Introduction
Exchange Server 2003 introduced some native anti-spam capabilities that helped Systems Administrators to reduce unwanted commercial email (UCE), viruses and malware in general. These features included:
- Real-Time Block List Service Provider Support
- Global Deny and Accept Lists
- Sender Filtering
- Inbound Recipient Filtering
- Improved Ability to Restrict Submissions to and Relaying on an SMTP Virtual Server
- Integration with Outlook 2003 and Outlook Web Access Block and Safe Lists
- Exchange Intelligent Message Filter (SP2)
Although these configuration settings are stored in Active Directory, they aren’t directly migrated to Exchange Server 2007 if you decide to implement this new version. But worry not, the Anti Spam Migration Tool can deal with this fairly huge amount of information. It reads these settings from Active Directory and converts them to the equivalent Windows PowerShell script, consisting of Exchange 2007 tasks, which can then be run on the Edge Transport or Hub Transport roles of Exchange Server 2007.
Read the following table for a list of the migration settings the tool supports.
Connection Filtering |
|
Recipient Filtering |
|
Sender Filtering |
|
Sender ID Filtering |
|
Intelligent Message Filtering |
|
General settings |
|
Installation
Before installing the tool, ensure that you meet all the requirements:
- Supported Operating Systems: Windows Server 2000, Windows Server 2003;
- Microsoft .NET Framework 1.1 or higher;
- The account under which this tool is run needs to have read rights to AD configuration container and read access to MSExchange.UCEContentFilter.xml.
Installing the tool is as easy as:
- Download Exchange 2007 Anti Spam Migration Tool
- Run Exchange2007AntiSpamMigration.msi, it will extract the tool and documentation to the target folder (by default C:\Program Files\Exchange2007AntiSpamMigration\)
The tool doesn’t add any icons to your start menu, so you’ll have to run it from the command line. The usage is as follows:
Exchange2007AntiSpamMigration [/f:<full path to custom words file>] [/o:<outputfile name>] [/?]
/f: Optional full path to MSExchange.UCEContentFilter.xml file. If not specified, custom words or phrases are not migrated.
/o: Optional output file name. If not specified, output is written to MigratedSettings.ps1 in current directory.
/? Displays usage.
Exporting Anti-Spam Settings
In order to test and run the tool, I had to populate the anti-spam settings of my Exchange 2003 environment, so I just added some values that could be migrated later. The next pictures illustrate the settings of the Exchange 2003 environment.
Figure 1: Perimeter IP List
Figure 2: Sender Filtering
Figure 3: Connection Filtering
Figure 4: Recipient Filtering
Figure 5: Intelligent Message Filtering
Figure 6: Sender ID Filtering
After filling the Exchange 2003 anti-spam settings with some random values, I just run the tool. The result is a PowerShell script as you can see in Figure 8.
Figure 7: Running the tool
Figure 8: Output file
In my test environment I only had one single Exchange Server 2007, with 3 roles: Client Access, Mailbox and Hub Transport.
Because Hub Transport servers only need to perform anti-spam functions when there is no Edge Transport server to perform this function, this is a feature that is not enabled by default (Figure 9). Adding this functionality to your Hub Transport servers is a pretty simple process. Just launch the Exchange Management Shell and in the Scripts folder that was created (C:\Program Files\Microsoft\Exchange Server\Scripts\install-AntispamAgents.ps1)), you will find a PowerShell script to install the Anti-spam agents.
Once you complete these steps, you will see the Anti-spam tab enabled in the Exchange Management Console (Figure 11).
Figure 9: Hub Transport without Anti-spam tab
Figure 10: Install Anti-spam Agents
Figure 11: Hub transport with Anti-spam tab
So, now that we have a Hub Transport server with anti spam agents enabled, we just have to run the output script from the Anti Spam Migration Tool (Figure 12). As you can see in the following figures, all the settings have been successfully imported.
Figure 12: Running the tool to import settings
Figure 13: Recipient Filtering
Figure 14: IP Block List Providers
Figure 15: Sender Filtering
Figure 16: Recipient Filtering
Conclusion
Exchange Server 2007 offers some advanced anti-spam features. If you’re transitioning from Exchange 2003 to the current version, you’ll find this tool of extreme value.
The output script in PowerShell will take into account most of the previous settings and it makes the migration a pretty straightforward process. As a curiosity, I can tell you that the Exchange organizations in the example I gave you weren’t even in the same forest, so one can assume that the tool will work for the most complex scenarios.
Related Links
A tool to migrate anti-spam settings from Exchange 2003 to Exchange 2007
Exchange 2007 Anti Spam Migration Tool
Approaches to Fighting Spam in an Exchange Server Environment