SmartIMF help

The 30-day trial version is the full and complete version of SmartIMF Manager. There are a few features that are locked to encourage purchasing SmartIMF. After the 30-day trial period has elapsed, SmartIMF will continue to function, providing whitelisting, spam deletion and Status Reports. When you start an un-licensed copy of SmartIMF Manager after the 30-day trial has expired, you will be presented with the opportunity to purchase a license for SmartIMF. The longer you continue to use SmartIMF without purchasing a license, a 'timeout' pause is added when running SmartIMF Manager. The features that are enabled when SmartIMF is purchased are:

• Running a remote copy of SmartIMF from a workstation
• Spam Digests will contain links to all messages, not just the first message
• You can update to the latest version without uninstalling previous version 

SmartIMF has the following system requirements:

• Microsoft® Windows Server 2003/Small Business Server 2003
• Microsoft® Exchange Server 2003 SP2 (with IMF V2 installed)
• Microsoft® IIS Server (only required for User message release/whitelist rule creation) 
• Microsoft® .NET Framework Version 2.0

While the disk space required to install SmartIMF is under 3Mb, you will require sufficient free disk space for the UCEArchive folder to retain your spam messages.  This can vary between systems based on the number users the server supports and the volume of spam they receive. Plan on using 200-300Mb of disk space for a typical installation.

No. SmartIMF Manager was designed to work with Exchange Server 2003 only. The IMF in Exchange 2007 has been replaced by the Content Filter Agent and works in a completely different way. We are looking to Develop a version of SmartIMF Manager for Exchange 2007 in the future.

No. SmartIMF only has access to messages after they have received a SCL rating. Because of the sophisticated techniques used by spammers, maintaining your own blacklist today is almost useless anyway. You can improve your spam filtering capability by implementing Recipient filtering and limiting mail to on Active Directory Users only. You can also configure Exchange to use one of the freely available RBL filtering services such as ordb.org, spamhaus.org, bl.spamcop.net and others which can provide a more comprehensive blacklist.

A single license allows you to install SmartIMF Manager on a single server only with an unlimited number of users. You may not have a license installed onto more than 1 server at a time. You also cannot transfer your license to a 3rd party. You can purchase a SmartIMF multi-site license pack or reseller pack at reduced pricing if required.  Contact N2Nets with your requirements for a quotation. 

Yes! We have introduced many useful features and new capabilities as SmartIMF Manager has evolved. Your SmartIMF license entitles you all future updates and lifetime technical support. You can download the latest version here.

NOTE: Starting with version 1.5, it will only import settings from version 1.4 and higher.  If you have a version older than 1.4, you can still upgrade to the latest version, but you will need to fully un-install your old version and re-create your settings and whitelist entries manually.

Starting with version 1.5, we have included a 'Check for Updates' feature found under the Help|Check for Updates... menu. This will check your installation of SmartIMF and look for updates that apply to your version. It will download the update, stop any services required, close the Manager window and update your files to the latest version. It will re-start the services and Manager for you and provide detailed results of the update actions.

Here are the steps to update your version of SmartIMF Manager manually (or for version prior to 1.5):

1. If you have not done so already, download the latest version of SmartIMF from here.
2. If you are using SmartIMF Manager from a remote workstation, close and uninstall the copy from the remote PC.
3. Run SmartIMF Manager. Use the 'service' button (upper right of main window) to stop the SmartIMF Service. Close SmartIMF Manager.
4. Click the Start|Program Files|Smart IMF Manager and click Uninstall SmartIMF Manager
5. NOTE: You will be asked if you want to delete all settings and files. REMOVE the tick mark to KEEP your settings, otherwise keep the default and all your settings, whitelist rules and digest configuration will be removed.
6. You can now run the updated version of SmartIMF you downloaded in step 1. If you have previously used the default installation location, simply click the next button and finally the finish button to complete.
7. Run SmartIMF Manager. Verify your settings are intact and configure any new features as required. Done!

Here is a list of the required registry keys, permissions, shares and settings required for your SmartIMF Manager to be fully functional.

Registry values at the following Key

HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\ContentFilter

Name: ArchiveDir

Type: String

Value: Path to your UCEarchive folder. Many admins change from the default location to a data partition. (REQUIRED)

Name: ArchiveSCL

Type: DWORD

Value: 1 and the IMF will add the X-SCL score to every message placed in the UCEArchive folder. (REQUIRED)

Folder Permissions

UCEArchive folder

Exchange Pickup folder

SmartIMF requires that the server console user (usually Administrator) has full rights to these folders. If you are allowing users to view/release or submit whitelist rules, the group of users that have access to do this will also need full rights (often this will be Domain Users group). This is assuming you have configured your SmartIMF IIS website to use integrated authentication. If you are using a remote copy of SmartIMF Manager from a workstation, the workstation user also has to have full rights.

SmartIMF Installation folder

SmartIMF requires that the server console user (usually Administrator) has full rights to this folder. If you are using a remote copy of SmartIMF Manager from a workstation, the workstation user also has to have full rights.

Folder Shares (for remote copy usage only)

UCEArchive folder

Exchange Pickup folder

SmartIMF Installation folder

These folders must all be shared with full read/write access if you are using a remote copy of SmartIMF Manager. We suggest creating share names that are under 8 characters in length and that contain no spaces.

SmartIMF Settings
Here are the key settings within SmartIMF Manager (accessed via the menu Tools|Options...) and their function.

1. Folder Paths

Archive Folder Path: Location of the UCEArchive folder. This can be a local path (C:\Program Files\...). If you are using a remote copy of SmartIMF Manager from a workstation, this must be the UNC share path (\\SERVER\SHARE). You can use the Browse button to locate both of these paths. DO NOT use a mapped drive path in place of the UNC path. Folder paths are shared between the Manager, remote Manager and whitelist service. SmartIMF can convert UNC paths to local paths as required, but can't convert mapped drive paths.

Exchange Pickup Folder Path: Location of the Exchange Pickup folder. Same requirements as Archive Folder path.

2. Manager Settings

Fast Mode: Enabled: This tells SmartIMF to change the way the main window displays the list of spam. If enabled, when the number of messages exceed the Fast Mode Threshold the display changes to a simple display that is much faster to load. With the display cache of main window list, this setting should not be needed in most configurations.

Fast Mode Threshold: Used with the Fast Mode display. When then message count in the UCEArchive folder exceeds this value, SmartIMF Manager will switch to a simple display if Fast Mode: Enabled is set to Auto.

Limit AD Users Filter: Enabled: This tells SmartIMF to gather additional information about each message when generating the main window list of spam. When this is enabled, the initial loading will take slightly longer. But it does allow you to use the 'Limit to AD Users' filter, which can significantly reduce the number of messages displayed.

3. Auto Delete Messages

Auto Message Delete: Enabled: This tells SmartIMF to delete spam messages in your UCEArchive folder based on their age in relation to the Auto Message Delete: Retention Age setting.

Auto Message Delete: Retention Age: The number of days to keep the message before it is deleted.

Auto Message Delete: SCL Enabled: This tells SmartIMF to delete spam messages in your UCEArchive folder based on their age in relation to the Auto Message Delete: Retention Age setting AND the Auto Message Delete: SCL Rating setting. Messages with a SCL rating matching the Auto Message Delete: SCL Rating or higher will be deleted.

Auto Message Delete: SCL Rating: The SCL rating threshold used to qualify the message for deletion.

Auto Message Delete: SCL Retention Age: The number of days to keep the message before it is deleted.

Expiry Processing Interval: The number of hours between the time SmartIMF checks and deletes messages. A smaller number means the messages are deleted closer to the time they have expired, but it can also increase the processing load on the server.

4. Whitelist Settings

Whitelist: Accept User Rules: When enabled, SmartIMF will accept and process whitelist rules created by users when viewing spam messages via the Spam Digest email.

Other Whitelist Settings: *NOTE* The other settings should not normally be changed as they can impact the not only the server performance but the accuracy of SmartIMF Manager.

5. Report Settings

Sender Override Address: If left blank, SmartIMF will use the first valid postmaster or administrator email address found in the AD to use as the sender address for all reports and digests. You can enter your own single address in the format user@domain.com and it will be used.

Spam Digest: Create at Startup: Normally not enabled except for setup and/or testing. When enabled, SmartIMF will create all the of configured spam digests when the service is started in addition to the normal creation time of 0201.

Spam Digest: Link Override Host: Do not use this setting unless directed by N2Nets. Using this setting without verifying other non-SmartIMF security settings can result in an unsecure system. 

Status Report: Enabled: When enabled, SmartIMF will generate a daily report and send it to the address(s) defined in Status Report: Recipients. The status report contains information about your SmartIMF configuration, the number of messages scanned, deleted and released.

Status Report: Recipients: Email addresses of users who will receive a copy of the daily status report. Enter multiple addresses separated by a comma. Example: user1@domain.com, user2@domain.com.

6. Service Settings

Event Log Enabled: Service Events: When enabled, SmartIMF will write an application event log entry at the completion of all processing tasks. Normally not needed except for testing.

Event Log Enabled: Whitelist Processing Events: When enabled, SmartIMF will write an application event log entry when the whitelist process is checking messages. Normally not needed except for testing.

Spam Digest Settings

Users List

Name: Optional. This can be any text required. Normally used to identify a user by name.

Email: Required. This is the email address used to match spam messages to. Enter a single email address only in the format user@domain.com.

Digest Email Recipient: Optional. Enter a single email address only in the format user@domain.com and the Spam Digest will be delivered to this address, not the Email address used for spam matching.

Enabled: Required. When enabled, SmartIMF will use this entry to generate a Spam Digest. When not enabled, the entry is not processed. Used if you want to temporarily suspend sending Spam Digests to the user.

Options

Send copy to: With this setting you can have SmartIMF send a combined copy of all the digests to a single address (or multiple addresses). Enter the copy recipient addresses in the format user1@domain.com, user2@domain.com.

Send combined Digest to 'copy' recipient(s) ONLY: When enabled, the combined Spam Digest will be sent to the copy recipients only and not the digest users.

Show Email Subject in Digests: When enabled, the listing of spam messages in the Spam Digest will include the subject line of each message.

Show Release Link in Digest: When enabled, the listing of spam messages will include a hyperlink to view/release the message and/or create a whitelist rule based on the message sender.

Limit to SCL: You can choose to limit the contents of the Spam Digest to spam with a specific SCL rating and lower. You can use this to reduce the size of the Spam Digest as required. Setting 'None' includes all messages.

Filter Email where Sender/Receiver are Same: When enabled, if a spam message has the same sender and receiver email addresses (a common spam tactic) then the message is not included in the Spam Digest. You can use this setting to further reduce the size of the of the Spam Digest email.

SmartIMF can automatically delete spam from your archive folder based on 2 different sets of criteria. These 2 methods allow you to tailor message deletion to limit the quantity of messages in the archive folder. The Auto Message Delete function will delete messages based on their age only. If you have your Retention Age set to 7, all messages that arrived more than 7 days ago will be deleted. In addition, you can also include a Auto Message Delete by SCL function. This allows you to specify a maximum SCL Rating and Retention Age so that any message older than the retention age and that have a SCL rating higher than the SCL maximum will be deleted.

What is the effect of using these two filters in tandem? This means that on any given day, you are only retaining messages that have a SCL rating less than the specified SCL rating for a longer time than spam with a higher rating. As messages with a SCL rating of 8 and 9 are very likely to be spam, you can safely delete these sooner than messages rated with a SCL of 7 and below, for example.

The Spam Digest allows you to configure a daily digest email, listing all the spam received for each selected user over the previous 24 hours. This email is composed and sent at 0201 every day. The Users list in Spam Digest configuration windows (click Tools|Spam Digest menu to access) allows you to specify which users email address(s) you want to receive a daily digest. You can also supply an alternative recipient to receive the digest (if you wanted one person to receive all the digest for a department or group). You can also enable/disable sending a digest if desired. To populate the user list, you can either type in the email addresses manually or copy them from the Active Directory.

There are several options available to configure the Spam Digest. You can use the Send copy to field to specify a that a single combined copy of all the digests are sent to one or more users. You can also elect to send just the combined copy only to these addresses and the user will not receive a digest. For each email listed in the digests, you can elect to show or hide the subject of the email. If you have configured the SmartIMF IIS web page, you can show or hide the view/release link for each message as required. To help keep the Spam Digest emails to a reasonable size, you can use the Limit to SCL setting to restrict the emails listed to only those with the specified SCL rating and below. And finally, you can elect to not include any email in the digest where the sender and recipient (From: and To:) addresses are the same.

By default when launched, SmartIMF Manager is designed to show ALL messages contained in the UCEArchive folder, sorted by date received (latest messages at the top). You can then use various features to help you find a specific message or messages. You can:

• Sort You can sort the list by clicking on the each of the column headers. Click on the header again to reverse the sort direction.
• Search You can search for a sender, recipient or subject text by entering your search criteria in the toolbar search box. This will highlight all the messages matching your search criteria.
• Filter You can filter the main window list to reduce the quantity of messages displayed or isolate particular messages. To enable a filter, use the menu item View|Filter... to select your filter criteria. You can choose to display messages only addressed to Active Directory addresses only or a specific email address. You can also enter part or all of a sender address or specify all or part of a email subject. When you are filtering messages, the message count display (at the bottom-right of the window) will show the total number of messages in the spam archive and the number messages actually displayed. To clear, choose the menu item View|Show All. A handy feature you can use is the View|Apply Last Filter menu item which will re-load the last filter you used, even between SmartIMF Manager sessions. So, for example, if you frequently use 'Filter on TO: (All Active Directory Addresses Only), you can easily apply this filter at any time.
• View You can view the raw message in the bottom of the window or you can double-click the message in the list and the message will open in Outlook Express or Windows Mail.

SmartIMF also makes it easy for you to quickly create a whitelist rule based on a specific message. If you select a message and right-click on the message and choose Add to Whitelist..., you can choose one or more fields (From, To, Subject, etc) to be used as a whitelist rule. You can edit the text from the field as required and can choose to save and open the rule in the Whitelist Rules Editor.

The Exchange IMF requires the following registry setting to enable adding the X-SCL rating to each message. As the IMF adds the SCL rating when the message is placed in the UCEArchive folder, existing messages will not be tagged with a rating and will only affect messages arriving after the registry key is set (and the SMTP service is restarted). To enable, add or edit the following key:

Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\ContentFilter
Value: ArchiveSCL
Type: DWORD

Set this value to 1 to enable and perform a SMTP service restart. See the 'Configuration Checklist' for more required settings to properly configure the Exchange IMF and SmartIMF.

The NTFS file system has a physical limit of 4,294,967,295 files per directory, but it is very unlikely you will hit this limit before you run out of disk space. A better answer would be... as few as possible. SmartIMF Manager was designed and has been tested to operate with reasonable performance with 30,000 to 50,000 messages in the UCEArchive folder. We have users with 100K+ messages that report no issues.

The number of messages you have in your spam folder at any one time is a function of: the number of users, the volume of spam they receive and the length of time you need to retain the spam. As a general observation, SmartIMF performance will start to degrade with about 10-15K messages in the spam folder. The main SmartIMF Manger window will take slightly longer to open and populate the spam list. To keep this as fast as possible, SmartIMF will cache the main window list to improve interface speed (this is why on first run, it takes longer to cache the list). Other background service tasks that scan each message will also take longer (but will not be noticeable).

This can sometimes happen with unusually formatted email. The SmartIMF message viewer is attempting to display a 'web page within a web page'. It strips the email message html formatting so it does not 'take over' the message viewer's format. As there are numerous possible variations in different formatting methods (in-line formatting, for example) this results in an unusual or blank html message display.  You may be able to read the message in the plain text viewing box. In all cases of this, however, it has usually been with actual spam and not legitimate emails, as a common tactic of spammers is to craft an email format designed specifically to defeat your spam filter.

This is a known 'feature' (bug) in the OWA asp page 'redir.asp'. When you display an email in OWA, it has been designed to re-write the URL of hyperlinks contained within an email under the following conditions:

You open OWA via an intranet URL (http://SERVERNAME/Exchange):

Any hyperlinks within the displayed email pointing to the same server with be re-written so they will not work in OWA (but work OK in Outlook or other email clients)

You open OWA via a FQDN address (https://mail.domain.com/Exchange):

Any hyperlinks within the displayed email pointing to the intranet URL with not be re-written and will work OK in OWA.

This means that if you use OWA within your network, you will need to use the FQDN address to access OWA or the Spam Digest view message links will not work correctly.

This is possible with SmartIMF Manager. However, it is imperative you understand the security configuration of your server/network and the implications of making changes to your current system. Exposing the SmartIMF IIS website outside your network improperly to the internet can increase your security risk and render your systems vulnerable to attack. Specifically, you will be giving hackers the opportunity to exploit any inherent weaknesses in your system, such as users having weak passwords or other poor practices. At the very least, exposing the spam email of users would allow hackers to gather a list of email addresses and names of your users. As there are many different IIS configurations possible, we can only suggest a possible configuration that may or may not be best for your system.

General guidance

The SmartIMF IIS site needs to be accessible from outside your LAN. We suggest you only allow secure (https:) access and block port 80 (http:) access at your firewall. (We do this for all including OWA and RWW sites) We suggest using 'Integrated Authentication' only and disabling 'Anonymous Access' and 'Basic Authentication'. This will mean you must supply valid credentials to view the pages. NOTE: If your user has a weak password (password, qwerty, 123, etc) YOU ARE VULNERABLE. You have the option of configuring access to the SmartIMF site by limiting access to specific IP addresses. By default, IIS should restrict access to only local LAN addresses. You will need to grant access to specific external IP addresses or the entire internet (depending on your remote user requirements). The most secure configuration would allow only specific IP addresses of your remote users. Often this is not possible as the remote user may be using a laptop from many locations or the remote user's internet access does not provide a fixed or static IP address. NOTE: If you grant access to the entire internet, YOU ARE INCREASING YOUR VULNERABILITY.

SmartIMF configuration

You will need to change how SmartIMF creates the view message links in the Spam Digest so that the paths are correct for remote users. You can do this under Tools|Options and the setting Spam Digest: Link Override Host. You will need to enter the FQDN address of your IIS server (Example: https://mail.domain.com). This would normally be the same address used to access Outlook Web Access from outside your LAN. Remote users should now be able to access the SmartIMF pages by supplying credentials to access the page.

Again, please ensure you have the required expertise and fully understand what making these changes will do to your current security posture. If in doubt, seek additional security expertise in making these changes. Caveat Emptor.
 

You need to enable this feature in Tools|Options... 'Limit to AD Users: Enabled'. It is disabled by default as it does introduce a longer delay for configurations with a large volume of message in the spam archive folder.  This delay is only when the list is first cached.

You need to ensure that users have full read/write/delete permission rights to the Exchange UCEArchive and PickUp folders. The easiest way to do this is to add the security group 'Domain Users' to each folder and grant them the required access rights. Please review the entry above SmartIMF Manager Configuration checklist for a complete list of settings.

A common error that is sometimes made is trying to use a wildcard character (often * or ?) as part of a rule criteria. Wildcards are not required. Only include text than MUST be matched to pass the rule. For example, with a Search Value of @domain.com, this will match both user1@domain.com and user2@domain.com.

As a general concept, try to include only the minimum text required to clearly identify the unique text you are trying to match. Consider the following example: An email from a supplier is sent with a From: address of

John Smith <j.smith@supplier.com>

You add a whitelist rule with a Search Value of the exact same text as above: John Smith <j.smith@supplier.com>. John then changes his email client, and email from John now has a From: address of

John A. Smith <j.smith@supplier.com>

Your whitelist rule will fail to match any email from John. A better Search Value would be: j.smith@supplier.com. This would have matched both. You could also have simply used @supplier.com and it would match any sender from your Supplier.

This will happen if you have:

• Manually edited the global.asa file with invalid paths to your UCEArchive and Pickup folders in the IIS SmartIMF website folder
• Moved the location of either of these folders and did not update the global.asa file found in your IIS SmartIMF website folder

You can correct this by copying an updated version of your global.asa file from the SmartIMF install folder (after you update the paths in SmartIMF Manager) to your IIS SmartIMF website folder.

If you have purchased SmartIMF Manager, you can install a second copy of the Manager application on your PC. You will need to perform the following steps:

• Ensure your PC has .Net Framework 2.0 installed
• Share the UCEArchive, Pickup and SmartIMF install folders on the server. You will need full read/write rights from your PC to these folders. Create share names that do not include spaces.
• At the server, run SmartIMF Manager and under Tools|Options, change the paths for the UCEArchive and Pickup folders from local paths to UNC paths to the shares created in the previous step. Enter only a UNC path, NOT a mapped drive path. (Example: \\SERVER\SpamArchive)
• From your PC, browse into the servers SmartIMF share and run the program named SmartIMFRemoteSetup.exe. This will install the remote manager onto your PC.

Email us with your request! Many of the features in SmartIMF Manager were added to meet specific customer requirements. Submit your idea to us, chances are it might be helpful for other users! At N2Nets, we are always looking for ways to improve SmartIMF Manager.