Blog Post

Exchange Team Blog
3 MIN READ

Manage spam with the IMF archive manager

The_Exchange_Team's avatar
May 26, 2004

As you may have heard by now, Exchange released a cool new feature yesterday that goes by the name of Intelligent Message Filter (IMF).  You can find out more details on this cool feature at www.microsoft.com/exchange/imf On Exchange, we are encouraged internally to Dogfood (consume pre-release deliverables) our own products, and since I’ve always enjoyed battling the UCE problem on my personal mail server, I decided to give IMF a test drive.

After getting everything thing setup, my first choice in filtering was to give my end users (family) the burden of cleaning up UCE from their own junk mail folder.  The initial feedback was extremely positive, and I was quickly able to figure out the thresholds that worked for most people (6 on the fence, 7 and up almost always UCE).  But I also started getting feedback that the end users didn’t really want to continue to deal with the stuff that was definitely UCE and would prefer it never got to the inbox. 

As it so happens, IMF has a choice of choosing different actions at two different levels.  The first action that I had already used was storing the UCE to the Junk E-mail folder.  The second action was a blocking action that would Archive, Delete, or Reject.  I didn’t want to reject, as more likely then not I’d end up with a bunch of NDR’s sitting in an outbound queue that would never be delivered.  I didn’t want to delete, as I’m always concerned about accidental mail deletion, so Archive sounded like the perfect solution for me.

Since I knew that level 7 and up typically was UCE, I set the Blocking configuration to Archive messages with a Spam Confidence Level (SCL) of 7 or greater.  I then started watching messages pile up in my “program files\exchsrvr\mailroot\vsi 1\UceArchive” folder.  I now had to figure out a way to manage this folder.  Unfortunately this was not an area that the IMF feature was focused on.  Using OE or notepad via browser window was not very pleasant.  So it was time to fire up Visual Studio and roll my own Archive Manager.  The result was the IMF Archive Manager (IMFAM) that is now available on http://workspaces.gotdotnet.com/imfarchive.

IMFAM is a C# GUI tool released as shared source on GotDotNet that provides a tree view of the archive directory and the eml files in it.  It also has a preview pane that displays decoded P2 mail message properties as well as the entire raw message.  There are 5 actions: Refresh, Delete, Resubmit, Copy to Clip, and Report.  Refresh reloads the tree view as well as the raw message.  Delete deletes the selected message.  Resubmit moves the message to the pickup directory where it is resubmitted to the MTA and delivered.  Copy to Clip copies the entire raw message to the clipboard in case you want to paste it in another window.  Report creates a new message, attaches the selected message as an attachment, and then sends it to the recipient listed in the report settings.  In addition it optionally strips P1 headers, x-SCL header, and deletes the message if so configured in the report settings.  The report feature is useful if you want to send the UCE to reporting organizations such as http://www.spamcop.net.

Since this is released as a shared source project on GotDotNet, feel free to download it, kick the tires, provide feedback, or even join the group and provide new features.

- James Webster

Updated Jul 01, 2019
Version 2.0
  • How did you go about figuring out the thresholds from existing junk mail?
  • James, I'm trying to come up with a Macro in OL2K3 to cull all messages in the selected folder and read the SCL using CDO to look at the internet headers. Then I want to take that SCL and write it to the Billing Information field of the message. That field isn't really used for anything else at my org so it would be great to use it to sort by SCL. Right now I just want to create a macro, but later I may want to put an event sink on my junk e-mail folder that does this at the server level.

    So far I have all the code I need to get the SCL but I am trying to write it to the billing information field and I can't seem to find the right property tag.

    oMessage.Fields.Add "0x8535", vbString, "TestBillingData", "2903020000000000C000000000000046"

    I did a lookup at CDOLIVE http://www.cdolive.com/cdo10.htm and this seems to be right. 0x835 refers to the billing information field and the property set id seems to be correct too, but I'm not sure. Can't seem to find anything good on MSDN.

    CdoPropSetID5 "2903020000000000C000000000000046" Generic MAPI ID. Used with all type of item properties (e. g. categories)

    Anyway, I don't get an error and it is updating some field, just not the right one. Any ideas?

    Jeremiah Cook (Please email me as newsgator won't update your comments)

    jcook@inteltech.com
  • KC will be posting an article shortly that describes how to expose SCL via Outlook. You can also expose SCL in the archive directory by following the directions in Chapter 6 of the deployment guide.
  • Recently Microsoft released Exchange Intelligent Message Filter. Having not used it yet myself, I can't say how "intelligent" it actually is, but I will be looking into it next week at work. This page has a brief description of a...
  • the tool works great for me, thanks. One question. I can't accesss the page from outside our network. SBS2K3, ISA, Exchange2K3 SP1. Seems like an ISA issue. Any ideas....

    thanks,

    Mitchel