Exchange Server can communicate with other SMTP servers in one of two ways: via authenticated connections or anonymous...
Anonymous SMTP connections are how servers from the outside world talk to your front-end Exchange server (or whatever server you have handling external SMTP connections). They don't require any credentials. So, in theory, anyone can connect and send email.
Authenticated SMTP connections happen when another server provides credentials that the recipient server recognizes as valid, or when that other server is on a list of known-good servers validated by IP address.
Note that reverse DNS lookups or mechanisms like Sender Permitted From (SPF) aren't considered part of this picture; an Exchange server could use them, but they still wouldn't be considered authenticated connections by the above definition.
Normally, the Exchange Server Intelligent Message Filter (IMF) only runs on anonymous SMTP connections. This is because, most e-mail that needs to be filtered in this fashion will be passed through an anonymous connection, and most of the screening that needs to take place will happen immediately.
Sometimes, though, your network topology or email screening logistics won't allow this. If so, you may want to set IMF to run on authenticated SMTP connections between servers in your local Microsoft Exchange organization. For instance, if you're presorting email -- regardless of its validity as spam -- and want to perform spam-checking deeper within your organization, you could use this function.
To force the IMF to add spam confidence level (SCL) ratings to all messages sent through authenticated connections, open the registry on each Exchange server machine performing IMF filtering and navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\ContentFilter.
Within this key, create a new DWORD value named CheckAuthSessions, and set it to 1.
About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter.
Do you have comments on this tip? Let us know.
Related information from SearchExchange.com: