Jim
Wed May 26 07:51:54 CDT 2004
Prevent those ndrs and your server will be quieter. I do a few clicks.
I clear the authenticated users, I prevent ndr sends, I prevent the
server from accepting email for non domain users. Here are some of Les
Connor's notes which I discovered.
google search
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&selm=uanbmekJEHA.2432%40TK2MSFTNGP10.phx.gbl&rnum=2
Quote
Hi Clevere,
This reply is a little more than you need, hope you don't mind. But
the
answer is contained within ;-). I was hoping to clean it up a bit
before
posting (but that may never happen). It's relevent to several recent
posts.
Basically, I've been trying to get the best spam/antivirus protection
I can
with SBS2k3 OOB and Trend Micro CSM SMB - no other third party
products.
If you don't use CSM, then just ignore those parts. I have been
experimenting with this configuration for a while, and am very pleased
with
the present result.
<snip>
I believe I have this under control presently. Possibly at the expense
of a
few legit emails (but very few, if any).
Without any third party apps except Trend CSM - here is what I use.
1. Exchange
a) Internet Message Format
Advanced Tab
Disallow:
Out of Office responses
Automatic replies
Automatic forward
Delivery Reports
non-delivery Reports
Allow:
Preserve sender's display name on message.
b) Message Delivery > properties
Sender Filtering Tab
Filter messages with blank sender
Drop connection if address matches filter
Recipient Filtering Tab
Filter recipients who are not in the directory
c) Default SMTP Server
| General | Advanced | Edit (all unassigned)
Apply Sender Filter (although I have no filters presently)
Apply Recipient Filter
Apply Connection Filter (although I have none of these either,
presently)
Messages Tab
Send copy of NDR reports is blank.
2. Trend Scanmail eManager
a) Antispam
Enabled
Threshold: High
Action: Quarantine
Notifications Button: None
Approved Senders Button: I have had to add a few to the list, but not
many -
mostly list subscriptions.
Blocked Senders Button: None - useless against a reasonably competent
spammer.
b) Content Filter
Anti-spam, hoaxes, chainmail, and Melissa Virus enabled.
The other items will do a *lot* of blocking - too much when your
threshold
is set to high.
c) Update
The automatic updates don't work. No reason, no error. But the Update
button
does. I've been meaning to take this up with Trend, but haven't yet
looked
into it. There are reasonably frequent updates, and they do make a
difference. I update whenever I think of it, generally at least
monthly.
d) Log Files
Log files are daily, set to delete after 30 days. The reporting is
useful
here, especially for initial tuning.
3. Scanmail
a) Options
Attachment Blocking is *not* enabled in Scanmail, but it is in
Exchange. I
think you want to go with one or the other, not both. I may turn off
attachment blocking in Exchange, and instead do it in Scanmail as
there are
more options in scanmail.
Virus actions are set to delete, delete, delete, delete.
b) Active Message Filter
Filter Inbound Messages *see Outlook section for a note.
c) Notification
virus scan - windows event log only
outbreak alert - email me, and event log.
attachment blocking - windows event log.
d) Quarantine Manager
This is where you go to check on the blocked items, including eManager
spam
blocked mail. You spend some time here initially tuning things for
your
environment.
Quarantine Maintenance is set to delete at 7 days. Works well.
4. Outlook
Junk Mail was identifying about 50% of what got through to the mailbox
with
Scanmail Filter Inbound turned OFF, and the old junk mail pattern file
(or
whatever they call it)
A new junk mail pattern file was released (office update) not long
ago, I
installed it a few days ago. This has caught 100 % of what got through
to
the mailbox, no false positives thus far.
With the Scanmail Filter Inbound turned ON, you can even keep your
junk mail
folder almost empty by letting Scanmail handle attachment blocking
instead
of Exchange. Much of the junk mail that does get through has
attachments,
mostly replaced by either Exchange (blocked att. type) or Scanmail
(virus).
With scanmail doing attachment blocking, you can elect to kill these
before
they come to the mail store.
Notes: (these are out of date, and system specific - just examples -
YMMV).
In the past 48 hours, my inbox has been 100% clean of junk. Junk Mail
folder
has about 100 that made it through the Exchange, Emanager, and
Scanmail
filters. (this is with Scanmail Filter Inbound Off)
**** New info - with the Scanmail Filter Inbound *on*, junk mail has
been
reduced to about 10 per 24 hours. I've been checking the blocked
emails in
Scanmail console, and have been pleasantly surprised at the lack of
false
positives.
The exchange server has about 25 mailboxes, there are 3 or 4 heavy
email
users, and about 10 very heavily spammed addresses.
eManager filtered out 392 emails.
Scanmail scanned 1341 emails, 19 had viruses and were deleted.
Presently, I'm happy with the tools I have ;-).
--
Les Connor [SBS MVP]
-------------------------------------
SBS Rocks !
end quote
"Derek D" <Anon@usergroup.com> wrote:
>Help,
>
>I have noticed that there is a lot of mail in numerous queues on our SBS2003
>server. How can I delete all teh ougoing mail without having to go into each
>individual queue, finding the messages then selecting them then deleting.
>
>There are 395 queues (99% of the messages are NDR's)
>
>I have tried looking in Program Files\exchsrvr\maillroot\vsi 1\queues but
>there is nothing there.
>
>Many thanks in advance
>
Jim B. SBS MVP
remove the mvp to send email