Prev: ATTN: Andy David {MVP}
Next: Move 2003->2007 Failure
From: irishronan on 3 Aug 2007 09:29 We have exchange 2007 behind a solaris MX server running a/v and spamassassin. I am wishing to write the(normalised ie 43 = 4) header X- MS-Exchange-Organisation-SCL equal to the spamassassin score. Im aware of the 0..9 range. However currently All messages coming from external sources have some X-MS-Exchange-Organisation- headers in them but the SCL one which i add is removed! This leads me to believe that the header firewall is not removing it as it would then have to remove all -Organisation- type headers. Could I add the MX machines as trusted partners or something similar that would allow the setting of this header to be maintained. The reason for this is obviously for server filtering into JunkMail folder. I have a webinterface which write the JunkThreshold attribute for a users account into the AD using LDAP so that they can control their settings. Please advise
From: Bharat Suneja [MVP] on 3 Aug 2007 09:45 Header Firewall: Why spammers can't insert fake SCL (and other Exchange Organization) X headers http://exchangepedia.com/blog/2007/07/header-firewall-why-spammers-cant.html You'll need to assign MS-Exch-Accept-Headers-Organization permission to anonymous senders (assuming your gateway boxes are not authenticating). It's a good idea to do this on scoped Connectors only. -- Bharat Suneja MVP - Exchange www.zenprise.com NEW blog location: exchangepedia.com/blog ---------------------------------------------- "irishronan" <ronan.mcglue(a)gmail.com> wrote in message news:1186147787.641893.283910(a)22g2000hsm.googlegroups.com... > We have exchange 2007 behind a solaris MX server running a/v and > spamassassin. I am wishing to write the(normalised ie 43 = 4) header X- > MS-Exchange-Organisation-SCL equal to the spamassassin score. Im aware > of the 0..9 range. However currently All messages coming from external > sources have some X-MS-Exchange-Organisation- headers in them but the > SCL one which i add is removed! > > This leads me to believe that the header firewall is not removing it > as it would then have to remove all -Organisation- type headers. > > Could I add the MX machines as trusted partners or something similar > that would allow the setting of this header to be maintained. > > The reason for this is obviously for server filtering into JunkMail > folder. I have a webinterface which write the JunkThreshold attribute > for a users account into the AD using LDAP so that they can control > their settings. > > Please advise >
From: irishronan on 3 Aug 2007 11:23 On Aug 3, 2:45 pm, "Bharat Suneja [MVP]" <bha...(a)nospam.org> wrote: > Header Firewall: Why spammers can't insert fake SCL (and other Exchange > Organization) X headershttp://exchangepedia.com/blog/2007/07/header-firewall-why-spammers-ca... > > You'll need to assign MS-Exch-Accept-Headers-Organization permission to > anonymous senders (assuming your gateway boxes are not authenticating). It's > a good idea to do this on scoped Connectors only. > > -- > Bharat Suneja > MVP - Exchangewww.zenprise.com > NEW blog location: > exchangepedia.com/blog > ---------------------------------------------- > > "irishronan" <ronan.mcg...(a)gmail.com> wrote in message > > news:1186147787.641893.283910(a)22g2000hsm.googlegroups.com... > > > We have exchange 2007 behind a solaris MX server running a/v and > > spamassassin. I am wishing to write the(normalised ie 43 = 4) header X- > > MS-Exchange-Organisation-SCL equal to the spamassassin score. Im aware > > of the 0..9 range. However currently All messages coming from external > > sources have some X-MS-Exchange-Organisation- headers in them but the > > SCL one which i add is removed! > > > This leads me to believe that the header firewall is not removing it > > as it would then have to remove all -Organisation- type headers. > > > Could I add the MX machines as trusted partners or something similar > > that would allow the setting of this header to be maintained. > > > The reason for this is obviously for server filtering into JunkMail > > folder. I have a webinterface which write the JunkThreshold attribute > > for a users account into the AD using LDAP so that they can control > > their settings. > > > Please advise Bharet, That document was one of many that I read. So, to clarify I add a new receive connector and limit it on IP to the 3 MX machines that all mail for my organisation goes through. Then on the connector allow anonymous submission privilidges from those 3 IPs. Will this then allow all mail through that connector to write the organisation- SCL header!? thanks Ronan
From: Bharat Suneja [MVP] on 3 Aug 2007 11:43 And allow the MS-Exch-Accept-Headers-Organization permission on that Receive Connector to anonymous senders. This will *not remove* any Org headers inserted by the gateway boxes. -- Bharat Suneja MVP - Exchange www.zenprise.com NEW blog location: exchangepedia.com/blog ---------------------------------------------- "irishronan" <ronan.mcglue(a)gmail.com> wrote in message news:1186154637.783932.239530(a)l70g2000hse.googlegroups.com... > On Aug 3, 2:45 pm, "Bharat Suneja [MVP]" <bha...(a)nospam.org> wrote: >> Header Firewall: Why spammers can't insert fake SCL (and other Exchange >> Organization) X >> headershttp://exchangepedia.com/blog/2007/07/header-firewall-why-spammers-ca... >> >> You'll need to assign MS-Exch-Accept-Headers-Organization permission to >> anonymous senders (assuming your gateway boxes are not authenticating). >> It's >> a good idea to do this on scoped Connectors only. >> >> -- >> Bharat Suneja >> MVP - Exchangewww.zenprise.com >> NEW blog location: >> exchangepedia.com/blog >> ---------------------------------------------- >> >> "irishronan" <ronan.mcg...(a)gmail.com> wrote in message >> >> news:1186147787.641893.283910(a)22g2000hsm.googlegroups.com... >> >> > We have exchange 2007 behind a solaris MX server running a/v and >> > spamassassin. I am wishing to write the(normalised ie 43 = 4) header X- >> > MS-Exchange-Organisation-SCL equal to the spamassassin score. Im aware >> > of the 0..9 range. However currently All messages coming from external >> > sources have some X-MS-Exchange-Organisation- headers in them but the >> > SCL one which i add is removed! >> >> > This leads me to believe that the header firewall is not removing it >> > as it would then have to remove all -Organisation- type headers. >> >> > Could I add the MX machines as trusted partners or something similar >> > that would allow the setting of this header to be maintained. >> >> > The reason for this is obviously for server filtering into JunkMail >> > folder. I have a webinterface which write the JunkThreshold attribute >> > for a users account into the AD using LDAP so that they can control >> > their settings. >> >> > Please advise > > Bharet, That document was one of many that I read. So, to clarify > I add a new receive connector and limit it on IP to the 3 MX machines > that all mail for my organisation goes through. Then on the connector > allow anonymous submission privilidges from those 3 IPs. Will this > then allow all mail through that connector to write the organisation- > SCL header!? > > thanks > Ronan >
From: irishronan on 3 Aug 2007 13:07
On Aug 3, 4:43 pm, "Bharat Suneja [MVP]" <bha...(a)nospam.org> wrote: > And allow the MS-Exch-Accept-Headers-Organization permission on that Receive > Connector to anonymous senders. This will *not remove* any Org headers > inserted by the gateway boxes. > > -- > Bharat Suneja > MVP - Exchangewww.zenprise.com > NEW blog location: > exchangepedia.com/blog > ---------------------------------------------- > > "irishronan" <ronan.mcg...(a)gmail.com> wrote in message > > news:1186154637.783932.239530(a)l70g2000hse.googlegroups.com... > > > On Aug 3, 2:45 pm, "Bharat Suneja [MVP]" <bha...(a)nospam.org> wrote: > >> Header Firewall: Why spammers can't insert fake SCL (and other Exchange > >> Organization) X > >> headershttp://exchangepedia.com/blog/2007/07/header-firewall-why-spammers-ca... > > >> You'll need to assign MS-Exch-Accept-Headers-Organization permission to > >> anonymous senders (assuming your gateway boxes are not authenticating). > >> It's > >> a good idea to do this on scoped Connectors only. > > >> -- > >> Bharat Suneja > >> MVP - Exchangewww.zenprise.com > >> NEW blog location: > >> exchangepedia.com/blog > >> ---------------------------------------------- > > >> "irishronan" <ronan.mcg...(a)gmail.com> wrote in message > > >>news:1186147787.641893.283910(a)22g2000hsm.googlegroups.com... > > >> > We have exchange 2007 behind a solaris MX server running a/v and > >> > spamassassin. I am wishing to write the(normalised ie 43 = 4) header X- > >> > MS-Exchange-Organisation-SCL equal to the spamassassin score. Im aware > >> > of the 0..9 range. However currently All messages coming from external > >> > sources have some X-MS-Exchange-Organisation- headers in them but the > >> > SCL one which i add is removed! > > >> > This leads me to believe that the header firewall is not removing it > >> > as it would then have to remove all -Organisation- type headers. > > >> > Could I add the MX machines as trusted partners or something similar > >> > that would allow the setting of this header to be maintained. > > >> > The reason for this is obviously for server filtering into JunkMail > >> > folder. I have a webinterface which write the JunkThreshold attribute > >> > for a users account into the AD using LDAP so that they can control > >> > their settings. > > >> > Please advise > > > Bharet, That document was one of many that I read. So, to clarify > > I add a new receive connector and limit it on IP to the 3 MX machines > > that all mail for my organisation goes through. Then on the connector > > allow anonymous submission privilidges from those 3 IPs. Will this > > then allow all mail through that connector to write the organisation- > > SCL header!? > > > thanks > > Ronan I have done what you suggested, however there is no header organisation-SCL header in the messages I recieve however there are X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-Exchange-Organization-AuthSource: punt.fqdn X-MS-Has-Attach: X-MS-Exchange-Organization-SenderIdResult: Neutral X-MS-Exchange-Organization-PRD: google.com is there an order in which headers must be added for exchange to accept them. ie im only adding the header X-MS-Exchange-Organization-SCL: <0..9> at the gateway. All mail for other domains that are stored on linux/imap servers come through with the X-MS-Exchange-Organization-SCL: <0..9> set. any advice?! R |