Exchange Server

Bug in the Intelligent Message Filter (IMF) interface

Microsoft Exchange Intelligent Message Filter is a product developed by Microsoft to help companies reduce the amount of unsolicited commercial e-mail (UCE), or spam, received by users. You can read more about IMF on the Block Spam with Exchange 2003 Intelligent Message Filter page.

When looking at the IMF interface in the Exchange System Management snap-in (ESM) you can notice it specifically says that:

“Block messages with an SCL rating greater than or equal to:”

and on the Store Junk E-mail Configuration section, it clearly says:

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

“Move messages with an SCL rating greater than or equal to:”

SCL is a “rating system” that on a scale from -1 (only used for authenticated users) to 10, will tell Outlook or OWA whether or not the e-mail should be moved to the Junk E-mail folder (depending on the user’s settings). Note that not all messages might be transferred to the store (i.e. the user’s mailbox) depending on the settings on the IMF tab. Read more about how to Configure Intelligent Message Filter in Exchange 2003 SP2.

So, the SCL rating is in fact a threshold level, and by looking at the text, this threshold level is either any number GREATER than the level, or the number specified on the level itself.

However that is not true. A quick follow-up of my Display SCL Level in Outlook 2003 and Display SCL Level in OWA 2003 SP2 articles and by monitoring the SCL level in your inbox, you will be surprised to find that Exchange’s IMF does not perform the promised action (delete, archive and so on) on any message that has an SCL level EQUAL to the SCL level selected in the IMF interface, but ONLY on messages that have an SCL level GREATER than the one specified in the interface.

For example, if you specify a level of 8 for the blocking threshold, expecting it will block messages with an SCL rating of 8 AND 9, you will only find out that messages with the SCL rating of 8 are not blocked.

And if you specify a level of 6 for the moving threshold, expecting it will move messages with an SCL rating of 6 AND 7, you will only find out that messages with the SCL rating of 6 are not moved to the user’s Junk E-Mail folder.

Therefore, if you need messages with the SCL level of 8 to be blocked, and messaged with the SCL level of 6 to be moved to the user’s Junk E-Mail folder, you will need to configure the threshold levels with 7 and 5 respectively:

 

BTW, this error (or bug, call it anything you like, Microsoft might even call it a “feature” LOL) is in fact documented in MS KB 867633, but unless you dig into the article you won’t know. Also, apparently, Exchange Server 2003 SP2 did not fix this either. Maybe SP3 will…

Further Reading

You might also want to read the following related articles:

Links

Exchange Intelligent Message Filter

Intelligent Message Filter release notes –  867633

Microsoft Exchange Intelligent Message Filter Deployment Guide (2.2mb)

Exchangepedia Blog: IMF Confusion – Store threshold rating text in UI

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: