Use ISA Server and Exchange 2000 to control email
Content management is a broader concept than antivirus scanning. The term includes managing the flow of email content between and within organizations. For example, content-management software lets you screen email messages for sexist, racist, or obscene language that violates your company policy. Such software also can alert you when messages or attachments contain proprietary information that you don't want to leave your company. In addition, content-management methods can protect your organization from spam.
In "Managing Your Email Content, Part 1," June 2001, I discuss content management in Exchange Server 5.5, vendors' add-in applications, and a content-management scenario. In this article, I look at
- Exchange 2000 Server's native content-management functionality
- updates to the Virus Scanning API (VS API) in Exchange 2000 Service Pack 1 (SP1)
- using the Microsoft Internet Security and Acceleration (ISA) Server to control email
Exchange 2000 Methods
Exchange 2000 provides some built-in methods for controlling unwanted email—from filtering messages based on content to using reverse DNS lookups to verify senders. You can use built-in filtering to prevent specific senders from sending email messages to your servers. Note that the ability to use filtering on SMTP senders doesn't exist in the Windows 2000 SMTP service, only in the Exchange 2000 SMTP service. (For information about SMTP security in Exchange Server 5.5, see Joseph Neubauer, "Is Your Exchange Server Relay-Secure?" January 2000.)
First, before you can create any SMTP filter restrictions, you must select the Apply Filter option for each virtual server that can accept SMTP email. You define filtering globally, but each SMTP virtual server has filtering options for each IP address. Therefore, one server can act as multiple virtual servers with unique settings. To select the Apply Filter option, open Exchange System Manager (ESM) by clicking Start, Programs, Microsoft Exchange, System Manager. If the Administrative Groups container appears in the left pane, expand it by double-clicking the container or clicking the plus sign (+) to the left of the container. If the Administrative Groups container doesn't exist or you have just expanded it, expand the Servers container in the left pane and expand the container for your server.
Next, expand the Protocols container, expand the SMTP container, then select the SMTP Virtual Server—most likely the Default SMTP Virtual Server. Right-click, and select Properties to open the dialog box. Click Advanced, and edit any existing IP addresses or add a new address (if the SMTP virtual server listens on additional IP addresses). Then, select the Apply Filter check box, as Figure 1, page 8, shows. The Filter Enabled column will change to Yes when you close the dialog boxes. Now, you need to configure the filters.
At the top of ESM, just below the Organization name, expand the Global Settings container to find the Message Delivery container. Right-click Message Delivery, and choose Properties. On the Filtering tab, which Figure 2, page 8, shows, you can enter the names of senders you want to filter out and choose how you want Exchange to handle the message and notifications. By default, Exchange sends a nondelivery report (NDR) and moves the message to the \exchsrvr\mailroot\vsi #\drop folder (where vsi# is the name of your virtual server—the default SMTP virtual server is vsi 1). You can also tell Exchange to send copies of the NDR to a location of your choice, which you can specify on the Messages tab in the Properties of the SMTP Virtual Server.
If the NDR can't be delivered to the sender, a copy of the message is put in the Badmail directory (\exchsrvr\mailroot\vsi #\badmail). You can change the location of this directory by right-clicking the SMTP Virtual Server, selecting Properties, and selecting the Messages tab, which displays the current Badmail location.
However, perhaps you don't want senders to know that you've dropped their messages. Selecting the Accept messages without notifying sender of filtering check box configures the system to not generate an NDR. You can use wildcards (e.g., *@nothing-good-to-say.com) or enter the sender's display name in quotation marks (""). The Filter messages with blank sender check box is useful because messages with a blank sender are suspect.