Exchange 2003 SP2's Intelligent Message Filter Customization (this only works with the IMF that is now part of Exchange 2003 SP2)
With the New Intelligent Message Filter in Exchange 2003 SP2, you can now provide a your own Custom XML file with keywords that either raise or lower the score, but there are a couple of tricks to it - two I had to figure out the hard way!
The biggest problem is you can now configure the Intelligent Message Filter to update via Windows update - but it puts the updates files (and runs them) in a new folder.
The default IMF (from 8/2005) will be held (by default) in
C:\Program Files\Exchsrvr\Bin\MSCFv2
The December 15, 2005 update (the most current update at this time) is in
C:\Program Files\Exchsrvr\Bin\MSCFv2\6.5.7757.0
So - guess where the Custom XML file should go?
Documentation says in the \MSCFv2 folder\ - doesn't work - that's the old version of the IMF!!!
Put it in the MSCFv2\6.5.7757.0 folder - it will work!!! (or the latest directory next time it updates)
Next, you have to register the MSExchange.UceContentFilter.dll - and you will want to make sure you register the correct one - the commnd (all on one line):
regsvr32 c:\Program Files\Exchsrvr\Bin\MSCFv2\6.5.7757.0\MSExchange.UceContentFilter.dll
should do it for the version I have.
Now To use it, you need to create the file MSExchange.UceContentFilter.xml in the above directory, as a UNICODE text file with the following data:
<?xml version="1.0" encoding="UTF-16"?>
<CustomWeightEntry Type="SUBJECT" Change="MIN" Text="SAFE SUBJECT"/>
<CustomWeightEntry Type="BODY" Change="MIN" Text="SAFE BODY"/>
<CustomWeightEntry Type="BOTH" Change="MIN" Text="SAFE BOTH"/>
<CustomWeightEntry Type="SUBJECT" Change="MAX" Text="BAD SUBJECT"/>
<CustomWeightEntry Type="BODY" Change="MAX" Text="BAD BODY"/>
</CustomWeightEntries>
To save it as unicode file - in notepad Select "Save As" and make the following changes
1. File name needs to be called "MSExchange.UceContentFilter.xml" (hint - use the "quotes" around the filename to prevent the default ".txt" on the end.
2. From the Encoding Dropdown, select "UNICODE"
Put it in the correct folder - and - just to be on the safe side - restart SMTP Services (and make sure you have the IMF configured at the ORG level, and enabled under the Server Protocols SMTP)
So - how does the file work?
First two lines are the XML header and CustomWeight header
<?xml version="1.0" encoding="UTF-16"?>
<CustomWeightEntry Type="SUBJECT" Change="MIN" Text="SAFE SUBJECT"/>
This line says if the SUBJECT of the message contains the text "SAFE SUBJECT" - give it a minimum Spam Confidence Level (0) (the Change="MIN")
<CustomWeightEntry Type="SUBJECT" Change="MIN" Text="SAFE SUBJECT"/>
This line says if the BODY of the message contains the text "SAFE BODY" - give it a minimum Spam Confidence Level (0) (the Change="MIN")
<CustomWeightEntry Type="BODY" Change="MIN" Text="SAFE BODY"/>
This line says if the EITHER the SUBJECT OR BODY of the message contains the text SAFE EITHER- give it a minimum Spam Confidence Level (0) (the Change="MIN")
<CustomWeightEntry Type="BOTH" Change="MIN" Text="SAFE EITHER"/>
So - what else can you do?
This line
<CustomWeightEntry Type="SUBJECT" Change="MAX" Text="BAD SUBJECT"/>
Changes the Change = "Min" to Change = "Max" and the Text="SAFE SUBJECT" to Text="BAD SUBJECT"
This will set give the message a maximum Spam Confidence Level (9)
So - to stop the current batch of annoying SPAM that is coming in with the title "NOTIFICATION - Headline News" - add the following line to the file
<CustomWeightEntry Type="SUBJECT" Change="MAX" Text="NOTIFICATION - Headline News"/>
If you change "MIN" to a number between -9..0..9 - it will add that amount to the SCL - so if you specify 5 to all messages with the word "Viagra" in it - all messages with that word in the subject will have their score increased.
<CustomWeightEntry Type="BOTH" Change="5" Text="Viagra"/>
So - what does this line do?
<CustomWeightEntry Type="SUBJECT" Change="-5" Text="Grant's Geek Blog"/>
Once it is working, changes to the XML file should be immedately effective!
So - combine this with a nice Event sink that adds text to a incoming message that meets a criteria (like e-mail address) and you can make a nice whitelisting utility for free! (I'll show you that one over the next couple of weeks)
Good luck with the war on SPAM!
With the New Intelligent Message Filter in Exchange 2003 SP2, you can now provide a your own Custom XML file with keywords that either raise or lower the score, but there are a couple of tricks to it - two I had to figure out the hard way!
The biggest problem is you can now configure the Intelligent Message Filter to update via Windows update - but it puts the updates files (and runs them) in a new folder.
The default IMF (from 8/2005) will be held (by default) in
C:\Program Files\Exchsrvr\Bin\MSCFv2
The December 15, 2005 update (the most current update at this time) is in
C:\Program Files\Exchsrvr\Bin\MSCFv2\6.5.7757.0
So - guess where the Custom XML file should go?
Documentation says in the \MSCFv2 folder\ - doesn't work - that's the old version of the IMF!!!
Put it in the MSCFv2\6.5.7757.0 folder - it will work!!! (or the latest directory next time it updates)
Next, you have to register the MSExchange.UceContentFilter.dll - and you will want to make sure you register the correct one - the commnd (all on one line):
regsvr32 c:\Program Files\Exchsrvr\Bin\MSCFv2\6.5.7757.0\MSExchange.UceContentFilter.dll
should do it for the version I have.
Now To use it, you need to create the file MSExchange.UceContentFilter.xml in the above directory, as a UNICODE text file with the following data:
<?xml version="1.0" encoding="UTF-16"?>
<CustomWeightEntry Type="SUBJECT" Change="MIN" Text="SAFE SUBJECT"/>
<CustomWeightEntry Type="BODY" Change="MIN" Text="SAFE BODY"/>
<CustomWeightEntry Type="BOTH" Change="MIN" Text="SAFE BOTH"/>
<CustomWeightEntry Type="SUBJECT" Change="MAX" Text="BAD SUBJECT"/>
<CustomWeightEntry Type="BODY" Change="MAX" Text="BAD BODY"/>
</CustomWeightEntries>
To save it as unicode file - in notepad Select "Save As" and make the following changes
1. File name needs to be called "MSExchange.UceContentFilter.xml" (hint - use the "quotes" around the filename to prevent the default ".txt" on the end.
2. From the Encoding Dropdown, select "UNICODE"
Put it in the correct folder - and - just to be on the safe side - restart SMTP Services (and make sure you have the IMF configured at the ORG level, and enabled under the Server Protocols SMTP)
So - how does the file work?
First two lines are the XML header and CustomWeight header
<?xml version="1.0" encoding="UTF-16"?>
<CustomWeightEntry Type="SUBJECT" Change="MIN" Text="SAFE SUBJECT"/>
This line says if the SUBJECT of the message contains the text "SAFE SUBJECT" - give it a minimum Spam Confidence Level (0) (the Change="MIN")
<CustomWeightEntry Type="SUBJECT" Change="MIN" Text="SAFE SUBJECT"/>
This line says if the BODY of the message contains the text "SAFE BODY" - give it a minimum Spam Confidence Level (0) (the Change="MIN")
<CustomWeightEntry Type="BODY" Change="MIN" Text="SAFE BODY"/>
This line says if the EITHER the SUBJECT OR BODY of the message contains the text SAFE EITHER- give it a minimum Spam Confidence Level (0) (the Change="MIN")
<CustomWeightEntry Type="BOTH" Change="MIN" Text="SAFE EITHER"/>
So - what else can you do?
This line
<CustomWeightEntry Type="SUBJECT" Change="MAX" Text="BAD SUBJECT"/>
Changes the Change = "Min" to Change = "Max" and the Text="SAFE SUBJECT" to Text="BAD SUBJECT"
This will set give the message a maximum Spam Confidence Level (9)
So - to stop the current batch of annoying SPAM that is coming in with the title "NOTIFICATION - Headline News" - add the following line to the file
<CustomWeightEntry Type="SUBJECT" Change="MAX" Text="NOTIFICATION - Headline News"/>
If you change "MIN" to a number between -9..0..9 - it will add that amount to the SCL - so if you specify 5 to all messages with the word "Viagra" in it - all messages with that word in the subject will have their score increased.
<CustomWeightEntry Type="BOTH" Change="5" Text="Viagra"/>
So - what does this line do?
<CustomWeightEntry Type="SUBJECT" Change="-5" Text="Grant's Geek Blog"/>
Once it is working, changes to the XML file should be immedately effective!
So - combine this with a nice Event sink that adds text to a incoming message that meets a criteria (like e-mail address) and you can make a nice whitelisting utility for free! (I'll show you that one over the next couple of weeks)
Good luck with the war on SPAM!
