Hi, Our firewall also does spam filtering. For messages whose verdict is spam, it'll reject them, and for messages whose verdict is suspected spam, it'll modify the message header to indicate suspected spam then relay it to the Exchange server. The question is -- is there a way to make Exchange 2003 (SP2) filter messages based on the modified header and put those messages in a specified folder? So if the firewall puts the suspected spam string into a message header and relays it to Exchange, I'd like Exchange to be able to recognize this header string and deliver the message to a particular folder for the users (Junk Email, or some other folder). Thanks in advance.

Hi Charles,Exchange 2003 does not have any feature like that built in but you can check the SCL rating of such messages in outlook (http://msexchangeteam.com/archive/2004/05/26/142607.aspx) and depending on it configure the SCL theshold at ESM ->Global Settings -> Message Delivery -> Intelligent Message Filter. For detailed understanding of IMF you can refer http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF-v2.htmlMMilind Naphade | MCTS:M | http://www.msexchangegeek.com

Hi,If your firewall is capable to put any header value into the suspected message you should put X-SCL header what will be recognized by the settings mentioned by Milind. If the firewall is not capable to change the header value the requested functionality can be achieved by a small SMTP Event Sink. In this case please let me know what header field genereated by your firewall.Regards,Zoltnhttp://www.clamagent.org - Free Antivirus for Exchange http://www.it-pro.hu http://emaildetektiv.hu

Milind, Thanks for the reply, I appreciate it. What if I wanted to do this from the Outlook client side rather than on the Exchange server? I'm thinking of deploying a rule to everyone's Outlook to move messages with the spam x-header into their Junk Email folder. Is there a way to globally deploy an Outlook rule this way, and if so, will it overwrite the users' existing rules? Thanks again. Charles

Hi Charles,That is what IMF is meant for, actually ;) You wont have to educate your users to deply rules and to move some email to Junk Email folder if the email has the SCL rating than your specification. Outlook Junk Email filter is also capable of doing it without any rule. I understand deploying IMF may be some trouble due to technical and bussiness requiremetns. As far as outlook rules are concerned. Outlook rules do not have any setting to watch the headers. I hope this information helps you.Do let us know in case you have further queries.MMilind Naphade | MCTS:M | http://www.msexchangegeek.com

Hi Charles, As Zoltan mentioned, first please let us know what kind of header generated by your firewall. If Its not a X-SCL header, you need to write a event sink. In such a scenario, you need to write a post on our Exchange development forum for further help. At the same time, I would like to explain the IMF/SCL related Store Action is totally separate from and unrelated to the Outlook client-side Junk E-mail evaluation. Outlook doesnt use the IMF provided SCL values for its client-side (cached-mode only) anti-spam determination. Instead, it does its own Junk E-mail evaluation and determines whether or not to move the mail to the Junk E-mail folder based on the settings within the Tools->Options Junk E-mail settings. Please refer to the following article for more information: http://blogs.technet.com/evand/archive/2005/01/31/363935.aspx You can set IMF server configuration at ESM | Global settings | message Delivery | IMF | Store Junk E-mail Configuration. The mail will be deliver to users junk email folder if it has an SCL rating greater than the value you set. One thing should be note is that you must enable IMF on all SMTP virtual servers that accept incoming Internet email. Hope this helps. Thanks, Elvis

Elvis,Thanks for setting me straight. I must accept that I had confusion about it. Thanks for clearing my confusion as well. :-)MMilind Naphade | MCTS:M | http://www.msexchangegeek.com

Hi Milind,You're welcome. :)- Elvis

Thanks everyone for your input, it's really appreciated!

Elvis, I realize it's been a while since your post, but I'm having some trouble getting Exchange 2003 SP2 to recognize the X-SCL header that you mention. Specifically, I am adding a "X-SCL: 9" header to specific messages, and I can see that header present in Outlook, but it doesn't appear that Exchange 2003 is paying any attention to it. I have IMF enabled on the SMTP connector in question and have the 'move to Junk Mail' option set to a SCL value of 9. I have added the "Viewing SCL value in Outlook" column from your site and the SCL of the message seems to be some value decided by Exchange and not the preset value I supplied in the headers. If you have any suggestions or ideas regarding this, that would be great. I did see that Exchange 2007 appears to remove certain headers from messages (including the SCL header) to prevent spammers from trying to get past the filter that way, but I haven't been able to find out if Exchange 2003 does this as well, and if so, how to modify the behavior. Thanks! Nick