The next step is to configure the SMTP application filter. Click the Extensions node, then double-click the Application filters folder in the right pane. Now, double-click or right-click the SMTP Filter and select Properties. In this configuration area, you can enable filtering on attachments by filename, extension, or size. To add filtering keywords, select the Keywords tab, then click Add and type in a word you want to filter on. You can filter on words in the Message header, Message body, or Message header and body. Notice that you must enter the words or phrases one at a time. Unlike products from other vendors, the SMTP Filter doesn't have an import function to bring in an established list of offensive phrases from a file or vendor Web site. Therefore, you must be creative and aware of every possible offensive or naughty phrase! (In "Managing Your Email Content, Part 1," I discuss content-management software that provides an established list of offensive phrases.) Finally, from the drop-down list, select the action (Delete, Hold, or Forward) you want the filter to perform on the messages. You must manually enter the email address to which you want the messages forwarded; the filter doesn't resolve names from the Global Address List (GAL). Also notice that you can use an arrow to move the keywords up or down. Keyword order is crucial because the first match triggers the defined action. If you delete a message because it contains a certain word, the fact that a later keyword match would have forwarded the message to you is irrelevant. You won't receive the message.
I offer two words of caution. First, you can't verify the address to which the filter will forward the message; therefore, be sure that you enter a valid address. Second, any message that matches a keyword will trigger the action, so be sure that you really want to filter on the keyword you specify. Any content-management application can accidentally catch innocent messages (i.e., a false positive). To avoid losing valuable information, you can hold rather than delete blocked email messages. Unfortunately, holding messages imposes more work on the messaging system administrator, who must periodically check and purge the quarantined messages. The hold location for these messages is in the mailroot\badmail directory, which by default is in the Inetpub folder.
After you configure application filtering, you need to configure your SMTP server to deny relaying for all servers except this server. This procedure varies with the SMTP service the server is running. To configure the Win2K SMTP service, launch Internet Services Manager (ISM) by clicking Start, Programs, Administrative Tools, Internet Services Manager. Double-click the server container, then right-click the Default SMTP Virtual Server and select Properties. On the Access tab, click Relay, then select All except the list below. Click Add to enter the computer, group of computers, or even the domain that is allowed to relay SMTP mail to this server. Close the Relay Restrictions dialog box by clicking OK. On the Delivery tab, click Advanced, and in the Smart host field, type the name of the mail server computer for all outbound messages if you use a single route.
In the beta version of ISA Server, when I installed the Message Screener component on a computer that wasn't the primary ISA Server, I had to run a script to configure the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IsaSmtpFltr\ServerName registry subkey. Although ISA Server Help says that you should run the setregs.vbs tool on the SMTP Server, Microsoft has replaced setregs.vbs with the smtpcred.exe tool in the isa\i386 folder on the ISA Server CD-ROM.
Third-Party SMTP Filters
To create a custom SMTP filter, you can refer to the ISA software development kit (SDK) documentation (http://www.microsoft.com/isaserver/features/sdk.htm), which contains an example with complete source code in C/C++. However, I found the example to be a great motivation to start looking at third-party plug-in applications. Companies such as Aladdin Systems, Baltimore Technologies, GFI, and Trend Micro are developing add-ins to allow SMTP filtering at the ISA Server. These companies all have a background in content filtering at SMTP servers. The Web-exclusive sidebar "Custom Solutions vs. Third-Party Solutions," InstantDoc ID 21174 on the Exchange Administrator Web site (http://www.exchangeadmin.com), gives you guidelines for deciding whether to build or buy applications such as SMTP filter software.
Like other SMTP filters, ISA also lets you configure a list of rejected users or DNS domains for controlling spam. ISA also helps against attacks (e.g., buffer overrun attacks)—a feature that you might not get in other content-management solutions. Microsoft is positioning ISA Server to be your main defense against all types of entry into your network.
Many Choices
These choices (i.e., Exchange 2000, SMTP servers, ISA Server, third-party applications, and the options I listed for Exchange Server 5.5 in "Managing Your Email Content, Part 1") give you a solid foundation for choosing an email content-management solution and its placement. Your current applications might already let you perform content management, or you might need to evaluate and purchase an add-in application. You need to base your decision on the level of control over the flow of email that you want to develop, whether it's simple blocking of junk email or more advanced filtering and routing functionality.