Almost a year passed since Microsoft started providing regular IMF updates. These are essential in order to keep the filter abreast with the ever changing spamming trends. Once the server is configured and the first update is downloaded, some common questions arise.
Should these updates be tested before going live?
Many administrators are cautious on applying any updates to their servers. Thus the first question is reminiscent of this fact. However with two IMF updates per month and with a fast moving target such as spam, delaying an update reduces filtering effectiveness.
With my involvement in IMF Tune monitoring these updates has been a regular task. So far these have always succeeded in terms of reliability. After seeing so many IMF installations I confidently apply these with little delay.
Of course a little testing does not hurt. In all cases updates may always be uninstalled through the Add/Remove Programs console.
What changes should I expect from an update?
Following an update, some emails will start to be rated differently. After all this is what updates are meant to do, adjusting the filter classification. In general this leads to more effective filtering. On the other hand an issue may arise if IMF is configured with very low filtering thresholds. The change may lead to some false positives.
Typically you see this happening with configurations filtering emails with SCLs as low as 3. Emails containing "spam like" content may suddenly earn a few more SCL points, enough to push it over the threshold. My advise is to avoid being over aggressive when configuring thresholds. Sometimes it is better to leave a few spam emails through.
Will updating cause any downtime?
IMF updates restart the IIS Admin service. This means that the SMTP service will be temporarily down. If IMF is running on an internet facing server, incoming emails won't be handled during this time. However this is not a problem since SMTP caters for such outages through retries.
Another important IIS component is the Word Wide Web Publishing Service. If running OWA, this won't be accessible during the restart. Indeed very often this is the main reason for applying IMF updates after hours.
Because of the important role played by IIS, if any problems arise after an IMF update the first thing to try is to restart the IIS Admin service (and all its dependencies) manually through the service control manager. This is a good place to again caution you about using iisreset for this purpose as discussed in
When IISReset Kills.