Exchange Server and dealing with spam.


I may have to resolve a spam problem tomorrow, with an exchange server. My boss may be sending me down to look at it, depending on how things go tomorrow. I do not know much of the details yet, but my question is, How would you guys reccommend dealing with a spam problem on a MS Exchange Server? I haven't had any experience with an exchange server, so I thought I would pick OSNN brains. I may not even go there to do this, but it has intrigued me now, and I would love to know for future reference. I am aware of the softare solutions to this, if this is the only way, what software would you guys reccomend?


hmm just got some more info on the problem. Apparently it is an INTERNAL spam mail which i think is probably from a virus. Which is easy to destroy. But i would still like to know the answers to my original questions if possible. Thanks guys
Most everyone I know has somekind of unix (linux/bsd/solaris) server with postfix or qmail filtering spam and viruses before forwarding the mail onto exchange.

Exchange is just too vulnerable to be plugged directly into the internet, however its awesome software so you just need a unix box screening mail infront of it.

The vulnerability is more to do with how it stores mail on disk than anything else. AV software on widows cant scan the datastore file and even specific "for exchange" apps cant protect every bit of exchange.


Open Relay Filter is a good plugin for dealing with spam on Exchange 2k3.. You can also try Mail Essentials from GFI.

I would agree, however, that you generally don't want to expose Exchange directly to the internet and should put in a seperate SMTP gateway server in between. Postfix would be good.. Brightmail, etc have mail appliances.. If it has to be Exchange - don't use a server that has a mail store - buy a seprate server, pick up ORF or GFI and set it up as a pure SMTP relay to your internal network.

