SMTP filter

  • Article
Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Microsoft Internet Security and Acceleration (ISA) Server includes several application filters which are automatically installed when you install ISA Server. The Simple Mail Transfer Protocol (SMTP) filter is an application filter that intercepts all SMTP traffic that arrives on port 25 of the ISA Server computer. The filter accepts the traffic, inspects it, and passes it on only if it the rules allow it.

The SMTP filter can filter incoming mail based on source user or domain and can generate an alert if mail is received from specific users. The SMTP filter can filter messages, based on recipient. (The filter maintains a list of rejected users from whom mail messages are not accepted.)

Setting up the SMTP filter

After you enable the SMTP filter, you must perform the following steps to enable content filtering:

  1. Use the ISA Mail Server Security Wizard to configure content filtering on the ISA Server, specifying the following:

    • Select the following mail services: Incoming SMTP mail and Outgoing SMTP mail. Also, select Apply content filtering.

    • For the external Internet Protocol (IP) address, specify an IP address on the ISA Server computer.

    • For the mail server internal IP address, specify the IP address of a computer with both SMTP server and Internet Information Services (IIS).

    For configuration instructions, see Run the Mail Server Security Wizard.

  2. On the SMTP Server computer that you specified, configure the IIS Default SMTP Virtual Server properties as follows:

    • On the Access tab, click Relay and then select All except the list below.

    • On the Delivery tab, click Advanced and then, in Smart Host, type the real name of the mail server computer (not the virtual SMTP server).

    For more information on configuring Internet Service Manager, see Windows Help.

  3. Install the ISA Server Message screener. For instructions on installing specific ISA Server components, see Change ISA Server installation options.

  4. Run the SMTPCred.exe tool which is available on the ISA Server CD in the .\isa\i386 folder. When you run the tool, enter appropriate credentials and the name of the ISA Server computer. The user account required for SMTPCred.exe does not need any special rights, but it does need to exist in the domain.

Configuring SMTP filter

The SMTP filter also maintains a list of rejected domains. Messages from users in those domains are also rejected.

If you installed the message screener, you can configure the SMTP filter to check for specific attachments or keywords. You can specify the size, name, or type of content that should be held, deleted, or forwarded to the administrator. You can also specify that one of those three actions should be taken if a keyword is found.

The SMTP filter can also check for buffer overrun attacks. A buffer overrun occurs when an SMTP command is specified with a line length exceeding a specific value. When a buffer overrun attack is attempted, the SMTP filter can be configured to generate an alert.

For more information, see Stop users from gaining access to the SMTP server, Stop domains from gaining access to the SMTP server, Configure attachments for the SMTP filter, Configure keywords for the SMTP filter, and Configure SMTP filter buffer overflow thresholds.