Antivirus
Suggestions for best practise:
- Filter out mail to non-existant users (be sure to make use of the tar pitting feature in SP1 for Windows Server to avoid directory harvest attacks)
- Configure Exchange to use an RBL (see below)
- Disable authenticated relaying (see this article on securing an SMTP relay server for details)
Blacklists
- How to configure Exchange 2003 to use an RBL like Spamhaus Zen (also see this article for some advice on RBLs and IMF, and Understanding how RBL's work for some info on the different lists and what they each do)
Sender Policy Framework (SPF)
- Wizard for creating SPF records
- SPF Checker - online tool to check that your SPF record is working
Intelligent Message Filter (IMF):
Hosted Anti-Spam:
- Symantec Hosted Mail Security (the best one I've tried)
- Microsoft Exchange Hosted Filtering
- Trend also has Hosted ERS, but it is lacking both in support and features
Cleaning up after a spam attack
- Use dnsstuff.com to check whether you are on any blacklists, this site also provides links to requests a delisting
- NDR and Open Relay spam cleanup
- Enabling and using message tracking
- Securing an SMTP relay server
If you need to clear the message queue of all outgoing messages (sometimes the only option if you have hundreds of thousands of NDR messages generated by spam sitting in your queue, use the aqadmcli tool from Microsoft:
aqadmcli
setserver sbs
delmsg flags=all
exit
