This is great stuff.... however i have one question:

Why isnt it possible to run spamassassin in unix, and make exchange act on the spam headers only?

This would really be the best solution (more scalable on in all).

Now i dont know anything about xchange, but i shure would like to know why cant one make it do something based on what an email has on its headers.

Posted by: Alex Borges at June 25, 2004 12:33 AM

Assuming you mean what I think you do, there are certainly solutions that do what you are referring to.

In that sense, you want obviously would want a separate box - doesn't even have to be anything incredible (although I would guess that a 486 is too little - but a PII would do I'd say) and it is the gateway between the incoming connection and the Exchange box.

So the *nix (I would go with Linux just due to the ease of install of the OS and of SA on it, but FreeBSD might be even better in this case due to what some argue is a better networking stack and better security - especially straight out of the box) would sit on the line, scan the mail and mark it, and then pass it off to Exchange.

Then in that case, you could just ignore the Exchange side and it treats it as normal mail and then in the Outlook client you scan the headers (as you do in the all Windows solution) and filter out anything marked as spam.

This is actually quite a common solution - but the reasons (at least in my own personal case) that we didn't go that way are:
1) need an extra machine - some companies may have money to get more machines, or have extras sitting around... we don't
2) the IT staff available to our company (if I am not around) is not versed in *nix, so it would be an issue if anything needed to be done to/with it.
3) the Windows only solution is easy for those that know Windows (similar to 2 I guess).

Posted by: Eric at June 25, 2004 07:31 AM

I am already running a seperate box for spamassassin and virus scanning of all e-mail coming into my domain. I'm interested in just a SMTP Event sink that would just put a message with a specific header into a mailbox. "X-Spam-Status: Yes" would get put into the "Junk" folder.

I don't want to have to setup client side filters for all of my 500 users.

Is there a vbs script that will already do this for me? The documentation on the Sink Events is terrible.

Thanks!

Posted by: Mark Jenks at June 28, 2004 12:32 PM

I am currently not on my network to look at some event sinks and their code - but off the top of my head I would think that you could definitely move the e-mail to a public folder.

That is likely undesirable to have all (potential) spam put in a public space since there is the possibility that something was of a sensitive nature and wasn't spam - which would then feasibly be seen by anyone looking in there.

Off the top of my head, I am guessing that the sinks can't write out to a folder in the user's section (as opposed to a public area), but I will see if I can look around to confirm this.

Posted by: Eric at June 28, 2004 01:11 PM

I'm doing some Googling on the internet and I found this.

SpamMover - http://www.ivasoft.biz/spammover.shtml

So I'm guessing it's possible.

-Mark

Posted by: Mark Jenks at June 28, 2004 01:22 PM

Agreed - I wondered the same - but that is not solely an event sink that is included. It also includes compiled code as well - so it is possible that is doing the work beyond what the event sink itself is allowed to do.

Of course, that surely isn't to say that it isn't possible - but AFAIK the bare event sink is only able to access public folders.

This might actually be a good question for Christopher Lewis (the fellow that wrote the script that this original post talks about).

I will keep looking - sounds like you are too (keep us posted here if you find something).

Posted by: Eric at June 28, 2004 01:26 PM

Another thing I was thinking of along these lines was to create a SMTP-Sink that would parse the "to:" address and deliver it to a folder.

It would have more uses that just for spam..

"to: user+folder@domain.com" = user's "folder".
No folder would default to inbox.

-Mark

Posted by: Mark Jenks at June 28, 2004 02:41 PM

Here is another one that uses a DLL, but it's free?

It uses another DLL called: Microsoft.Exchange.Transport.EventInterop.dll

http://www.layer-7.com/Toolbox.aspx

Also, See these:
(Remote extra o from google.)
http://groups.gooogle.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&threadm=uWkVHiZYDHA.2344%40TK2MSFTNGP09.phx.gbl&rnum=3&prev=/groups%3Fq%3Dsink%2Bfolder%2Bgroup:microsoft.public.exchange2000.development%26hl%3Den%26lr%3D%26ie%3DUTF-8%26c2coff%3D1%26selm%3DuWkVHiZYDHA.2344%2540TK2MSFTNGP09.phx.gbl%26rnum%3D3
http://groups.gooogle.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&threadm=uLWBCyuCEHA.2824%40TK2MSFTNGP12.phx.gbl&rnum=4&prev=/groups%3Fq%3Dsink%2BMoveRecord%2B%2Bgroup:microsoft.public.exchange2000.development%26hl%3Den%26lr%3D%26ie%3DUTF-8%26c2coff%3D1%26selm%3DuLWBCyuCEHA.2824%2540TK2MSFTNGP12.phx.gbl%26rnum%3D4

-Mark (still digging)

Posted by: Mark Jenks at June 28, 2004 04:26 PM