Spam filtering from inside sources – Exchange 2007
We are using exchange 2007 and we have a problem with users downloading programs that cause spam propagation on our email servers. It would be unproductive to monitor and curtail the download capabilities of the users because they often need to access the pages where the malicious content is housed. I suggested the idea of using the mail cue and scripting to shut down a given email address if the number of messages being sent from the said email address crosses a given threshold. The problem I now have is: How do I export the information from exchanges mail queue in a usable format (in real-time) without overloading the CPU of the server, giving me the capability to write the script… Or: Is there a way to get Exchange to accomplish this same process.
Software/Hardware used:
Microsoft Exchange 2007
Software/Hardware used:
Microsoft Exchange 2007
ASKED:
October 13, 2011 4:46 PM
UPDATED:
May 9, 2012 11:13 PM
RELATED QUESTIONS
Answer Wiki:
Ok. Scratch that idea. Your solution lies with Mimecast. They use an LDAP link to intercept all mail both internal and external. You are given full control as to what how when and where. Those are the basics that you needed right. The security is tighter than that of a bank. In fact banks use them. I signed up about 6 months ago and it solved my problems like crazy. Trust me on this one. The other tools that comes with are amazing. Mail wrap, remote mail and back ups are essential to any IT head. Let me know how it goes.
To see all answers submitted to the Answer Wiki: View Answer History.
Are the connections to the Exchange server done via the outlook client or are they via Direct SMTP connections….
If the latter is the case then you can restrict the HUB TRANSPORT Server to only allow Exchange and Outlook connections.
http://exchangeserverpro.com/configuring-the-exchange-server-2007-hub-transport-server
You can install Anti-Spam on the HUB TRANSPORT – this would help with part of your issue and with sender reputation you might be able to configure the automatic blocking.
http://johanveldhuis.nl/?page_id=288&lang=en
Here is how to block senders in Exchange 2007
http://exchangeserverpro.com/restricting-outbound-email-with-exchange-server-2007-transport-rules
And lastly if there is a pattern to the emails then Rules can be setup to delete / quarentine the mail
http://www.msexchange.org/tutorials/transport-rules-exchange-server-2007.html
As for how to Export the live mail – I would not know sorry.
The hosts connect to the server via client… outgoing from the server are smtp
To me it sounds like you are looking at web filtering and spam filtering as an on/off only scenario with no middle ground. On top of this, stopping malware after it starts is not a good idea. Just the fact of getting on blacklists, let alone data security can cause major issues for you.
Use a combination of web filtering that won’t prevent users from doing their job, anti-spam as Gabe9527 stated, antivirus/security measures on the workstation, and education for end users so they’re not downloading malware time and time again.
Educating end users will be surprise you on the effectiveness…