Microsoft recently published the Microsoft Exchange Server Intelligent Message Filter v2 Operations Guide. The guide is available online and as a downloadable Ms Word document. This replaces the earlier IMF v1 guide adding details on the various enhancements included in the second version of this filter.

The document discusses various important IMF topics. It pictures how IMF fits in the overall Exchange 2003 anti-spam technology map. It also covers cross forest deployment, IMF updates, event logging, performance monitor counters and the various registry settings available for tweaking email handling.

In particular I liked the section covering IMF updates. This in my opinion is one of the most valuable enhancements in IMF v2. The document discusses how the update mechanism works, includes details on the relevant registry keys/values and details how updates are versioned. All this can be very handy when troubleshooting.

Although this document includes plenty of valuable information, it also includes a few inaccuracies that are worth highlighting. Start by locating the section 'Understanding Exchange Server Intelligent Message Filter' and move to the subheading 'How Intelligent Message Filter Works with Exchange 2003 and Outlook Filtering Features'.

In step 2a the guide says: "Connection filtering checks the global accept list. If an IP address is on the global accept list, no other connection, recipient, or sender filtering is applied, and the message is accepted."

In reality recipient and sender filtering will still reject emails even though these originate from an IP under the Accept list. This was discussed in detail in Sender and Recipient Filtering Don't Care of IP Accept Lists.

In step 4 the guide says: "If the intended recipient matches an e-mail address that you filter, Exchange rejects the message and no other filters are applied."

This is fairly obvious, but I am including it for completeness. In reality Recipient filtering will only reject the specific recipient and the email is still delivered if addressed to multiple recipients.

At the end of the section an Important note says: "If users are using versions of Outlook earlier than Outlook 2003, the mailbox store thresholds have no effect and messages that are filtered in step 7 are instead delivered to the users' Inboxes. However, if clients can access e-mail using Outlook Web Access 2003, the store thresholds are applied as described in step 7."

Strictly speaking this is true, but it fails to clearly deliver the relevant information. When using earlier Outlook versions, it is indeed common to see emails exceeding the SCL store threshold ending up in the inbox. This happens because the Junk Email folder is not enabled. Whereas Outlook 2003 automatically enables this functionality, users running earlier versions need to enable this manually either through OWA or scripting. Full details are available from an earlier article Junk Email Folder for All Outlook Versions.

Final Tips

Now that you are armed with these details you are ready to take full benefit from the IMFv2 Operations Guide. It is certainly packed with useful information that will allow you to give a decisive blow to spammers at no extra cost.

References

Microsoft Exchange Server Intelligent Message Filter v2 Operations Guide - Online

Microsoft Exchange Server Intelligent Message Filter v2 Operations Guide - MS Word Document

Sender and Recipient Filtering Don't Care of IP Accept Lists

Junk Email Folder for All Outlook Versions