" *.eml') DO MOVE "%%F" "D:\Program Files\Exchsrvr\Mailroot\vsi 1\PickUp"
Move "D:\Program Files\Exchsrvr\Mailroot\vsi 1\UceArchive\*.eml" "D:\Program Files\Exchsrvr\Mailroot\vsi 1\BList"
"D:\Program Files\Exchsrvr\Mailroot\vsi 1\"Sleep.exe 15
Goto :Start
////////////////////////////////////////////////
Script Notes
Changes your working directory as no script components can exist in the UceArchive directory
cd UceArchive
Beginning of infinite loop
:Start
For loop with delims reads whitelist from the file Wlist.txt and then moves said email to the pickup directory if a match is found.
FOR /F "delims=" %%F IN ('FINDSTR /M /G:"D:\Program Files\Exchsrvr\Mailroot\vsi 1\Wlist.txt" *.eml') DO MOVE "%%F" "D:\Program Files\Exchsrvr\Mailroot\vsi 1\PickUp"
Any lingering email is probably Spam so move it to another folder so that it is not scanned again.
Move "D:\Program Files\Exchsrvr\Mailroot\vsi 1\UceArchive\*.eml" "D:\Program Files\Exchsrvr\Mailroot\vsi 1\BList"
Sleep for 15 seconds
"D:\Program Files\Exchsrvr\Mailroot\vsi 1\"Sleep.exe 15
Return to beginning to run again
Goto :Start
The beauty of this script is that using a For loop with delims and the /G: switch allows you to make your whitelist text file easy to maintain as the whitelist is not part of the script. sleep.exe can be found on any resource kit.
Still afraid you have blocked a legitimate email? Daryl Maunder has done an excellent job of writing a web interface to your Blist directory. Simply modify the global.asa to point to your Blist and Pickup directories.
////////////////////////////////////////////////
<script language="vbscript" runat="server">
sub Application_OnStart
Application("ArchiveDir")="D:\Program Files\ExchSrvr\mailroot\vsi 1\BList\"
Application("PickupDir")="D:\Program Files\ExchSrvr\mailroot\vsi 1\Pickup\"
end sub
</script>
////////////////////////////////////////////////
Daryl’s code can be found at:
http://hellomate.typepad.com/exchange/2004/06/imf_archive_man.html
Notes:
1) Modify the sleep seconds to meet your company’s SLA for email delivery.
2) In addition you can further filter the Blist directory by filtering on the SCL rating itself. This appears as ‘X-SCL: #’ where the # symbol is the SCL rating number. Afraid some of your 3, 4, and 5 SCL’s are not spam? Filter them out and view them with Daryl’s program.
3) This script runs quickly. In initial testing, over 1,200 emails were scanned and moved in less than 3 seconds with a whitelist consisting of about 200 line items.
4) As the server-side SCL rating cannot be lower than the Outlook-side SCL rating, lowering the rating to a 3 also lowers it on the client side if they are running Outlook 2003. This may cause some false positives on the client side. However, these quickly disappear as users approve domains and senders.
a. The best method to conquer the above is to have an Exchange 2003 SP2 server that is a gateway only.
b. The box will have no mailboxes on it
c. Configure IMF so that it is only active on the SMTP Gateway server
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
