Issue #4: Exchange Server messaging hygiene

Best Practices Guide: The 10 most common Exchange Server issues and how to avoid them -- part 4 of 10.

Messaging hygiene refers to the antivirus and antispam framework built into Microsoft Exchange Server.

Installing file system antivirus on Exchange server: The first and foremost issue in many deployments is the use of file system antivirus scanners on Exchange servers. It is extremely important to exclude Exchange Server databases, logs and checkpoint files from file system antivirus scanners. Failure to do so may result in bizarre issues that can be hard to troubleshoot. This includes, but is not limited to, mail flow problems and free/busy functionality issues.

If you make these specific changes on the file system antivirus scanner on Exchange Server, there's still a chance that the settings will change at some point. They may get manually changed by another administrator; but more often the culprit is the antivirus mother ship.

In most organizations, antivirus scanners on servers and client workstations are managed by policy on a corporate antivirus server or management console. Depending on the functionality available in the particular antivirus server or management console, Exchange servers should be grouped together and managed with a separate policy setting; or specific exclusions should be set up for each Exchange server from the console.

Failure to configure the antivirus settings from the antivirus server or console usually results in the manually configured settings on Exchange Server being overwritten. For more information, see Microsoft Knowledge Base article 823166, Overview of Exchange Server 2003 and AntiVirus Software.

The antispam part of the messaging hygiene framework in Exchange Server includes the following components:

  • Connection Filter
  • Sender Filter
  • Recipient Filter
  • Intelligent Message Filter
  • Sender ID Filter

Intelligent Message Filter: The Exchange Intelligent Message Filter (IMF) is a content-filtering mechanism that was released as a separate add-on to Exchange Server. The first version is commonly referred to as IMF "version 1." The version released with Exchange 2003 Service Pack 2 is considered IMF "version 2."

IMF version 1 is freely downloadable from the Microsoft Web site. Its main appeal lies in the fact that it comes with a very attractive price tag: $0.00. This makes it an ideal spam-fighting tool for organizations with tight budgets, particular smaller businesses.

The management component of IMF version 1 includes two GUI interfaces. The first interface can be found under Global Settings -> Message Delivery. With it, you can configure global IMF settings for the entire organization. You can set thresholds for the mail gateway -- your Internet-facing Exchange server -- with the ability to either drop, archive, or forward messages based on whether they meet a certain threshold called "Spam Confidence Level" (SCL). You can also set a store threshold, which instructs the information store to move messages above the configured SCL threshold to the Junk E-mail folder in a user's mailbox.

The second part of the IMF v1 GUI was a separate node under SMTP that lets you enable IMF on a particular SMTP virtual server.

Exchange Server 2003 Service Pack 2: Administrators not used to diligently reading the Release Notes of every product they install or use may end up installing IMF v1 on top of SP2 when they see the IMF node missing from under the SMTP node in Exchange System Manager.

Removing IMF version 1: If you were never prompted to uninstall IMF version 1 when installing SP2, or IMF version 1 was reinstalled after applying SP2, you should uninstall IMF version 1 and reinstall SP2.

If you do not see IMF version 1 in Windows' Add/Remove Programs tool, and do not remember or have access to the user account that was used to install it, reinstall IMF version 1. This will make it appear in Add/Remove Programs where it can then be successfully uninstalled.

Enabling IMF version 2: After IMF version 2 is installed as part of Exchange 2003 SP2, you will need to enable it on SMTP virtual server(s). As mentioned earlier, with IMF version 1, this was accomplished from the IMF node under SMTP. With SP2, IMF needs to be enabled from SMTP virtual server properties -> General tab -> Advanced -> selecting IP address -> Edit -> Enable Intelligent Message Filter. On the Properties page, you will also see checkboxes to enable the other filters: Connection Filter, Sender ID Filter, Recipient Filter and Sender Filter.

Where's the "whitelist"? Users and administrators who have used other antispam tools on the client or server are used to seeing a "whitelist" capability that exempts SMTP addresses or domains from antispam filtering. Exchange IMF does not have any.

At first glance, this may appear to be a huge gap in functionality. However, consider the fact that SMTP addresses and domains can be easily spoofed during an SMTP session. Thus, any whitelist that you build can lower the effectiveness of an antispam mechanism.

Nevertheless, the need to exempt communication from trusted sources like important customers, partners, et al does exist, and is a completely valid requirement. This requirement can be met by adding the sending SMTP host's IP address on the Global Accept List, which is part of the Connection Filtering feature. By inserting a host's IP address on this list, you're telling Exchange Server that you trust that host and all email delivered by it should not be subjected to messaging hygiene checks.

The final step to make this work is to enable Connection Filtering on the SMTP virtual server(s) that receive inbound Internet mail.


BEST PRACTICES GUIDE: THE 10 MOST COMMON EXCHANGE SERVER ISSUES

 Home: Introduction
 Issue #1: Exchange Server storage sizing and location
 Issue #2: SMTP virtual server and connector configuration
 Issue #3: Exchange recipient policies and Recipient Update Service
 Issue #4: Exchange Server messaging hygiene
 Issue #5: Exchange Server and DNS
 Issue #6: Front-end/back-end Exchange Server topology issues
 Issue #7: Exchange Server information stores and mailbox sizes
 Issue #8: Moving or removing Exchange servers
 Issue #9: Exchange Server backups and disaster recovery
 Issue #10: Exchange Server monitoring -- or lack thereof

ABOUT THE AUTHOR:   
Bharat Suneja, Microsoft Exchange MVP
Bharat Suneja is a Microsoft Certified Trainer (MCT), Exchange MVP, and Principal Exchange Architect for Zenprise, Inc., maker of real-time troubleshooting and diagnostics software for Exchange. Bharat Suneja has over 10 years of experience in IT, architecting and managing Exchange Server and Active Directory environments, ranging from small and mid-sized businesses and e-commerce companies to large ISPs and ASPs. An active writer and contributing editor for international IT publications such as PC Quest, Bharat was also a technical reviewer for Exchange Server 2003 24 Seven by Jim McBee. Visit Bharat Suneja's blog at www.exchangepedia.com/blog.
This was first published in February 2007
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close