Subscribe to Windows IT Pro
November 24, 2003 12:00 AM

Filtering Messages in Exchange 2003

Control your messaging traffic
Donald Livengood
Windows IT Pro
InstantDoc ID #40756
Rating: (0)

Sender Filtering
Sender filters aren't new to Exchange 2003 (in fact, Microsoft first introduced them with Exchange 2000). Sender filters are almost identical to recipient filters except they process only the "Mail From:" SMTP command. In short, Exchange uses sender filters to drop messages received from a specific set of users or domains. Because the steps for configuring sender filters are so similar to the steps for configuring recipient filters, I focus on a few important points.

As I mentioned previously, you configure filters at a global level and apply those filters to specific SMTP Virtual Servers. Figure 3 shows several check boxes on the Message Delivery Properties dialog box's Sender Filtering tab in ESM. These options modify the behavior of a sender filter.

  • Archive filtered messages—When you select this check box, Exchange archives turfed messages in the mailroot subdirectory. If you enable this feature, remember to monitor the amount of disk space that these messages are occupying.


  • Filter messages with blank sender— When you select this check box, Exchange drops any message entering the system that contains a blank "Mail From:" SMTP command.


  • Drop connection if address matches filter—When you select this check box, Exchange sends a message to the filtered address telling the sender the SMTP service is unavailable. This action is meant to discourage senders from sending future messages.


  • Accept messages without notifying sender of filtering—When you select this check box, Exchange drops filtered messages after accepting them. This option turfs messages without letting the sender know that the message has been dropped.

After you configure the sender filter, if Exchange receives a message from an address on the sender-filtering list, it drops the message according to these settings and, by default, generates an NDR. The default NDR message is The e-mail address could not be found. Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address. The intent is to give the sender as little information as possible. However, you can create custom NDRs (Microsoft will include detailed instructions about how to do so with the Exchange 2003 software development kit—SDK). Like recipient filters, Exchange stores sender filters in AD's Configuration NC. AD stores sender-filtered addresses in the msExchTurfListNames attribute of the default message filter object.

Restricted Distribution Groups and Recipients
Although Exchange 2000 lets you restrict access to distribution group recipients, it only restricts access based on whether the sender exists in the directory. As a result, Exchange 2000 can't protect you from someone who spoofs a directory address to get around this restriction, and Exchange 2000 can't restrict access to individual recipients. Spoofing lets a message sender use someone else's address in the message's From field to impersonate a valid user. Spoofing is easy to do with many email clients as well as by using SMTP commands directly at a command prompt. To overcome these shortcomings, Microsoft took a different approach with Exchange 2003's restricted groups and restricted recipients features.

Exchange 2003's restricted groups feature works by adding a new, optional attribute, called msExchRequireAuthToSendTo, to the distribution group object. If the attribute isn't set for a particular distribution group, Exchange 2003's authentication behavior and delivery is the same as Exchange 2000's would be for that group. However, if the attribute is set, the messaging system must authenticate the sender as a valid user before delivering the message to the distribution group.

This attribute is also present on user objects, so you can now restrict messages sent to a specific recipient by requiring authentication. When a user connects to the SMTP service, Exchange 2003 processes the message in the standard fashion, with one caveat: The transport appends "AUTH=user@domain" to the Mail From: data, as outlined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 2554. This data is retained between Exchange 2003 servers. However, the "AUTH=" data is dropped from the Mail From information when Exchange 2003 transmits the message to a legacy server, including Exchange 2000. Assuming that Exchange 2003 authenticates the connection, the transport retains the "AUTH=" data and sets a new property, a flag, on the message to indicate that the sender is trusted. When the message enters the categorization process (specifically, the Categorizer component of Exchange Routing), one of the following actions takes place:

  • If the sender is authenticated and the distribution group or user authentication attribute is set, Exchange 2003 processes the message as usual (i.e., expands it and marks it for delivery).


  • If the sender is authenticated and the distribution group or user authentication attribute isn't set, Exchange 2003 processes the message as usual.


  • If the sender isn't authenticated and the distribution group or user authentication attribute is set, Exchange 2003 drops the message.


  • If the sender isn't authenticated and the distribution group or user authentication attribute isn't set, Exchange 2003 processes the message as usual.

To set delivery restrictions, right-click the distribution group or user in the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, select Properties from the context menu, select the Exchange General tab, and click the Delivery Restrictions button to view the Delivery Restrictions dialog box, which Figure 4 shows. Under Accept messages, choose one of four options: the default setting, From everyone, to accept messages from all senders or From authenticated users only, Only from, or From everyone except to restrict messages.

Tools to Protect Your Environment
Microsoft has tightened up message filtering in Exchange 2003. Using the filtering features included in the base Exchange product, administrators can better protect their environments. These features alone won't eliminate all undesirable messages, so third-party tools will still be needed. Restricted groups and restricted recipients further enhance the capabilities of the base system and can prevent external sources from using internal distribution groups or sending to internal-only addressees.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • Helsinki Postman
    8 years ago
    Jun 27, 2004

    Excellent article. Very well written.

  • shiv
    8 years ago
    Jan 20, 2004

    Good stuff. Useful indeed...

  • Rudy
    9 years ago
    Dec 29, 2003

    spam, what can be done about it. Its the issue really with Microsoft and Exchange 2000. NDRs are a constant reminder of all the spam on the internet. For instance on a daily basis our email server is shut down, cleaned of the ndrs, that pass by the expensive spam filtering software. This is costing us way too much money and since December 1, 2003 we opened another $245 ticket with MS only to hear that this is "By Design" and I need to get another 3rd party software that they cant recommend, to eliminate this. Most likely when I install this 3rd party software, it will not be supported by MS.

    Thanks

  • Laura DeWees
    9 years ago
    Dec 10, 2003

    Very informative.

  • Amit Kumar
    9 years ago
    Dec 05, 2003

    Nice Articles of Exchange server2003.

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.