How to: Stop Spam Attacks on your Exchange Environment

Home/Exchange Server/How to: Stop Spam Attacks on your Exchange Environment

How to: Stop Spam Attacks on your Exchange Environment

There will be times Spam gets through your SMTP Gateway and you have to react quickly. In which case, you can use the following information to help you regain control of your environment.

For Exchange 2010 – Anti-Spam and Anti-Virus filters are applied in this following order

  • Connection Filtering
  • Sender Filtering
  • Recipient Filtering
  • Sender ID
  • Content Filtering
  • Sender Reputation
  • Attachment Filtering
  • Microsoft Forefront Protection 2010 for Exchange Server
  • Protocol Analysis agent for sender reputation
  • Outlook junk e-mail filtering

1. If possible – stop the messages from coming into your organization at the SMTP Gateway Relay level – Postini, Symantec, Barracdua

2. Block Spam via Sender Filter – Block messages from the specific e-mail address winner@lotto.com
Set-SenderFilterConfig -BlockedSenders winner@lotto.com

The following example configures the Sender Filter agent to block messages from the specific domain lotto.com:
Set-SenderFilterConfig -BlockedDomains lotto.com

The following example configures the Sender Filter agent to block messages from the specific domain lotto.com and all its subdomains:
Set-SenderFilterConfig -BlockedDomainsAndSubdomains lotto.com

3. Some people choose to Block Spam via Transport Rule or Sender Filter and Transport Rule
New-TransportRule -Name ‘Prevent Spam Attack’ -Comments ‘{enter comment}’ -Priority ‘0’ -Enabled $true -SubjectContainsWords ‘{you won a million dollars}’ -FromAddressContainsWords ‘winner@lotto.com’ -DeleteMessage $true

4. Now that you’ve blocked it from coming in – you have to delete the existing messages

Get a report of the infected mailboxes so you verify you’re not deleting valuable email
Get-Mailbox | Search-Mailbox -SearchQuery From:”You won a million dollars” -LogOnly -LogLevel full -TargetMailbox {admin mailbox} -TargetFolder SPAMREVIEW

5. Review the log of messages to verify you’re not deleting valid messages

6. Delete the invalid messages from user mailboxes
Get-Mailbox | Search-Mailbox -SearchQuery From:”You won a million dollars” -DeleteContent

All mail deleted by this process will remain in the ‘purges’ folder of the {admin mailbox}. But your users mailboxes will be Spam Free

 

 

 

Please feel free to share.
By | 2013-08-02T12:58:56+00:00 August 2nd, 2013|Exchange Server|1 Comment

About the Author:

One Comment

  1. Declan August 2, 2013 at 3:33 pm - Reply

    Dame, tell me how to get the best out of Exchange 2013 Anti Spam, please !!

Leave A Comment