WinDeveloper IMF Tune

WinDeveloper IMF Tune
WinDeveloper IMF Tune

Filtering POP3 Emails with IMF

Alexander Zammit

Alexander Zammit Photo

Software Development Consultant. Involved in the development of various Enterprise software solutions. Today focused on Blockchain and DLT technologies.

  • Published: Apr 03, 2007
  • Category: Anti-Spam
  • Votes: 3.0 out of 5 - 6 Votes
Cast your Vote
Poor Excellent

The Microsoft Intelligent Message Filter is known to only process inbound SMTP emails. However with the right configuration, IMF will also process emails from other protocols such as those downloaded over POP3 or IMAP.

The Microsoft Intelligent Message Filter is known to only process inbound SMTP emails. Many small businesses host their domain mailboxes externally and rely on POP3 or IMAP to periodically retrieve emails. This may easily lead us to believe that such traffic falls beyond the reach of IMF. However overcoming this limitation is quite easy.

Microsoft Small Business Server users are certainly aware of the POP3 connector included in the SBS package. Being readily available many adopt this. Unfortunately this connector feeds emails into Exchange through the IIS SMTP pickup folder bypassing IMF processing.

If you are expecting some hack to transform IMF, you are out of luck. We simply require a POP3/IMAP connector that forwards downloaded emails over a regular SMTP connection. Indeed this is how most commercial POP3 connectors work. Emails now enter Exchange through the inbound SMTP interface where IMF is waiting to do its job.

So the first step is for us to give up the SBS connector. Luckily much better alternatives are available for as little as $100. For such a small price we can get:

  1. A much more reliable connector

  2. Intelligent Message Filter anti-spam

I won't get into the SBS connector reliability issues here. Just search the SBS newsgroups for more on this topic. Instead we focus on the details of running IMF in such a setup.

IMF Configuration

Although a connector can do a good job at transforming POP3 into SMTP traffic, there is one important fact to keep in mind. The Exchange anti-spam functionality was meant to handle "normal" inbound SMTP traffic. Normal here refers to the case where the original email sender connects directly to Exchange. This is not what happens in our case. Both legitimate senders and spammers will post emails to the external mailbox unobstructed. The connector downloads and attempts delivery to the Exchange mailboxes where spam is being filtered. Thus the anti-spam filter never interacts with the original sender.

Direct SMTP Delivery

Delivery of Email through POP3

This difference limits our filtering options. Specifically email rejection takes a completely new meaning. Let's see what happens when an email is rejected in "normal" SMTP email delivery. In this case the remote sending SMTP server receives a rejection response from which a non-delivery report NDR may be generated to notify the original email sender.

In case of a POP3 to SMTP connector, Exchange is not interacting with the sender's SMTP server. The SMTP connection is established between Exchange and the connector. Rejections are now received by the connector who is trying to deliver the emails just downloaded.

At this point rejection handling entirely depends on the connector implementation. Many connectors will simply try to deliver the email to the postmaster mailbox. This is just another mailbox within our Exchange server. The anti-spam filter is likely to again reject it. If that were not to be the case the postmaster mailbox would quickly get flooded.

So the conclusion here is that email rejection is best avoided. To see how this affects the Intelligent Message Filter (IMF) let's have a look at the configuration under Global Settings | Message Delivery | Intelligent Message Filtering.

IMF Configuration

Gateway blocking allows us to select between Reject, Delete, Archive and No Action. Just make sure to avoid the Reject action. All other actions will work as usual. Same goes for the Store Junk E-mail configuration, this will work as expected. For a more complete discussion on IMF configuration refer to the links at the references section.

Final Tips

The myth that IMF cannot filter POP3 emails unfortunately keeps some organizations away from it. The fact that the Microsoft Small Business Server POP3 connector bypasses IMF tends to reenforce this myth. However the truth turns out to be different. As we have seen, routing emails through the Intelligent Message Filter is easy. Furthermore the same applies to any other non-SMTP emails as long as the right connector is in place.

References

IMF SCL Configuration - getting it right

Looking at IMF through the Performance Monitor

Troubleshooting IMF v2

User Comments - Page 1 of 1

Ski 6 Aug 2010 03:58
That is how I read this article. It seems that the SBS POP3 connector bypasses IMF as it puts the email into a pickup folder rather than using a SMTP connection. To get around this you would need to purchase a 3rd party POP3 connector which does create a true SMTP connection to the server or switch to SMTP inbound. I would recommend the latter.
Alexander Zammit 16 Jul 2008 01:33
Ok let me clarify.

IMF will not scan emails as long as you use the SBS POP3 connector.

However you can use 3rd party connectors that work differently from the SBS POP3. They act as a true POP3 to SMTP gateway. Thus IMF works fine with these.

So the solution is for you to uninstall the SBS POP3 and get yourself a 3rd party connector.
Rodrigo Sorbara 15 Jul 2008 21:47
Hello Alexander,
I didn't underatand what you meant with the phrase below, it wasn't clear to me.

"If you are expecting some hack to transform IMF, you are out of luck. We simply require a POP3/IMAP connector that forwards downloaded emails over a regular SMTP connection. Indeed this is how most commercial POP3 connectors work."

My colleague today experienced a problem where the messages became stuck before their categorization right after enabled IMF with the POP3 SBS Connector in-place. Researching for some documentations I found that most of them were telling that the messages won't even be scanned but with according to your article, this can be possible.
I have two questions regarding your documentation:

1. Can we foward the traffic from the POP3 connector to the SMTP? What steps should we take to configure IMF to work along with this kind of snecario (POP3 SBS cvonnector + IMF)
2. If the solution envolves the message forwarding back to the SMTP VS, I think we would have problems since this connector has particularities (like TURN and ETRN). Does this make sense to you?

Thanks in advance for your attention

Rodrigo Sorbara
Copyright © 2005 - 2024 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation