Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

An unexpectedly large number number of spam messages are delivered when you use Microsoft Antigen together with a mail server that is published by ISA Server 2004

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 922217 - Last Review: April 1, 2010 - Revision: 2.0

An unexpectedly large number of spam messages are delivered when you use Microsoft Antigen together with a mail server that is published by ISA Server 2004

View products that this article applies to.

SYMPTOMS

When you run one of the following products, you may notice that an unexpectedly low number of unsolicited commercial e-mail (UCE) messages are detected.

Note UCE is also known as spam.
  • Microsoft Antigen 9.0 for Exchange
  • Microsoft Antigen 9.0 for SMTP Gateways
  • Sybari Antigen 8.0 for Microsoft Exchange
  • Sybari Advanced Spam Defense
When this behavior occurs, an unexpectedly large number of spam messages are delivered to the recipients' mailboxes.

You experience this problem if you use one of the following products to publish your e-mail server:
  • Microsoft Internet Security and Acceleration (ISA) Server 2004
  • Microsoft Internet Security and Acceleration (ISA) Server 2006
  • Microsoft Forefront Threat Management Gateway 2010 (TMG 2010)
Back to the top

CAUSE

This problem occurs if the following option is set for the mail server publishing rule in ISA Server:
Requests appear to come from the ISA Server Computer
If this option is selected for the rule, all traffic seems to have originated from a trusted IP address when the Simple Mail Transfer Protocol (SMTP) server that has Antigen installed receives traffic. This trusted IP address is the ISA Server. Therefore, the SMTP server cannot differentiate between an internal and external source of traffic.

The Microsoft products that are mentioned in the "Symptoms" section use header information to help detect spam. Therefore, these products may miss some spam messages if the messages appear to come from the computer that is running ISA Server.
Back to the top

RESOLUTION

To resolve this problem, configure the mail publishing rule so that e-mail messages appear to come from the original client. To do this, follow these steps:
  1. Start the ISA Server Management tool.
  2. Expand ISA Server_computer_name, and then click Firewall Policy.
  3. Right-click the mail server publishing rule, and then click Properties.
  4. Click the To tab.
  5. Click Requests appear to come from the original client, and then click OK.
  6. Click Apply to update the firewall policy, and then click OK when the firewall policy has been successfully updated.
Note If you choose the Requests appear to come from the original client option for the publishing rule on ISA Server, the published SMTP server must be one of the following or else the traffic is dropped as spoofed traffic:
  • A SecureNAT client of ISA Server
  • An SMTP server that has its default route to the Internet backbone only through ISA Server
Back to the top

MORE INFORMATION

For more information about how to configure Microsoft Antigen 9.0 for Exchange, see the Microsoft Antigen for Exchange User Guide. To do this, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/bb914083.aspx (http://technet.microsoft.com/en-us/library/bb914083.aspx)
For more information about how to configure Microsoft Antigen 9.0 for SMTP Gateways, see the Microsoft Antigen For SMTP Users Guide. To do this, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/bb914044.aspx (http://technet.microsoft.com/en-us/library/bb914044.aspx)
For more information about how to configure ISA Server 2004 to publish a mail server, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/cc713317.aspx (http://technet.microsoft.com/en-us/library/cc713317.aspx)
Back to the top
APPLIES TO
  • Microsoft Antigen 9.0 for Exchange
  • Microsoft Antigen for SMTP Gateways
  • Sybari Antigen 8.0 for Microsoft Exchange
  • Sybari Advanced Spam Defense 4.1
  • Sybari Advanced Spam Defense 4.0
  • Sybari Advanced Spam Defense 3.5
Back to the top
Keywords: 
kbspam kbfirewall kbtshoot kbprb KB922217
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting