WinDeveloper O365 Mailer FREE for 1 Year

WinDeveloper IMF Tune
WinDeveloper IMF Tune

Integrating any Anti-Spam Filter into Exchange

Alexander Zammit

Alexander Zammit Photo

Alexander Zammit has been developing server applications for over 15 years. Most of his works involve Exchange integrated applications, including a FAX server, a mail security product and anti-spam products.

  • Published: Sep 27, 2005
  • Category: Anti-Spam
  • Votes: 5.0 out of 5 - 1 Vote
Cast your Vote
Poor Excellent

Can SpamAssassin filter emails to the Outlook Junk Email folder? What about applying Outlook Safe Senders/Recipients and Blocked Senders to an anti-spam firewall appliance? Is it possible for anti-spam solutions running on Linux gateways to integrate with Exchange just like the Intelligent Message Filter does?

Can SpamAssassin filter emails to the Outlook Junk Email folder? What about applying Outlook Safe Senders/Recipients and Blocked Senders to an anti-spam firewall appliance? Is it possible for anti-spam solutions running on Linux gateways to integrate with Exchange just like the Intelligent Message Filter does?

The first thing that strikes anyone looking for an anti-spam solution is the large number of product offerings. Looking through all of these is impossible. Thus any evaluator will start to make a short list based on his requirements. Indeed there are many ways to categorize the offerings.

  • Should we go for a freeware or a commercial solution?

  • Should we install a dedicated filtering appliance, or go for a software only solution?

  • Should we filter at the edge (maybe on some Linux server) or at the backend?

  • What about outsourcing filtering to an external service provider?

Any Exchange administrator will also want to ensure proper Exchange and Outlook integration. It would be a pity to have Exchange 2003 and then fail to leverage the Junk Email Folder or the client side Safe Senders/Recipients, Blocked Senders lists. This factor could easily lead one to only consider products offering Exchange Integration.

Today we shall see how achieving Exchange integration is not that difficult. We could easily have filtering running on any platform, dedicated device, even at some external service provider and still integrate seamlessly into Exchange. Whatever the Intelligent Message Filter (IMF) does in terms of integration, so can other solutions. Even if these are completely ignorant of Exchange!!

Plugging into Exchange 2003

IMF classifies processed emails using the Spam Confidence Levels (SCLs). This is just a numeric value from 0 to 9 reflecting the level of certainty the filter has on classifying an email as legitimate or spam. SCL0 is assigned to emails classified as legitimate. SCL9 is assigned to emails considered to be almost certainly spam. Values in between reflect a varying degree of certainty.

As we shall see SCL ratings are very important to our discussion. For more details I suggest you to read my article IMF SCL Configuration - getting it right

SCLs are the key to tap into Exchange. This is what Exchange understands. This is what determines when an email is to be deposited to the Junk Email folder. Hence any application wanting to plug into Exchange will need to somehow specify an SCL rating.

Do You Speak in SCLs?

It is quite obvious that a filter ignorant of Exchange won't generate SCLs. Nevertheless most filters will have some other way of expressing their email classification. Thus our goal becomes that of converting the filter specific email classification to an SCL. I have depicted the general setup below.

Mapping to SCLs

This is a very typical gateway filtering setup. Emails are first processed by the anti-spam filter. This adds its "spaminess" classification to each email. Next the mapping layer extracts and transforms this classification into an SCL. The emails are finally handed over to Exchange for delivery.

The email classification method is specific to the anti-spam solution adopted. Nevertheless it is safe to say that most filters are able to insert custom headers for this purpose.

The simplest scenario is the case where a flag is set through a custom header. For example the following could be inserted whenever an email is classified to be spam:

X-IS-SPAM: Yes

Legitimate emails would either have no header, or have the header value set to 'No'.

A more complicated scenario is when the filter adopts a broader range of values rather than a Yes/No flag. For example a percentage rating is sometimes adopted.

Another fairly common case is the insertion of tags within the email subject. Typically this is composed entirely (or in-part) of some fixed text. Through this text it is then possible to extract the filtering outcome.

Copyright © 2005 - 2016 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation