Stop Spamming Yourself!, Part 2

Monday, April 20, 2009
Frequently, you may receive spam from the Internet that appear to come from your own domain name. This is a common tactic used by spammers to bypass spam filters.

In an earlier article, I showed how to configure Exchange 2007 to reject all SMTP emails from the Internet that supposedly come from your own domain name. We did this by adding your domain name to the Sender Filtering / Blocked Senders configuration on the Edge server.

While this works perfectly, it goes against a Microsoft best practice and doesn't provide for any exceptions. This article will show how to accomplish the same thing using an Edge Transport Rule, as well as how to configure an exception. Let's get started.
  • Logon to the Edge Transport server, open the Exchange Management Console, and navigate to Microsoft Exchange > Edge Transport > Transport Rules tab.
  • Click New Transport Rule in the Actions pane to open the New Transport Rule wizard.
  • Enter a name for the rule and any comments, as shown below, and click Next.

  • For the Conditions in Step 1, click "when the From address contains text patterns" and "from users inside or outside the organization"
  • In Step 2, click the words "text pattern" and add your domain name (i.e., extpa.com). Click the work "Inside" and change it to "Outside". Click Next

  • Now we will set the Action to take upon these messages. In Step 1, click "set the spam confidence level to value" and "reject the message with status code and response"
  • In Step 2, set the SCL to "-1". We do this so that the exceptions configured on the next page will not go to the users' Junk E-mail folders in Outlook. Click Next.

  • For the Exceptions in Step 1, click "except when the text specified words appear in a message header"
  • In Step 2, click "specific words" and add the domain of the sending server (i.e., opentable.com). OpenTable.com is an online restaurant reservation system that emails invitations to people when a reservation is made. It spoofs the emailed invitation to looks like it came from the sender. Because of this, it would normally be rejected if it weren't for this exception.
  • Click "message header" and enter "Receive". Click Next.

  • Click New and Finish to create the new Transport Rule.

The rule will now reject all emails from the Internet that claim to be from your domain name, unless the SMTP Receive header contains the text "opentable.com". It will also set the SCL so that the exception will not be classified as spam by Outlook.

The rule above can also be configured using the Exchange Management Shell using the following command:

new-TransportRule -Name 'Reject inbound emails from expta.com' -Comments 'Exception: Opentable.com' -Conditions
'Microsoft.Exchange.MessagingPolicies.Rules.Tasks.FromAddressMatchesPredicate','Microsoft.Exchange.MessagingPolicies.Rules.Tasks.FromScopePredicate'
-Actions
'Microsoft.Exchange.MessagingPolicies.Rules.Tasks.SetSclAction','Microsoft.Exchange.MessagingPolicies.Rules.Tasks.SmtpRejectMessageAction'
-Exceptions
'Microsoft.Exchange.MessagingPolicies.Rules.Tasks.HeaderContainsPredicate'
-Enabled $true -Priority '0'

The code above is meant to entered as one single line.