Spam filtering from inside sources – Exchange 2007

20 pts.
Tags:
Exchange 2007
Exchange spam filters
Mail Queue oriented
Spam control
We are using exchange 2007 and we have a problem with users downloading programs that cause spam propagation on our email servers. It would be unproductive to monitor and curtail the download capabilities of the users because they often need to access the pages where the malicious content is housed. I suggested the idea of using the mail cue and scripting to shut down a given email address if the number of messages being sent from the said email address crosses a given threshold. The problem I now have is: How do I export the information from exchanges mail queue in a usable format (in real-time) without overloading the CPU of the server, giving me the capability to write the script… Or: Is there a way to get Exchange to accomplish this same process.

Software/Hardware used:
Microsoft Exchange 2007

Answer Wiki

Thanks. We'll let you know when a new response is added.

Ok. Scratch that idea. Your solution lies with Mimecast. They use an LDAP link to intercept all mail both internal and external. You are given full control as to what how when and where. Those are the basics that you needed right. The security is tighter than that of a bank. In fact banks use them. I signed up about 6 months ago and it solved my problems like crazy. Trust me on this one. The other tools that comes with are amazing. Mail wrap, remote mail and back ups are essential to any IT head. Let me know how it goes.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Gabe9527
    Are the connections to the Exchange server done via the outlook client or are they via Direct SMTP connections.... If the latter is the case then you can restrict the HUB TRANSPORT Server to only allow Exchange and Outlook connections. http://exchangeserverpro.com/configuring-the-exchange-server-2007-hub-transport-server You can install Anti-Spam on the HUB TRANSPORT - this would help with part of your issue and with sender reputation you might be able to configure the automatic blocking. http://johanveldhuis.nl/?page_id=288&lang=en Here is how to block senders in Exchange 2007 http://exchangeserverpro.com/restricting-outbound-email-with-exchange-server-2007-transport-rules And lastly if there is a pattern to the emails then Rules can be setup to delete / quarentine the mail http://www.msexchange.org/tutorials/transport-rules-exchange-server-2007.html
    10,935 pointsBadges:
    report
  • Gabe9527
    As for how to Export the live mail - I would not know sorry.
    10,935 pointsBadges:
    report
  • Qdogg111
    The hosts connect to the server via client... outgoing from the server are smtp
    20 pointsBadges:
    report
  • KFaganJr
    To me it sounds like you are looking at web filtering and spam filtering as an on/off only scenario with no middle ground. On top of this, stopping malware after it starts is not a good idea. Just the fact of getting on blacklists, let alone data security can cause major issues for you. Use a combination of web filtering that won't prevent users from doing their job, anti-spam as Gabe9527 stated, antivirus/security measures on the workstation, and education for end users so they're not downloading malware time and time again. Educating end users will be surprise you on the effectiveness...
    1,355 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following