1

I have a client who gets a TON of spam to their public IP.

I have put a Linux box running exim and spamassassin in front of it, and a bunch of Outlook rules to move mail into the Junk Email folder when spamassassin thought it saw spam. This worked well enough.

Now I've migrated them to Exchange 2007, is there a better way to "enforce" these Outlook rules for everyone, at the server side?

(Spamassassin works by inserting headers into incoming email. Here's some details.)

Thanks
Tom

EDIT: Title changed (as sensibly suggested) from "Spamassassin / exim in front of Exchange 2007"

tomfanning
  • 3,378
  • 7
  • 34
  • 34
  • 1
    Wouldn't this question be better titled "Can I enforce mail rules server-side in Exchange 2007?"? The question itself doesn't have anything to do with exim or spamassassin... – jj33 May 15 '09 at 15:12

2 Answers2

6

Exchange 2007 offers Message Transport rules to filter messages based on a number of conditions. One of these conditions is the HeaderContains condition which should do what you want.

To get it to send the mail to your Junk folder, you could set-up SCL to send messages over a certain threshold to the junk folder, then get the message transport rule to stamp an SCL value on the message, higher than that threshold, should that header exist.

Details of what filtering Message Transport Rules support is available here.

Details of how to enable Message Transport Rules can be found here.

Sam Cogan
  • 38,736
  • 6
  • 78
  • 114
  • Actually unmarked this as an answer for the time being - Message Transport Rules does not contain an option for moving messages to different mailbox folders. I am experimenting with SCL instead now to see if this will do the job instead... – tomfanning May 15 '09 at 15:37
  • Fair enough, have added some detail on how you could use SCL to get it to the Junk mail folder. – Sam Cogan May 15 '09 at 15:46
  • I do essentially the same thing client-side with Outlook Inbox rules. SpamAssassin flags the messages with headers and I have a rule that looks for the specific headers that SpamAssassin uses. Works great. Doing it server-side would be great for a broader client base. We're strictly Outlook so we've offloaded the rules processing to the client instead of putting the load on the server. – squillman May 16 '09 at 00:37
  • We're using Symantec Brightmail for our antispam and it plops in a header when it detects 'suspected spam'. We're using a transport rule to set the SCL to 6. This plonks such messages into Junk Email. Google keywork "x-bmifolder". The first link has good data. – sysadmin1138 May 19 '09 at 05:37
0

We have gone with a similar solution to you - configuring a box as a dedicated spam/virus filter between our Exchange box and the internet. This works wonderfully, and spares the exchange server a-lot of work, allowing it to be more responsive and handle more users than if it were doing all this work itself.

Just to give you some idea: our mail scanners see about 100,000 emails per day - but 80% of that is dropped right away, without making it to the Exchange server. Of the 20,000 that make it to Exchange, about 2,000 of those are marked as SPAM, and usually 2-5 are quarantined with viruses/malware. Our mail scanners are some of the busiest servers on our network.

There is an absolutely EXCELLENT guide for setting this up at: http://www200.pair.com/mecham/spam/spamfilter20090215.html

Brent
  • 22,857
  • 19
  • 70
  • 102