• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

IMF abuse sender filter as whitelist

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2003] >> General >> IMF abuse sender filter as whitelist Page: [1]
Login
Message << Older Topic   Newer Topic >>
IMF abuse sender filter as whitelist - 17.Jan.2006 5:54:31 PM   
little_peet

 

Posts: 15
Joined: 17.Jan.2006
Status: offline
Ok i don't know if anybody finds this usefull and i am taking no responsibility for this. But since a lot of questions are on the net asking for a whitelist solution for Inteligent message filter. here it goes.

If you use this it disables the senders block functionality, but since i wasn't using that i abused it for a while.

In the senders filter under Global settings->message filtering->properties->sender filtering

Add the addresses you want to get white listed.

Check the options and only the options
-Archive filtered messages
-accept messages without notifing sender

open up a command prompt and go to your mailroot folder
drive:\program files\exchsrver\Mailroot\vsi n\

make a ntfs juntion with linkd (from microsoft resource kit) or junction (from sysinternals) with the following command

junction filter pickup

This will make a symbolic link to the dir pickup named filter. All messages filtered with the sender filter then are stored in the pickup folder and delivered to the correct inbox.

For every body out there, only try if you know what you are doing, because this can throw emails in a blackhole.
Ones configured test it for a good time on a none mission critical email box.
Post #: 1
RE: IMF abuse sender filter as whitelist - 17.Jan.2006 6:59:30 PM   
Henrik Walther

 

Posts: 6928
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline
Great tip little_peet
 
I'll include it in the new upcoming MSExchange.org newsletter


_____________________________

HTH
Henrik Walther
Lead Moderator/author
MSExchange.org

Follow me on Twitter!

(in reply to little_peet)
Post #: 2
RE: IMF abuse sender filter as whitelist - 18.Jan.2006 11:14:32 AM   
little_peet

 

Posts: 15
Joined: 17.Jan.2006
Status: offline
maybe for the people that don't like the idea of ntfs junctions by sheduling a script on a certain interval moving all files from the filter directory to the pickup dir is an extra option. It will have a bit more overhead on the server, but if it is for a few emails a day that get white listed it is certainly an option

(in reply to Henrik Walther)
Post #: 3
RE: IMF abuse sender filter as whitelist - 21.Mar.2006 4:21:41 PM   
KenEvans

 

Posts: 1
Joined: 21.Mar.2006
Status: offline
excellent, that was extremely useful. i went the batch file route, something like:

move "C:\Program Files\Exchsrvr\Mailroot\vsi 1\Filter\*.tmp" "C:\Program Files\Exchsrvr\Mailroot\vsi 1\PickUp"

every ten minutes or so.

Ken Evans

(in reply to little_peet)
Post #: 4
RE: IMF abuse sender filter as whitelist - 22.Mar.2006 1:49:05 AM   
Xguru

 

Posts: 287
Joined: 14.Feb.2006
Status: offline
Very nice dude..... aweasome solution to whitelist messages filtered by IMF.

XGURU

(in reply to KenEvans)
Post #: 5
RE: IMF abuse sender filter as whitelist - 24.Jan.2007 2:40:20 PM   
JonFleming

 

Posts: 5
Joined: 24.Jan.2007
Status: offline
Hi, all. I've inherited administration of an SBS 2003 server; I don't know enough about what I'm doing, but I'm learning fast. We're using IMF as the first anti-spam defense and GFI MailEssentials as the second. Several users have complained that they are not getting important emails, and several have complained that too much is getting through IMF. So I implemented the solution listed above, with a batch file running every ten minutes to move messages to the pickup directory. Works fine, but ...

There's a problem with a "mailing list" that one user is on to keep track of kid's carpools. I don't know how this mailing list is implemented; I suspect that it's just one person with a distribution list in Outlook Express. What happens is that, when a message is sent to the list, everyone on the list is getting the message several times. All but the first are from my server, and the frequency of duplicates exactly matches the 10-minute frequency of my batch file. It appears that Exchange is picking up the message and delivering it to my user and to everyone else on the list, or something equivalent. Lord only knows what stops the cycle eventually. Here'a a sample of headers from a duplicated message (my server is MyDomain.com):

From:   User2@Domain2.com
Subject: Re: carpool help
Date: January 23, 2007 9:54:49 PM EST
To: User1@domain1.org
Reply-To: User1@domain1.org, User1@domain1.org, User1@domain1.org,
       User1@domain1.org, User1@domain1.org
Return-Path: <User1@domain1.org>
Return-Path: User2@Domain2.com
Received: from User1@domain1.org by somewhere.com (CommuniGate Pro GROUP 4.1.8)
       with GROUP id 1767182; Tue, 23 Jan 2007 21:30:01 -0600
Received: from [216.153.217.221] (HELO MyDomain.com) by somewhere.com
       (CommuniGate Pro SMTP 4.1.8) with ESMTP id 1767176 for
       User1@domain1.org; Tue, 23 Jan 2007 21:30:01 -0600
Received: from mail pickup service by MyDomain.com with Microsoft
       SMTPSVC; Tue, 23 Jan 2007 22:30:00 -0500
Received: from somewhere.com ([69.13.146.22]) by MyDomain.com with
       Microsoft SMTPSVC(6.0.3790.1830); Tue, 23 Jan 2007 22:20:01 -0500
Received: from User1@domain1.org by somewhere.com (CommuniGate Pro GROUP 4.1.8)
       with GROUP id 1767163; Tue, 23 Jan 2007 21:20:01 -0600
Received: from [216.153.217.221] (HELO MyDomain.com) by somewhere.com 
       CommuniGate Pro SMTP 4.1.8) with ESMTP id 1767160 for
       User1@domain1.org; Tue, 23 Jan 2007 21:20:01 -0600
Received: from mail pickup service by MyDomain.com with Microsoft
       SMTPSVC; Tue, 23 Jan 2007 22:20:00 -0500
Received: from somewhere.com ([69.13.146.22]) by MyDomain.com with
       Microsoft SMTPSVC(6.0.3790.1830); Tue, 23 Jan 2007 22:10:01 -0500
Received: from User1@domain1.org by somewhere.com (CommuniGate Pro GROUP 4.1.8)
       with GROUP id 1767140; Tue, 23 Jan 2007 21:10:00 -0600
Received: from [216.153.217.221] (HELO MyDomain.com) by somewhere.com
       (CommuniGate Pro SMTP 4.1.8) with ESMTP id 1767139 for
       User1@domain1.org; Tue, 23 Jan 2007 21:10:00 -0600
Received: from mail pickup service by MyDomain.com with Microsoft
       SMTPSVC; Tue, 23 Jan 2007 22:10:00 -0500
Received: from somewhere.com ([69.13.146.22]) by MyDomain.com with
       Microsoft SMTPSVC(6.0.3790.1830); Tue, 23 Jan 2007 22:00:04 -0500
Received: from User1@domain1.org by somewhere.com (CommuniGate Pro GROUP 4.1.8)
       with GROUP id 1767108; Tue, 23 Jan 2007 21:00:04 -0600
Received: from [216.153.217.221] (HELO MyDomain.com) by somewhere.com
        (CommuniGate Pro SMTP 4.1.8) with ESMTP id 1767112 for
        User1@domain1.org; Tue, 23 Jan 2007 21:00:04 -0600
Received: from mail pickup service by MyDomain.com with Microsoft
       SMTPSVC; Tue, 23 Jan 2007 22:00:00 -0500
Received: from somewhere.com ([69.13.146.22]) by MyDomain.com with
       Microsoft SMTPSVC(6.0.3790.1830); Tue, 23 Jan 2007 21:55:45 -0500
Received: from User1@domain1.org by somewhere.com (CommuniGate Pro GROUP 4.1.8)
       with GROUP id 1767107; Tue, 23 Jan 2007 20:55:44 -0600
Received: from sccrmhc14.comcast.net ([204.127.200.84] verified)
       by somewhere.com (CommuniGate Pro SMTP 4.1.8) with ESMTP id
       1767106 for User1@domain1.org; Tue, 23 Jan 2007 20:55:44 -0600
Received: from User21 (c-71-192-98-38.hsd1.ma.comcast.net[71.192.98.38])
       by comcast.net (sccrmhc14) with SMTP id <2007012402554401400hetp2e>;
       Wed, 24 Jan 2007 02:55:44 +0000
Message-Id: <004a01c73f63$03b7d540$6501a8c0@User21>
References: <000e01c73f1e$aa95eef0$bb01a8c0@toshibauser>
       <003101c73f2e$3660d670$0200a8c0@OFFICE>
       <EAE97F91-8C04-4588-8747-7FDBBBF84F9F@domain1.org>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0047_01C73F39.1AC1C220"
X-Priority: 3
X-Msmail-Priority:    Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3028
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.3028
X-Originalarrivaltime: 24 Jan 2007 02:55:45.0395 (UTC) FILETIME=[24BBD430:01C73F63]


Is there anything I can do about this, or do I have to just junk IMF and go with some other third-party solution? TIA.

< Message edited by JonFleming -- 24.Jan.2007 2:52:23 PM >

(in reply to little_peet)
Post #: 6
RE: IMF abuse sender filter as whitelist - 24.Jan.2007 2:46:25 PM   
JonFleming

 

Posts: 5
Joined: 24.Jan.2007
Status: offline
Wow. That is one messed-up display.

(in reply to JonFleming)
Post #: 7
RE: IMF abuse sender filter as whitelist - 2.Feb.2007 12:20:45 PM   
BillGates138

 

Posts: 1
Joined: 2.Feb.2007
Status: offline
I have implemented this change and there are some caveats.

One of them is where I have a user in my domain that is forwarding email from his home account. When mail is sent to his home account, it gets to our system and loops. The reason is that when the message is forwarded by his ISP, it is not using a regular forward. It essentially moves the message to my server. My servers sees it and realizes that the ISP mail is forwarded back and Exchange identifies it as a loop.

The second problem I have seen is for a reason I still can't figure out, some ISP's get duplicate emails from users in my domain. This only happens if the external email is being whitelisted by me (I whitelist their domain) and a user from my domain sends them an email. The filter picks it up and for some reason delivers 2 copies of the email. I actually see 2 copies being sent out from exchange at the exact same time.

(in reply to JonFleming)
Post #: 8
RE: IMF abuse sender filter as whitelist - 3.Feb.2007 8:24:49 AM   
JonFleming

 

Posts: 5
Joined: 24.Jan.2007
Status: offline
Yeah, it apears that it just doesn't work right for some things. I see indications that having the user add the email address to their Safe Senders list in Outlook works (of course, only for that particular user). I'm going ot try that soon.

(in reply to BillGates138)
Post #: 9
RE: IMF abuse sender filter as whitelist - 29.Mar.2007 5:06:22 AM   
ooseven

 

Posts: 2
Joined: 29.Mar.2007
Status: offline
After trying this and experiencing the same result, a little bit of investigation has shown that the reason why it is being delivered more than once as the 'x-sender' and 'x-receiver' information in the message envelope is being stripped out when you use the black list as a white list. So it will deliver to the 'To: ' and 'From: ' fields within the SMTP message. This is potentially not the same and causes confusion with many exchange and other linux mail servers.

I would suggest using IMF Companion http://www.stoekenbroek.com/imfcompanion/ and their new whitelist feature for delivering mail that needs to be whitelist. I find that this works well for most situations.

(in reply to JonFleming)
Post #: 10
RE: IMF abuse sender filter as whitelist - 29.Mar.2007 9:44:25 AM   
JonFleming

 

Posts: 5
Joined: 24.Jan.2007
Status: offline
Interesting.  I have been using IMF Companion but didn't realize it has a whitelist.  I'll have to try that out.  Thanks.

(in reply to ooseven)
Post #: 11
RE: IMF abuse sender filter as whitelist - 29.Mar.2007 10:03:45 AM   
ooseven

 

Posts: 2
Joined: 29.Mar.2007
Status: offline
Haven't tested it fully myself, but if the program is running and minimised, it refreshes automatically and delivers what has been whitelisted.

(in reply to JonFleming)
Post #: 12

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2003] >> General >> IMF abuse sender filter as whitelist Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter