AFAIK, MS SMTP Server from IIS had quite extensive filtering hooks. It is much the same like custom ISA filters, documented in the ISA SDK. One of the relevant event of IIS/SMTP Server in your case, might be the SMTP OnArrival event. There are some example of these in the web, including one that filter message based on keyword. Actually, I guess the message screener might be implemented this way: as IIS/SMTP Server event sink, and not related to ISA. > -----Original Message----- > From: Brian Stone [mailto:brstephe@xxxxxxxxx] > Sent: Thursday, April 10, 2003 7:28 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: SMTP Filter - HELP! (NOT config help) > > I need a solution to stop spam from clogging users inboxes. > I have two thoughts on this related to ISA and the SMTP > filter and wondered if anyone would be willing to provide > some feedback/suggestions/comments/etc. > > 1. Is anyone running some mailserver on their ISA box to > forward to internal domains other than MS's SMTP server from > IIS? Since many mailservers support the use of external > files for filtering keywords and addresses, I wondered if > anyone had tried this solution. > > 2. Option would be to develop an import/export app for the > SMTP filter that would allow users to import blacklist files > into the filter config. > I might be willing to take a crack at this, would anyone be > willing to share the known registry keys related to the SMTP > filter, where it holds its config, and the reg key size > limits that you've encountered. > > Thanks - > Brian > > > Hi Edward, > > > > Yes, it's the key words that seem to run out of space, although I > > don't know if anyone has entered enough addresses/domains > to run up > > against it. Still trying to find out what registry key > holds the key > > words. I've got the one that contains everything except > the keywords! > > Arrgh. :-) > > > > Thanks! > > Tom > > > > -----Original Message----- > > From: Edward Sullivan [mailto:esullivan@xxxxxxx]=20 > > Sent: Wednesday, December 11, 2002 9:33 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Re: SMTP Filter - HELP! (NOT config help) > > > > > > http://www.ISAserver.org > > > > > > Fantastic - once fixed I suspect this will make a great article! > > Please let me know what, if any, additional information > you would like > > me to provide. > > > > From what I have seen, it only appears to occur with the keywords. > > Attachment blocking always functions, as well as domain > blocking. Of > > course, we do have more entries for keywords, so perhaps > we have just > > not hit the limit with the attachment and domain blocking features. > > > > Thanks again for your assistance! > > > > > > -----Original Message----- > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] > > Sent: Tuesday, December 10, 2002 7:26 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Re: SMTP Filter - HELP! (NOT config help) > > > > > > http://www.ISAserver.org > > > > > > Hi Edward, > > > > There does appear to be a limit on the number of entries > for the SMTP > > Message Screener. I don't think its really a limit on the > number of > > entries, but a limit on the size of the regkey. Sean > McCormick from > > brainbuzz has clued me into this issue and we're trying to get it > > cleared up.=20 > > > > HTH, > > Tom > > > > -----Original Message----- > > From: Edward Sullivan [mailto:esullivan@xxxxxxx]=20 > > Sent: Tuesday, December 10, 2002 5:58 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Re: SMTP Filter - HELP! (NOT config help) > > > > > > http://www.ISAserver.org > > > > > > I do not think this is the cause. We do have a secondary > MX in place > > in DNS in case of emergencies, but there is no policy > enabled via the > > firewall to allow mail to pass and the IP address is not > live either. > > > > The only SMTP policy enabled on our firewall routes all > inbound SMTP > > traffic through the DMZ port of the firewall to the DMZ IP > of the SMTP > > server, which ISA is configured to see as the untrusted zone. From > > that point the SMTP server relays to the primary Exchange server > > though the internal trusted NIC. > > > > I am double-checking all of the settings and policies to make sure > > nothing has been missed, but there is only one way for > email to get > > in, and it is a tight fit at that! There are only two > other servers > > with firewall policies allowing traffic in, and neither of > those have > > SMTP installed (or policies allowing SMTP traffic)and there are NO > > servers with real IP addresses assigned. > > > > Any other ideas? > > > > > > > > > > > > -----Original Message----- > > From: Chris H [mailto:ntpro@xxxxxxxxxx] > > Sent: Tuesday, December 10, 2002 5:24 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Re: SMTP Filter - HELP! (NOT config help) > > > > > > http://www.ISAserver.org > > > > > > I cannot speak to ISA server's problem, but having gone > through this > > with 2 other email packages I have found that almost > always the mail > > is coming in > > from another route you are not filtering such as an old > secondary MX > > record > > or another IIS server that you dont know has SMTP service > running on it > > or a > > Proxy server with the SOCKS service open, etc. It took me > a few weeks to > > finally nail everything down . . . > > ----- Original Message ----- > > From: Edward Sullivan > > To: [ISAserver.org Discussion List] > > Sent: Tuesday, December 10, 2002 6:16 PM > > Subject: [isalist] SMTP Filter - HELP! (NOT config help) > > > > > > http://www.ISAserver.org > > > > > > We are running ISA and IIS SMTP on our perimeter email > screener, and > > using the SMTP Filter to screen for: > > > > Attachment types (.exe, .pif, .com, .vbs, .bat, and .scr) Domains > > which we receive spam from (about 100 in the list) Spam > keywords (126 > > keywords in the list) > > > > Any message that meets SMTP filter criteria is forwarded > to a spam box > > on our primary Exchange Server. > > > > This server is not our firewall - we are only using ISA > for the email > > filtering functionality. The server hardware is a Dell > 2550 with 512MB > > of RAM, and a 2 GHZ XEON Processor. Dual NIC's, of course. > To me, this > > seems > > like a well-sized server for the application. > > > > My question is this - I have noticed that certain keywords are not > > being filtered, and that messages that contain keywords > are not being > > forwarded to our spam address, and are instead making it > to our users. > > Is there an effective limit to the number of keywords ISA > can handle, > > or is there a misconfiguration somewhere? Has anyone else > seen this > > behavior, and found a > > way to correct it? A bug in ISA perhaps? (Heaven forbid!) > > > > Thanks in advance for your responses! > > Ed Sullivan > > Director of Information Services > > esullivan@xxxxxxx <mailto:esullivan@xxxxxxx> > > KMA Direct Communications > > Confidential and Proprietary > > > > ------------------------------------------------------ > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > > ------------------------------------------------------ > > Exchange Server Resource Site: http://www.msexchange.org/ Windows > > Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT > > Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > ntpro@xxxxxxxxxx To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > > > ------------------------------------------------------ > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > > ------------------------------------------------------ > > Exchange Server Resource Site: http://www.msexchange.org/ Windows > > Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT > > Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > esullivan@xxxxxxx To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > ------------------------------------------------------ > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > > ------------------------------------------------------ > > Exchange Server Resource Site: http://www.msexchange.org/ Windows > > Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT > > Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > ------------------------------------------------------ > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > > ------------------------------------------------------ > > Exchange Server Resource Site: http://www.msexchange.org/ Windows > > Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT > > Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > esullivan@xxxxxxx To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > ------------------------------------------------------ > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=> 3Disalist > > ISA > Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?> type=3DFAQ > > > ------------------------------------------------------ > > Exchange Server Resource Site: http://www.msexchange.org/ Windows > > Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT > > Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to > > $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: > http://www.windowsecurity.com/ Windows > 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org > Discussion List as: memet@xxxxxxxxxxxxx To unsubscribe send > a blank email to $subst('Email.Unsub') >