Cloud Security, Privacy and Reliability...

Security, Community and a whole lot more!

Blogs

Tools for handling archived Email/SPAM generated by the IMF

  • Comments 1
  • Likes

Many of you have asked how you can check for false positives (email marked as SPAM when it is legitimate) once the Intellegent Message Filter (IMF) has processed and archived it.

The Archive folder is typically found at "program files\exchsrv\mailroot\vsi <#>\UceArchive" where <#> is the VSI number the IMF filter is configured to run on. If you haven't played around with your server too much the VSI number will be "1".

I would recommend moving this directory to a large drive because spam really accumulates over time.

To change the location of this directory, you should locate, using the Registry Editor, the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\ContentFilter

Add to this key the string value "ArchiveDir" with the name of a folder such as "E:\Archive".

Now that you can find the messages that have been saved in clear text, there are a number of tools that can help you to monitor and administer the archived emails:

IMF Archive Manager: http://www.gotdotnet.com/workspaces/workspace.aspx?id=e8728572-3a4e-425a-9b26-a3fda0d06fee

IMF Archive Manager can allow you to view the SCL rating of an e-mail so you can learn a bit about how IMF decides on blocking e-mails. Analyzing it might let you re-evaluate your IMF setting, choosing higher settings. The utility also has a report feature allowing you to e-mail an archived e-mail to an external SMTP engine.

IMF Companion: http://stoekenbroek.com/imfcompanion.htm

IMFcompanion allows administrators to view, delete, find or unblock filtered messages.It features a useful search tool (you can access it by pressing the "binocular" button) that allows you to search e-mails fields such as "To", "From", etc.

Nemx Power Tools: http://www.nemx.com/products/powertools/index.asp

Nemx Power Tools improves Exchange's Intelligent Message Filter (IMF) usability by adding the ability to control thresholds and actions on a group by group basis, override the IMF with automatic and manual white listing, categorize and move messages to different spam folders, and apply additional actions to a message. In addition, SURBL and NDR spoof detection has been added to Nemx Power Tools

Sirana SpamCenter: http://www.sirana.com/products/SpamCenter/

Messages that are identified as spam by the Exchange message filter are automatically added to a database, eliminating spam message buildup on the Exchange server. Once they are added to the database, users can securely browse their quarantined messages through SpamCenter's web interface. They can release messages that were blocked in error, eliminating the need for manual intervention by administrators. Users can also build personal Safe Sender lists and Blocked Sender lists to manage their quarantines automatically.

Enjoy!

Comments