Spam filtering with Connection Filtering

Discussion in 'Windows Small Business Server' started by Gregg Hill, Jan 24, 2006.

  1. Gregg Hill

    Gregg Hill Guest

    Hello!

    On SBS 2003, is there a way to see what messages have been rejected by using
    Exchange 2003 Connection Filtering?

    Gregg Hill
     
    Gregg Hill, Jan 24, 2006
    #1
    1. Advertisements

  2. Hi Gregg,

    Thanks for using the SBS newsgroup.

    From your description, I understand that you want to know if there is a
    method can view the messages that are blocked by Exchange 2003 Connection
    Filtering. If I am off base, please don't hesitate to let me know.

    Connection filtering is a rule that the Simple Mail Transfer Protocol
    (SMTP) uses to determine whether a sending computer's Internet Protocol
    (IP) address appears on a Realtime Block List (RBL). An RBL is a database
    that is created by an entity to record potential sources of unsolicited
    commercial e-mail (UCE) or of bulk e-mail. UCE is also known as spam. Some
    of the potential sources of UCE or of bulk e-mail include e-mail servers
    that are configured as "open" relays or dial-up accounts.

    SMTP uses connection filtering to perform a Domain Name System (DNS) query
    for the IP address of the sending mail server. Exchange Server 2003 sends
    the query to the RBL provider to see whether the host record (also known as
    the A record) of the sending mail server appears in the RBL. The RBL
    provider checks its DNS records for the existence of the sending mail
    server's host record. If yes, the connection will be dropped and the
    messages will not be delivered to your server. So we can not monitor what
    messages has been blocked by connection filters. However you can enable the
    SMTP logging to record the incoming messages information, there is only
    senders' information not the mail content. You can refer to the following
    steps to enable the SMTP logging:

    1) Open the properties page of the Default SMTP Virtual Server in Exchange
    System Manager.
    2) On the General tab, check the "Enable logging" box.
    3) Click Properties, click the Advanced tab and check all the boxes on the
    list.
    4) Click OK twice.

    Go to the C:\WINDOWS\system32\LogFiles\SMTPSVC1 folder and check the log
    files.

    However this is not a easy a method to do this, I may use the IMF to filter
    messages and use the tool "IMF Archive Manager" to check the archived
    messages.

    For more information about how IMF works with Outlook 2003 built-in junk
    mail filters, please refer to the IMF Deployment Guide below (from page #4
    to #6).

    http://www.microsoft.com/downloads/details.aspx?FamilyId=B1218D8C-E8B3-48FB-
    9208-6F75707870C2&displaylang=en

    The IMF Archive Manager utility is available at:
    http://www.gotdotnet.com/workspaces/workspace.aspx?id=e8728572-3a4e-425a-9b2
    6-a3fda0d06fee

    NOTE: This response contains a reference to a third party World Wide Web
    site. Microsoft is providing this information as a convenience to you.
    Microsoft does not control these sites and has not tested any software or
    information found on these sites; therefore, Microsoft cannot make any
    representations regarding the quality, safety, or suitability of any
    software or information found there. There are inherent dangers in the use
    of any software found on the Internet, and Microsoft cautions you to make
    sure that you completely understand the risk before retrieving any software
    from the Internet.

    Hope above information helps! I am happy to be of assistance to you and
    look forward to your reply!

    Have a nice day!

    Sincerely,

    Jenny Wu
    Microsoft CSS Online Newsgroup Support
    Get Secure! - www.microsoft.com/security
    ======================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
     
    Jenny wu [MSFT], Jan 24, 2006
    #2
    1. Advertisements

  3. Gregg Hill

    Gregg Hill Guest

    Jenny,

    You understood my question perfectly and I have enabled logging on all
    checkboxes in the list. I will probably just do that for a month to make
    sure legitimate mail gets through.

    I used http://support.microsoft.com/kb/823866/en-us to set up Connection
    Filtering. I have it set to return a custom error message, per step 7 of
    that article, just in case a legitimate email gets bounced. My message is,
    "Your mail server IP address %0 is listed as a spam site and was rejected by
    the Realtime Block List provider %2. Please call your intended recipient and
    give them this exact error message." I did that so the rejected end user, if
    he/she is a legitimate sender, would call the company to let them know that
    I need to add them to the whitelist.

    When using the above settings, do the dropped connections send an actual
    NDR, or is the message it returns not considered an NDR? The reason I ask is
    that Default SMTP Virtual Server in Exchange System Manager, Messages tab,
    has a choice to send a copy of the NDR to an address. I would like to turn
    on this setting and send NDR copies to the administrator when a message gets
    blocked by RBL lookups. I will probably just do that for a month to make
    sure legitimate mail gets through.

    Thank you for your help!

    Gregg Hill





     
    Gregg Hill, Jan 24, 2006
    #3
  4. Hi Gregg,

    Thanks for your update.

    When the messages are blocked, the senders will receive NDR. If they enable
    SMTP logging, they will find the customize error message in SMTP log. And
    if the senders try to connect your exchange server using Telnet command,
    they also can receive the customize error message.

    319426 How To Configure the SMTP Connector to Link to Internet Domains in
    Exchange
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;319426

    Please let me know if you have any further question on the issue. I am
    happy to be of assistance to you!

    Have a nice day!

    Sincerely,

    Jenny Wu
    Microsoft CSS Online Newsgroup Support
    Get Secure! - www.microsoft.com/security
    ======================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
     
    Jenny wu [MSFT], Jan 25, 2006
    #4
  5. Gregg Hill

    Gregg Hill Guest

    Jenny,

    If I have SMTP logging on my server, will it show the dropped connections?
    You said it would if "they" have it turned on; do you mean the sender?

    My goal is to be able to log all dropped connections to see if any should
    have been let through.

    Gregg Hill



     
    Gregg Hill, Jan 25, 2006
    #5
  6. Gregg Hill

    Gregg Hill Guest

    Jenny,

    I just looked at my SMTP logs and I notice that the time listed for the
    connections is 8 hours ahead of the actual time here in California. Why
    would my server show the wrong time for the connections? Even when I send a
    message, the time listed is 8 hours from now. It is as though it is using
    GMT instead of PST for my time zone. Yes, my time is correct on my server
    clock.

    Gregg Hill


     
    Gregg Hill, Jan 25, 2006
    #6
  7. Hi Gregg,

    Thanks for your update.

    Based on my research, W3C Extended log file format uses midnight
    Coordinated Universal Time (Greenwich Mean Time, GMT). To resolve the
    issue, I would like to suggest you use midnight local time to make the time
    is same with the local time and date of the server.

    To use midnight local time, click to select the "Use local time for file
    naming and rollover" check box at SMTP Virtual Server->Properties->General
    tab->Properties->General Properties tab.

    And then please test the issue to see if it is resolved.

    More information:

    HOW TO: Configure Web Site Logging in Windows Server 2003
    http://support.microsoft.com/?id=324279

    How To Enable IIS Logging Site Activity in Windows 2000
    http://support.microsoft.com/kb/300390/en-us

    If the issue persists, please try to enable SMTP logging and send mails,
    then send the SMTP log to me for analyze.

    Please note: please let me know the From mail address, To mail address,
    send time and time zone.

    Have a nice day!

    Sincerely,

    Jenny Wu
    Microsoft CSS Online Newsgroup Support
    Get Secure! - www.microsoft.com/security
    ======================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    <>
     
    Jenny wu [MSFT], Jan 25, 2006
    #7
  8. Gregg Hill

    Gregg Hill Guest

    Jenny,

    I Googled "smtp logging gmt" and found that setting and it was already
    checked. That only sets local time for the creation of the file, but all the
    Google posts said that the contents of those logs will be GMT. How
    ridiculous! But I guess I am stuck with it. I can always import the logs
    into Excel and subtract 8 hours from the times.

    Gregg Hill




     
    Gregg Hill, Jan 25, 2006
    #8
  9. Hi Gregg,

    Thanks for your update.

    I have discussed the issue with my colleagues for the issue. The SMTP
    logging time actually is GMT time, we can not change it. This is by design.

    Please let me know if you have any further question on the issue. I am
    happy to be of assistance to you!

    Have a nice day!

    Sincerely,

    Jenny Wu
    Microsoft CSS Online Newsgroup Support
    Get Secure! - www.microsoft.com/security
    ======================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    <>
    <>
    <>
     
    Jenny wu [MSFT], Jan 26, 2006
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.