Exchange 2003 IMF – How & White Listing

The IMF, Intelligent Message Filter, is an enhancement to Exchange which is installed with Exchange 2003 SP2.  The goal of the IMF is to filter mail it believes is UCE (unsolicited commercial email) aka SPAM.  The way it does this is by assigning numbers to the email messages based upon definitions which can be updated regularly (through WSUS or MU).  The scale ranges from ‘-1’ through ‘9’ where ‘9’ is very highly likely SPAM and ‘-1’ is mail that originated within the domain itself.  Later those numbers coupled with configurable rules sort mail to go to the Junk folder, get delivered to the Inbox, or get Archived-Deleted-or Bounced at the most sever rule level.

Well what if you want to make certain the mail from a specific sender never ever gets filtered as UCE by IMF?  You have a very important partner, vendor or person you must never have filtered.  How can you white list IMF in other words?  Here’s an answer to exactly this question. Within it is a nice graphic showing all the filtering layers and stages Exchange goes through as it intakes mail and routes it to a mailbox.

Yes … well this isn’t a simple as you might like it to be such as merely putting an email address in a list in some UI for instance.

To understand what you need to do you need to understand where you need to do.  What do I mean by this bad grammatical expression?  IMF (and Exchange filtering as a whole) has multiple checkpoints in which mail goes to Junk, gets the Gateway Blocking Configuration’s action, or passes to the mailbox Inbox.

On the Exchange System Manager you can configure IP addresses to be accepted under the Global Accept UI under Connection Filtering (Global Settings-> Message Delivery).  This though is like providing a copy of the office key to the entire staff rather than just to the manager.  At the Outlook level you can add the individual’s address to the safe sender’s list but this will only apply if the message gets through the Gateway IMF check to then be routed to this secondary check.

To get the IP address of a MX record for a mail server use this handy tool:  http://www.mxtoolbox.com/index.aspx

If you would like a diagram that explains IMF routing and checks here you go:

image001

the above with the above drastic white listing technique implemented

image

Found it in this Microsoft downloadable document:

Additionally I found this useful article which covers the full spectrum of mail filtering on SBS/Exchange 2003 as it applies to SPAM:  http://www.msexchange.org/tutorials/Microsoft-Small-Business-Server-2003-Spam-Filtering.html

I suspect GFI Mail Essentials has a toe in these waters as well.  In fact they do, and MVP Daniel Petri writes about this:  http://www.petri.co.il/gfi_mailessentials.htm He likewise writes about IMF in a nice overview with loads of helpful links:  http://www.petri.co.il/block_spam_with_exchange2003_imf.htm

Plus I found this third party add on which does domain friendly white listing:  http://www.nemx.com/products/SecurExchange/HowTo/ExchangeIMFWhiteList.html

Here’s a consultant’s description of how this guy implemented an IMF white list: http://www.petri.co.il/forums/showthread.php?t=16548

*****anti-SPAM related posts*****

Exchange 2003 sp2 and greylisting issue

Greylisting for Exchange 2003 (2007 too)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s