0

is it possible to prevent the following from an exchange 2007 server instead of using macros from each outlook client:

1) prevent ALL CAPITAL subject lines lines from out

2) prevent empty subject lines from going out

3) prevent empty body text from going out

prevent subject lines from being longer than 78 characters

thanks in advanced.

Jeff
  • 1,089
  • 5
  • 26
  • 46
  • i was thinking VB scripts, not sure however – Jeff Jan 05 '11 at 16:11
  • Why would you **want** to do this? This seems like such a weird thing to want to control. – GregD Jan 05 '11 at 16:16
  • http://tools.ietf.org/html/rfc5322 – Jeff Jan 05 '11 at 16:19
  • Things that look like Spam include: Missing headers: Subject, Date, Message-id, or To; Incorrect or incorrectly formatted headers; Invalid sender header; Incorrect language and/or character set; All uppercase in headers (especially Subject); Non-ASCII characters (except within 8bit Mime); Lines which are too long (longer than 78 characters); HTML only messages (valid but possibly non-accessible); Messages bodies without any text; and Messages that look a lot like Spam (using strange spellings or words and phrases commonly used in Spam) – Jeff Jan 05 '11 at 16:20
  • @GregD im tired of trying to get the company i work for off of black lists.. – Jeff Jan 05 '11 at 16:21

2 Answers2

1

It is possible, however the most effective solution for this is not what you'd call 'admin friendly'. Exchange exposes something called Transport Agents for AV/AS systems to do their work. Once you register as one you can then modify/block messages to your heart's content, you just have to write one first.

Next up are custom written Transport Rules. It can do some of this, but the options available are limited. Regex expressions are usable in some rules but not others, and coding something up like "block any message with more than two hyperlinks" is nigh impossible.

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
  • @sysadmin1138 http://www.simple-talk.com/sysadmin/exchange/controlling-email-messages-using-exchanges-transport-rules/ is this what you ment by custom written transport rules? – Jeff Jan 05 '11 at 16:32
  • http://msexchangeteam.com/archive/2006/12/04/431755.aspx i found this about transport agents.. it seems this is more what i want to do - i know how to configure transport rules using the gui, but after viewing the different options i do not think this will work for what i am interested in – Jeff Jan 05 '11 at 16:35
  • @Jeff Yep, that's them alright. That blog is great, by the way. Inheriting from the RoutingAgent is a good way to blackhole outbound mail; redirect to an internal 'education-needed' mailbox so you can have talks with people. – sysadmin1138 Jan 05 '11 at 16:43
  • i like that idea. if it discovers this - send here so i know and go explain to them what they are doing wrong? – Jeff Jan 05 '11 at 16:44
  • @Jeff That's exactly what I mean. You can even fork the email, send a *copy* to the education-needed mailbox while still letting the mail out. Depending on what your using, your AV/AS systems might already be sophisticated enough to do that kind of processing on your outbound feed. – sysadmin1138 Jan 05 '11 at 16:52
  • the transports agents seem to do exactly what i am interested. thank you for bringing them to my attention. – Jeff Jan 05 '11 at 21:17
  • also, not sure if you have ever wrote one or not - if you have, i have a question on stackoverflow regarding the transport agent.. http://stackoverflow.com/questions/4608488/c-exchange-2007-transport-agent – Jeff Jan 05 '11 at 21:19
1

Jeff, I think you're barking at wrong tree. Things for you to consider:

  1. Your users aren't most likely the cause of spam in your company. If they are it will be easier to just tell them not to send out emails with stuff that is prohibited (something that internal regulations can fix).
  2. You're getting on spam lists most likely due to your employees having a viruses on their computers which are most likely sending out a large amounts of spam and it's visible in the internet as if they were comming from your mail server (which most likely has the same external IP address as your computers going to internet).

Things you should do to stop spam getting out of your network:

  1. Block on firewall port 25 for users (so they are not allowed to use it at any point to send out any emails). Just leave it open for your server. This will stop all spam messages getting out of your network that would be used by viruses on your users computers.
  2. Clean your users computers and install decent antivirus
  3. Verify with mxtoolbox.com that your server isn't open relay
  4. Get a decent anti-spam system for your Exchange (Policy Patrol is good and easy to use) which could be configured to actually check your own emails that are getting sent outside for spam, although it's not something i would recommend. But it' good for not getting spam/viruses to arrive to your mailboxes so your employees are less likely to get virus.
  5. Make sure your servers are clean of viruses. There are many ways to do that. You could monitor network traffic on those (non-exchange) servers with netstat to see if anything is happening on port 25. If it does then you should surely look for viruses on that box.
MadBoy
  • 3,725
  • 15
  • 63
  • 94
  • appreciate your response. however your wrong on a few things.. every machine in my company has its local av. incoming mail is filtered through a mcafee cloud system, then delivered to our local exchange server. on mxtoolbox my server is not an open relay. – Jeff Jan 05 '11 at 16:39
  • we use a 3rd party company to send out mass emails, for some reason we where footprinting by a company called cloudmark, phone numbers from our mass emails and a few other things where flagged as spammers – Jeff Jan 05 '11 at 16:40
  • currently, our exchange server uses our ISPs mail server as a smtp connector for sending email, there server uses cloudmark to block messages on there end. whenever there servers spam software picks up the cloudmark footprint, it drops our email without giving us warning – Jeff Jan 05 '11 at 16:41
  • I see, then maybe an SPF record for your domain could do it? – MadBoy Jan 05 '11 at 16:41
  • at this point, we dont even get notified the message was blocked. we have no idea until a customer reports that no email has been received. im no email admin, but i am being pushed to fix this (im a developer actually...) i have a check list of things i want to do before we send mail directly from our server. – Jeff Jan 05 '11 at 16:42
  • im in the midst of setting up an SPF record - i dont control the dns for the domain itself, so i am waiting to hear back from that admin – Jeff Jan 05 '11 at 16:43
  • I'm not sure where the problem is? If your mass mailing company is not using your server to do it you shouldn't be marked as sending spam. If they are using your domain then adding and SPF record will make the mass mailing company real pain as everything they will send as your domain will be marked as spam. I do believe that you should block 25th port on router anyway for internal users. – MadBoy Jan 05 '11 at 16:48
  • I share your confusion... The mass mailing company uses a completely different server with IP... the way it was explained to me: cloudmark footprinted phone numbers and keywords from our mass mails, and added us to there black list. I cant get in contact with this company for my life. And the server than we use as a connector (ISP) uses cloudmark as front end protection, dropping our messages as soon as they reach there server with no alert. The plan is to send internal mail directly from our exchange, and take the ISP out of the loop completely.. I have no experience and dont want a disaster. – Jeff Jan 05 '11 at 16:51
  • an example of why they drop the message: our signatures include a phone number that was footprinted by cloud mark. now i could just remove all signatures, which i have, but i dont want to keep doing this all time.. – Jeff Jan 05 '11 at 16:52
  • So you get marked only by one company? What does mxtoolbox and their blacklist checking say? – MadBoy Jan 05 '11 at 17:02
  • im clean on mxtoolbox, as far as I know it is only one company. and by some random freak occurring our ISPs mail server uses this company full force.. – Jeff Jan 05 '11 at 17:05
  • Contact your ISP and try getting your server whitelisted? – MadBoy Jan 05 '11 at 17:08
  • isp told us to send our own email.. – Jeff Jan 05 '11 at 17:23
  • What you mean by to send your own email? – MadBoy Jan 05 '11 at 17:42
  • Also basically having this knowledge now it means your rules creation won't fix anything. You have to deal with mass spamming err.. mass mail. Maybe use different phone numbers / email addresses for such stuff. – MadBoy Jan 05 '11 at 17:45
  • sorry it took so long to get back - i know that this is going to thrawt spam. its a protection measure to help protect my internal exchange server from future problems.. once we do start sending mail directly from our server instead of relaying through the ISP – Jeff Jan 05 '11 at 18:42
  • @MadBoy, i know this is an older threat. wanted to let you know, i did learn how to setup what i was interested in using the transport agents, however i didnt implement them. i set up spf, along with alot of other thigns & am still in the process of being white listed and doing a clean up of all mail lists. things seem to be working smoothly, thanks for your help! – Jeff Feb 05 '11 at 21:47
  • Great. Hope everything is good now. – MadBoy Feb 06 '11 at 09:21