These comments come from Les:
This reply is a little more than you need, hope you don’t mind. But the answer is contained within ;-). I was hoping to clean it up a bit before posting (but that may never happen). It’s relevent to several recent posts.
Basically, I’ve been trying to get the best spam/antivirus protection I can with SBS2k3 OOB and Trend Micro CSM SMB – no other third party products.
If you don’t use CSM, then just ignore those parts. I have been experimenting with this configuration for a while, and am very pleased with the present result.
I believe I have this under control presently. Possibly at the expense of a few legit emails (but very few, if any).
Without any third party apps except Trend CSM – here is what I use.
a) Internet Message Format
Out of Office responses
Preserve sender’s display name on message.
b) Message Delivery > properties
Sender Filtering Tab
Filter messages with blank sender
Drop connection if address matches filter
Recipient Filtering Tab
Filter recipients who are not in the directory
c) Default SMTP Server
| General | Advanced | Edit (all unassigned)
Apply Sender Filter (although I have no filters presently)
Apply Recipient Filter
Apply Connection Filter (although I have none of these either, presently)
Send copy of NDR reports is blank.
2. Trend Scanmail eManager
Notifications Button: None
Approved Senders Button: I have had to add a few to the list, but not many –
mostly list subscriptions.
Blocked Senders Button: None – useless against a reasonably competent
b) Content Filter
Anti-spam, hoaxes, chainmail, and Melissa Virus enabled.
The other items will do a *lot* of blocking – too much when your threshold
is set to high.
The automatic updates don’t work. No reason, no error. But the Update button does. I’ve been meaning to take this up with Trend, but haven’t yet looked into it. There are reasonably frequent updates, and they do make a difference. I update whenever I think of it, generally at least monthly.
d) Log Files
Log files are daily, set to delete after 30 days. The reporting is useful here, especially for initial tuning.
Attachment Blocking is *not* enabled in Scanmail, but it is in Exchange. I think you want to go with one or the other, not both. I may turn off attachment blocking in Exchange, and instead do it in Scanmail as there are more options in scanmail.
Virus actions are set to delete, delete, delete, delete.
b) Active Message Filter
Filter Inbound Messages *see Outlook section for a note.
virus scan – windows event log only
outbreak alert – email me, and event log.
attachment blocking – windows event log.
d) Quarantine Manager
This is where you go to check on the blocked items, including eManager spam blocked mail. You spend some time here initially tuning things for your environment.
Quarantine Maintenance is set to delete at 7 days. Works well.
Junk Mail was identifying about 50% of what got through to the mailbox with Scanmail Filter Inbound turned OFF, and the old junk mail pattern file (or whatever they call it)
A new junk mail pattern file was released (office update) not long ago, I installed it a few days ago. This has caught 100 % of what got through to the mailbox, no false positives thus far.
With the Scanmail Filter Inbound turned ON, you can even keep your junk mail folder almost empty by letting Scanmail handle attachment blocking instead of Exchange. Much of the junk mail that does get through has attachments, mostly replaced by either Exchange (blocked att. type) or Scanmail (virus). With scanmail doing attachment blocking, you can elect to kill these before
they come to the mail store.
Notes: (these are out of date, and system specific – just examples – YMMV).
In the past 48 hours, my inbox has been 100% clean of junk. Junk Mail folder has about 100 that made it through the Exchange, Emanager, and Scanmail filters. (this is with Scanmail Filter Inbound Off)
**** New info – with the Scanmail Filter Inbound *on*, junk mail has been reduced to about 10 per 24 hours. I’ve been checking the blocked emails in Scanmail console, and have been pleasantly surprised at the lack of false positives.
The exchange server has about 25 mailboxes, there are 3 or 4 heavy email users, and about 10 very heavily spammed addresses.
eManager filtered out 392 emails.
Scanmail scanned 1341 emails, 19 had viruses and were deleted.
Presently, I’m happy with the tools I have ;-).
Les Connor [SBS MVP]
SBS Rocks !