Wednesday, May 23, 2007

A lot of spam targeted at my Exchange server




I have seen more often these days, people asking about how to stop spammers, or make Exchange a little bit stronger for defending itself for this endless spam war. Receiving blank messages or spam makes a business valuable time and resources waste, and top of that we have to deal with angry managers and unhappy users. I have decided to put some notes together for those who need some guides in order to achieve goal of making Exchange a little bit more secure and strong.. I have already mentioned about Exchange 2007 and new Role based administration model, and how strong 64Bit Exchange is in my several previous blogs, read it here you will learn a lot and hopefully move into Exchange 2007 as soon as possible. Especially read and do research about Edge transport server and Exchange ForeFront technologies.

Goals and Objectives listed below.

  • Use IMF Microsoft Intelligent Message Filter, it is FREE
  • Use antivirus and spam software with your exchange server, I am little bias and like Trend Micro in this matter, Trend is doing great job, if you are corporate than you may want to implement hardware solution, Iron port, Barracuda, end etc.
  • Enable Sender filtering
  • Enable Filter messages with blank senders
  • Enable Drop connection if address matches filter
  • Add your own domain (whole domain into Block list) I know this will sound weird (- : This won't cause any mail interruption, even though it sounds like it, basically it will stop someone is spoofing a valid address from your company and sending message back inside your Authoritative SMTP domain and making it look like it came from inside
  • Make sure you do not have application within your network; this might break some of the applications which are relaying exchange server to send inbound or outbound e-mails (payroll, or Application server etc) They sit outside of your SMTP domain and send mail back to your SMTP domain, by using an internal SMTP address, even though they are not autherative for your SMTP Domain.
  • Enable Recipient filtering
  • Enable Filter recipients who are not in the Directory
  • Add regularly spammers either Whole domain (@smapmer.com) or single e-mail address (smapmer@spam.com) into block list
  • Download Exchange tools and RUN again your server to make sure it is secure and healthy and you followed Microsoft best practice
  • Go for Exchange 2007 if it is possible it is much stronger and secure if I compare to any other version of Exchange servers, you can eliminate third part Spam solution and even Save $$$$$$ for your company , while bringing the art of state messaging system into your organization, lower the TCO

We are almost done. A good exchange administrator should check to make sure Spam software is getting updated; as well as file signature is up to date. You don't want to wake up when your boss come to office and telling at you, what is going on I am getting a lot of spams. Prepare a good documentation of your own environment; make sure your e-mails Queues are not growing up fast. Turn on some of the basic maintenance Alerts build in exchange. Watch a lot of Webcast/Podcast Exchange 2003 and 2007 series from TechNet.

Also Visit Harold Blog Site

Best Regards

Oz Ozugurlu

4 comments:

Dean T. Uemura said...

Nicely summarized Oz! Many messaging Administrators think of some of these on their own, but haven't seen them all spelled out in a list. Keep up the great work!

Oz Ozugurlu said...

Thanks Dean, it is great to see you here on my blog

Best regards,
oz

Anonymous said...

Hi Oz!

I tried the following method.

[Add your own domain (whole domain into Block list) I know this will sound weird (- : This won't cause any mail interruption, even though it sounds like it, basically it will stop someone is spoofing a valid address from your company and sending message back inside your Authoritative SMTP domain and making it look like it came from inside]

I face the issue whereby I cannot scan documents to my malbox after i added *@mydomain.com under "Sender Filtering".

Kris said...

Any workaround for email addresses not in active directory?