The Hidden Power of Sender and Recipient Filtering

Amit Zinman photo
Filtering in Exchange 2003 can be a powerful tool in the right hands. It can help you to protect your mail server, especially in a single server or branch scenario when no mail relay is provided and ease the load off your regular anti virus and anti spam packages if it is used right.

The mail filtering capabilities in Exchange 2003 are often overlooked, especially for companies who bought more snazzy anti-spam packages and think nothing much of the seemingly rudimentary options provided by Exchange 2003. However, using these options can help ease the load off your server and possibly your anti-virus and anti-spam packages if used wisely because the Sender and Recipient Filtering options can drop connections for Exchange 2003. This means that connections made by the server trying to deliver the mail item is blocked by the SMTP engine. This is faster and more efficient than evaluating the mail after it is received and already in the mail queue.

Sender Filtering

Creation of the sender filter is done by using the Sender Filtering tab in the Message Delivery Properties dialog box in Global Settings.

These are the recommended settings and will ensure that connections are dropped for mails with blank senders and the manually specified senders.

You can specify asterisk ("*") wildcard in the senders e-mail address to block e-mail from a whole domain. For example, *@spamspam.com will block all e-mail from spamspam.com.

Let''s consider another scenario. You suspect someone is sending e-mails to a spy within your company and you want to intercept these mails before they hit the spy''s mailbox, and still be able to read them.

To be able to do this, configure Sender Filtering as follows:

This will cause messages from the specified send to go to the filter directory under the mail root SMTP virtual server directory.

You can open the file using notepad to view the mail item contents. If you change extension to "EML" it will also open in Outlook Express, allowing you to view HTML content.

This option also exists in Exchange 2000 where it is simply called "Filtering".

Recipient Filtering

Creation of the recipient filter is done by using the Recipient Filtering tab in the Message Delivery Properties dialog box.

As you know archiving options are available for recipient filtering.

The "Filter recipients who are not in the Directory" option, not enabled by default is the single most overlooked important setting. It allows you to fight dictionary and other SPAM attacks. Spammers send mail to users they hope exist in your domain, sometimes hoping to learn if they exist by reading NDRs generated by Exchange, and sometimes just sending to common names, or running through a dictionary of names.

Let''s evaluate such a scenario. A virus hits one of your customers' computers. The virus opens a contact for a user in your domain. It starts viruses to users in your domain by using names and the first letter of the alphabet. So, you're now getting a lot of e-mails containing a virus sent to "johna", "johnb", "johnc", etc.

If you filter out recipients that are not in the directory then your antivirus engine does not have to handle all these messages. Instead, it only has to handle messages actually addressed to people in your organization, thus, lowering the CPU and disk space use required by your Antivirus package.

Enabling Filtering

When you change the filtering settings in Exchange 2003 you might notice the following message:

This message appears because filtering is disabled by default the SMTP virtual server. To enable it, using Exchange System Manger expand Servers, expand the server that you want, expand Protocols, and then expand SMTP. Right-click the SMTP virtual server on which you want to apply the filter, and then click Properties. In  the SMTP Virtual Server Properties, on the General tab, click Advanced.

Conclusion

Filtering in Exchange 2003 can be a powerful tool in the right hands. It can help you to protect your mail server, especially in a single server or branch scenario when no mail relay is provided and ease the load off your regular anti virus and anti spam packages if it is used right.

About Amit Zinman

Amit Zinman photo Currently working as Project Manager and Systems Consultant, heading and consulting on Exchange and NT/Windows 2000 based migrations and deployments for large companies such as Checkpoint, Comverse, Smarteam, Nice, Aladdin and leading Israeli Banks, Also involved in writing scripts and custom solutions for clients based on ADSI, CDO and Visual Basic and teaching Windows 2000 and Exchange 2000 in MSCE colleges and lecturing in Microsoft User Groups.

Click here for Amit Zinman's section.

Share this article

Receive all the latest articles by email!

Get all articles delivered directly to your mailbox as and when they are released on MSExchange.org! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update. Sign up to the MSExchange.org Monthly Newsletter, written by Exchange MVP Henrik Walther, containing news, the hottest tips, Exchange links of the month and much more. Subscribe today and don't miss a thing!



Receive all the latest articles by email!

Receive Real-Time & Monthly MSExchange.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an MSExchange.org member!

Discuss your Exchange Server issues with thousands of other Exchange experts. Click here to join!

Solution Center

Readers' Choice

Which is your preferred Exchange Server Mail Archiving software solution?