Spam Filtering for Microsoft Exchange Server

ORF Enterprise Edition is my spam filter of choice and has been through several generations of Exchange Server versions. The product is licensed per server so regardless of mailboxes or users you only need one license per Exchange Server. The initial year is $239 and each year after that is $99 per year. I haven’t seen any other spam filtering product for an Exchange Server that offers a better price to performance ratio. A fully functional 30 day evaluation version is available for download with no registration being required on the Vamsoft website.

The installation of ORF is straightforward so no need to show all of the screenshots.

The default location is fine.

The installation requires that the Exchange Transport service be restarted.

When the installation finishes, launch the Administration Tool.

Verify the DNS settings. It is preferable to have a minimum of two DNS servers listed.

Test the DNS settings.

I prefer to deselect the “Allow sending statistics anonymously to Vamsoft Ltd in email”.

Enable DNS caching with the following settings.

Configure the tests as shown in the image below.

Enabled the “Spamhaus ZEN” DNS blacklist and move it to the top of the list.

Enable the “Is not a Fully Qualified Domain Name (FQDN)” setting.

Change the “Tarpit Delay” to 90 seconds.

Enable the “uribl.com Blacklist” and move it to the top of the list.

Save the configuration.

Start the ORF service and you’re now filtering spam.

Over time you’ll see similar results and best of all, false positives are basically nonexistent.



ORF also includes a very useful reporting tool and log viewer.

I recommend disabling the spam filtering feature of your Antivirus product and the spam filtering features that are built into Exchange Server so if you do have an issue, there is only one product to resolve it in.

µ

2 Comments

  1. libClAify

    Nice site. 🙂

    Reply
  2. Shawn Z

    A real-time block list (RBL) is a method of stopping spammers from being able to send out large quantities of distasteful spam. A real-time block list is managed and maintained by an organization (company, non-profit, or volunteers) who track spam activity and create a list of known violators. Violations can include SMTP configurations to being caught sending spam. Once you are on their list, you can typically request removal. Some site will publish email addresses and all messages received to that email address is spam.

    When a computer connects to your Exchange server, Exchange will query the specified real-time block list. If the address is on that list, Exchange will generate an error and refuse the message. The server that was trying to send the spam is then responsible to generate a non-delivery report and send it the sender. This will eventually lock up the sending server until their open relay is detected and resolved.

    For a list of real-time block lists, please refer to the Wikipedia article:

    http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
    Setup

    The process is the same for Exchange 2008 and Exchange 2010.

    To setup a RBL, open Exchange Management Console – the GUI, and under Organization Configuration select Hub Transport. Select the Anti-Spam tab and right click IP Block List Providers selecting Properties.

    Shawn Zernik
    Internetwork Consulting

    Reply

Leave a Reply

%d bloggers like this: