Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Brightmail v8 - Add Exchange SCL support for IMF

Created: 14 Dec 2009 • Updated: 15 Dec 2009 | 5 comments
ZagatHelp's picture
3 Agree
1 Disagree
+2 4 Votes
Login to vote
Status: Reviewed

Both the Spam Folder Agent for Exchange and Brightmail Outlook Plugin are both non-supported applications as well as deprecated since around v6.

There should be a way for Brightmail to add SCL values to e-mail being delivered to Exchange so Exchange itself can take action and deliver to the Junk E-Mail folder without 3rd party support, additional rules, or additional Symantec software (e.g. Symantec Mail Security for Microsoft Exchange v6).

Comments 5 CommentsJump to latest comment

Ian McShane's picture

Firstly, Symantec recommend that you delete spam and suspect spam at the gateway rather than bother to deliver it to end users.

Secondly, because the Exchange SCL values can be changed by Exchange admins, even if we added a pre-canned policy for Exchange SCL, there is ALWAYS going to be a step in the SBG UI to configure these values.
So rather than try and second guess the values that customers want to use (I'd bet that the defaults are changed in quite a few cases), it's better to allow them to add a new policy and fully understand how the policy fires and affects the SCL value.

Make sense?

For everyone else's reference, here's one way to use SBG  these instructions are for Exchange 2007 - i don't know if they'll work for 2010.

1. Create a new suspect spam policy, choosing to add a new header:
Header: Is-Suspect-Spam
Value: Yes
2. Create an Exchange Transport Rule
3. Use "When a message header contains specific words", match it to the header and value you set in the policy.
4. Choose the action "set spam confidence level to value"  and set the value above your SCLJunkThreshold level.
5. Disable off the Exchange Content Filter Agent, because you are doing the evaluation at the SBG so you don't need exchange to do it.

Now, anything that SBG deems suspect spam will get a Is-Suspect-Spam header.
When Exchange receives a message with that header, it will take it with a SCL above your junk mail number so that the message is folder in the junk email folder.

Again, spam should be deleted at the gateway and not delivered to end users.

HTH,

//ian

+1
Login to vote
AdnanH's picture

Thanks for the great suggestion, Ian.

This customer (ZagatHelp) is running Exchange 2003 as mentioned in another forum thread (Understanding how the "Deliver to Spam Folder" feature in Brightmail works), and (please correct me if I am wrong), Transport Rules are not possible in Exchange 2003, so this cusotmer will have to upgrade to Exchange 2007 to benefit from the steps provided.

Regards,

Adnan

+1
Login to vote
ZagatHelp's picture

Yeah we have no transport role/rules.  Just trying to keep it simple for those of us still on Exchange 2003. 

Otherwise I would have done exactly what Ian was talking about and set the confidence level that way- he's spot-on right for Exchange 2007.  I'm aiming to upgrade to Exchange 2010 in 2010 but we'll see if I can get budget approval for it or not <sigh>. 

Right now I have to settle for a mixed bag of results for our users due to the lack of processing on Exchange 2003's side.  I've added a header to all spam/suspected spam so our old GFI Rules Wizard can forward those emails to the Junk E-Mail folder.  However, because the message is tagged the way it is, it breaks the purpose of Outlook's "not spam" & "add sender to safe list" functionality because no matter if the sender is on the safe list, that mail is always going to go to Junk E-Mail.  Annoying, but Brightmail is far far better than my experience with GFI.

0
Login to vote
TSE-JDavis's picture

Ian,

Understandable that we suggest customers delete spam. The disaprity is that Mail Security for Exchange offers this option, so it doesn't make much sense that the Brightmail Appliance doesn't. Instead, it offers an option that tags the message for the BMOP which is no longer supported.

+2
Login to vote
AdnanH's picture

I think it is technically not possible to set the SCL on a message outside of the exchange server environment, i.e., a standalone gateway product like SBG which handles mail purely at SMTP protocol level can not set SCL on a message without running some type of code in the exchange server environment, which again brings something like Exchange Foldering agent or the Brightmail Outlook Plugin (BMOP) into picture.  Mail Security for Exchange can do this because it runs directly within the Exchange environment.

0
Login to vote