Configuring the Exchange Intelligent Message Filter

  • Article

 

Applies to: Microsoft Antigen

Microsoft® Exchange Server 2003 includes a built-in spam-fighting tool called the Intelligent Message Filter (IMF). This filter uses sophisticated technologies to evaluate e-mail to determine whether it is spam. IMF can be used in conjunction with Antigen Spam Manager to provide another layer of spam detection. (Note that you must be running an Exchange 2003 server; a Windows SMTP server does not include IMF functionality.)

IMF works by assigning a Spam Confidence Level (SCL rating) to each message. Message ratings range from 0 to 9, with 0 being the least likely to be spam and 9, the most likely. Generally, anything rated 7 or higher is very likely to be spam, although this may vary in any given environment.

You can decide how the system will handle e-mail messages based on the SCL rating. There are two levels of settings. One level will delete and potentially archive the message; the next level will send it to the end user’s Junk E-Mail folder. Consult the Exchange Server documentation for specifics about these features.

To configure IMF on Exchange

  1. Select your IMF global settings.

    1. In the Exchange System Manager, expand the Global Settings node. Right-click Message Delivery, and then select Properties.

    2. In the Message Delivery Properties dialog box, click the Intelligent Message Filtering tab.
      7593a80e-d2b3-44c6-b569-cbea675d847a

    3. Select your blocking levels and blocking behavior.

    4. For an even higher level of detection, and fewer false positives, it is recommended that you turn on the Sender ID Filtering (this feature was added in Exchange Server 2003, SP2). Even if your organization does not provide the Sender ID in its DNS records, this option can help the Intelligent Message Filter make better antispam decisions. To turn on this feature, click the Sender ID Filtering tab, and then click Accept. This will not block any message that fails the Sender ID filter, but it will use the Sender ID information as part of the IMF calculation process.

      Note

      There are special considerations when using Sender ID on a server that is not directly connected to the Internet. Click Help on the Sender ID tab for more details.

    5. Click OK.

  2. Activate these settings on each Exchange SMTP Virtual Server.

    1. From within the Exchange System Manager, expand the Servers node, and then select the server name. Expand the Protocols node, and then expand the SMTP node. Right-click your first SMTP Virtual Server, and then click Properties.
    2. On the General tab, click Advanced.
    3. For each IP address listed, click Edit. In the Identification dialog box, click Apply Intelligent Message Filter, and, optionally, Apply Sender ID Filter. Click OK to save your changes. You must do this for each IP address and SMTP Virtual Server.
      a99172d5-135c-4e9d-9237-5825c26cf07f

Note

The IMF filter is updated every first and third Wednesday through Microsoft Update and Automatic Updates technologies. These updates provide new rules to detect the latest spam. For the best protection, make sure that you update IMF as soon as possible after the release of a new filter update.
On a server that is running both IMF and Antigen Spam Manager (ASM), the IMF filter will scan messages before the ASM filter does. If you are deleting or archiving messages, anything that IMF blocks will not go on to be scanned by Antigen Spam Manager. If you are using the SCL rating to deliver spam messages to the user Junk E-Mail folder, then Antigen Spam Manager will also scan the messages.

For more information about IMF, see the IMF Operations Guide.