Can SpamAssassin filter emails to the Outlook Junk Email folder? What about applying Outlook Safe Senders/Recipients and Blocked Senders to an anti-spam firewall appliance? Is it possible for anti-spam solutions running on Linux gateways to integrate with Exchange just like the Intelligent Message Filter does?
The first thing that strikes anyone looking for an anti-spam solution is the large number of product offerings. Looking through all of these is impossible. Thus any evaluator will start to make a short list based on his requirements. Indeed there are many ways to categorize the offerings.
Should we go for a freeware or a commercial solution?
Should we install a dedicated filtering appliance, or go for a software only solution?
Should we filter at the edge (maybe on some Linux server) or at the backend?
What about outsourcing filtering to an external service provider?
Any Exchange administrator will also want to ensure proper Exchange and Outlook integration. It would be a pity to have Exchange 2003 and then fail to leverage the Junk Email Folder or the client side Safe Senders/Recipients, Blocked Senders lists. This factor could easily lead one to only consider products offering Exchange Integration.
Today we shall see how achieving Exchange integration is not that difficult. We could easily have filtering running on any platform, dedicated device, even at some external service provider and still integrate seamlessly into Exchange. Whatever the Intelligent Message Filter (IMF) does in terms of integration, so can other solutions. Even if these are completely ignorant of Exchange!!
Plugging into Exchange 2003
IMF classifies processed emails using the Spam Confidence Levels (SCLs). This is just a numeric value from 0 to 9 reflecting the level of certainty the filter has on classifying an email as legitimate or spam. SCL0 is assigned to emails classified as legitimate. SCL9 is assigned to emails considered to be almost certainly spam. Values in between reflect a varying degree of certainty.
As we shall see SCL ratings are very important to our discussion. For more details I suggest you to read my article
IMF SCL Configuration - getting it right
SCLs are the key to tap into Exchange. This is what Exchange understands. This is what determines when an email is to be deposited to the Junk Email folder. Hence any application wanting to plug into Exchange will need to somehow specify an SCL rating.
Do You Speak in SCLs?
It is quite obvious that a filter ignorant of Exchange won't generate SCLs. Nevertheless most filters will have some other way of expressing their email classification. Thus our goal becomes that of converting the filter specific email classification to an SCL. I have depicted the general setup below.
This is a very typical gateway filtering setup. Emails are first processed by the anti-spam filter. This adds its "spaminess" classification to each email. Next the mapping layer extracts and transforms this classification into an SCL. The emails are finally handed over to Exchange for delivery.
The email classification method is specific to the anti-spam solution adopted. Nevertheless it is safe to say that most filters are able to insert custom headers for this purpose.
The simplest scenario is the case where a flag is set through a custom header. For example the following could be inserted whenever an email is classified to be spam:
X-IS-SPAM: Yes
Legitimate emails would either have no header, or have the header value set to 'No'.
A more complicated scenario is when the filter adopts a broader range of values rather than a Yes/No flag. For example a percentage rating is sometimes adopted.
Another fairly common case is the insertion of tags within the email subject. Typically this is composed entirely (or in-part) of some fixed text. Through this text it is then possible to extract the filtering outcome.
Mapping Results with IMF Tune
IMF Tune provides the missing link. It is able to extract the filtering result and map it to an SCL. Let's see how we can get spam to be routed to the Junk Email Folder.
IMF Tune is an extension to the Exchange Intelligent Message Filter. Thus you would first start by installing IMF Tune and IMF on the same Exchange server. Note that as from Exchange SP2, IMF is an integral part of Exchange and there is no separate IMF install. Check the references section for all relevant links.
Next you need to configure IMF. I will assume you already know how to do this, otherwise check the references. To keep things simple I won't activate IMF gateway blocking. Thus I will set the gateway action to 'No Action' and the gateway threshold (which is irrelevant) to 9.
What is more interesting to us is the Junk Email threshold. I will set this to a relatively high value i.e. 6. This means that emails with SCLs greater than 6 will be deposited to the Junk Email folder.
The reason for this high threshold is the fact that here I am not really interested in IMF filtering. I will instead rely on the anti-spam filter sitting in front of Exchange.
Of course don't forget to enable IMF from the Exchange System Manager under the SMTP Protocol. Note that as from SP2 IMF enablement was moved to SMTP Virtual Server | General | Advanced.
Next we configure IMF Tune. Open the configuration, select the SCL Management category and Click on Add. This opens the SCL Mapping dialog
What we configure here depends on the type of email classification supplied by the spam filter. If we consider the Yes/No header flag discussed earlier, then we would set:
Header Name: |
X-IS-SPAM |
Matching Type: |
is exactly |
Header Value: |
yes |
Operation Type: |
set value to |
SCL Value: |
7 |
Next save the new mapping and select the IMF Tune General category. Here make sure that SCL 7 is configured as Accept. Otherwise IMF Tune itself might block email delivery.
That's basically it. Save changes and emails identified as spam will be routed to the Junk Email folder. Furthermore any Safe Senders/Recipients, Blocked Senders configured at the client will also be applied. As promised at the introduction there will be no difference between spam filtered by IMF and spam filtered at the edge.
IMF Tune through the SCL Mappings dialog also caters for more complex email classifications. For example we could search for a tag within the Subject or within any other email header using the 'contains' matching type. Of course the more complex the classification the more complex the configuration gets. So in general one should look at rendering this information as easy to process as possible.
For brevity here I described the setup of IMF and IMF Tune at one go. In general it is easier to first setup IMF, test it out to make sure it works properly and then proceed with IMF Tune.
To conclude, I want also to remind you of the classic Junk Email enablement problem that many run into. For emails to be deposited to this folder, it must be enabled on each mailbox. I discussed solutions to this issue in a recent article
Centralizing Junk Email Folder Administration
References
WinDeveloper IMF Tune
IMF SCL Configuration - getting it right
Centralizing Junk Email Folder Administration
Sneak Peak at Exchange SP2 CTP
Intelligent Message Filter Download
Intelligent Message Filter Update