Good day all
I am very new to the Microsoft forums so please point me in the right direction if this question does not fall under this category.
I have been assigned to administer an Exchange 2010 server, there is no edge transport server, running version 14.01.0438.000, with Microsoft outlook as the clients software.
This Exchange environment has been implemented at the beginning of this year. We have had numerous complaints about spam received on a daily basis. Our network has all the necessary firewalls and antivirus in place. A Gateprotect Firewall, Avast endpoint for the servers and Avast email server security running on the Exchange 2010 server. I have configured the RBL blocklist providers in the content filtering and checked the logs to see if they are playing their roles. I have seen a major decrease in spam when the Avast email server security application was installed but there is still spam slipping through the cracks. The types of spam that i see everyday varies.
Examples:
- Emails about dating, weight loss,viagra, business investments etc.
- Emails received that's addressed to an unknown person outside of the organization.
- Emails received by many users in the organization that was not addressed to them but the send to address is a legitimate account within our organization.
On the Exchange server i have enabled the anti spam content filtering along with all the other filters in the organizational tree, hub transport, anti-spam tab. I set the SCL ratings - Delete = 9, reject = 7 and quarantine = 5 (created a junk mail account). Is this correct?
There are two RBL blocklist providers in the IP blocklist providers properties, zen.spamhaus.org and bl.spamcop.net. I was told not to add more blocklist providers as they will slow down the Exchange server.Is this true?Can i add in additional IP addresses and ranges to the IP blocklists in the Server configuration tree, hub transport and anti-spam tab?
The Avast Email Server Security has limited options. I have enabled the "delete spam" option and there is only a blacklist and whitelist to add in email addresses and domain names.
The Gateprotect Firewall also has limited features for fighting spam, only blacklists and whitelists. The support guys has recommended some work arounds but i am not that advanced in configuring firewalls at that level.
When tracking the IP address of spam emails that has the same heading and the same text in the body but their email addresses are different and their IP addresses are completely different,how do i block those types of spam?
With email addresses that has been "spoofed", i read up that in order to block that from occurring i would need to add in SPF records in the Control panel for our domain.What needs to be done there?
Please assist me with understanding the ways of fighting spam and what more i can do to improve the system.
Thank you in advance.