From: irishronan on
We have exchange 2007 behind a solaris MX server running a/v and
spamassassin. I am wishing to write the(normalised ie 43 = 4) header X-
MS-Exchange-Organisation-SCL equal to the spamassassin score. Im aware
of the 0..9 range. However currently All messages coming from external
sources have some X-MS-Exchange-Organisation- headers in them but the
SCL one which i add is removed!

This leads me to believe that the header firewall is not removing it
as it would then have to remove all -Organisation- type headers.

Could I add the MX machines as trusted partners or something similar
that would allow the setting of this header to be maintained.

The reason for this is obviously for server filtering into JunkMail
folder. I have a webinterface which write the JunkThreshold attribute
for a users account into the AD using LDAP so that they can control
their settings.

Please advise

From: Bharat Suneja [MVP] on
Header Firewall: Why spammers can't insert fake SCL (and other Exchange
Organization) X headers
http://exchangepedia.com/blog/2007/07/header-firewall-why-spammers-cant.html

You'll need to assign MS-Exch-Accept-Headers-Organization permission to
anonymous senders (assuming your gateway boxes are not authenticating). It's
a good idea to do this on scoped Connectors only.

--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------------------------


"irishronan" <ronan.mcglue(a)gmail.com> wrote in message
news:1186147787.641893.283910(a)22g2000hsm.googlegroups.com...
> We have exchange 2007 behind a solaris MX server running a/v and
> spamassassin. I am wishing to write the(normalised ie 43 = 4) header X-
> MS-Exchange-Organisation-SCL equal to the spamassassin score. Im aware
> of the 0..9 range. However currently All messages coming from external
> sources have some X-MS-Exchange-Organisation- headers in them but the
> SCL one which i add is removed!
>
> This leads me to believe that the header firewall is not removing it
> as it would then have to remove all -Organisation- type headers.
>
> Could I add the MX machines as trusted partners or something similar
> that would allow the setting of this header to be maintained.
>
> The reason for this is obviously for server filtering into JunkMail
> folder. I have a webinterface which write the JunkThreshold attribute
> for a users account into the AD using LDAP so that they can control
> their settings.
>
> Please advise
>


From: irishronan on
On Aug 3, 2:45 pm, "Bharat Suneja [MVP]" <bha...(a)nospam.org> wrote:
> Header Firewall: Why spammers can't insert fake SCL (and other Exchange
> Organization) X headershttp://exchangepedia.com/blog/2007/07/header-firewall-why-spammers-ca...
>
> You'll need to assign MS-Exch-Accept-Headers-Organization permission to
> anonymous senders (assuming your gateway boxes are not authenticating). It's
> a good idea to do this on scoped Connectors only.
>
> --
> Bharat Suneja
> MVP - Exchangewww.zenprise.com
> NEW blog location:
> exchangepedia.com/blog
> ----------------------------------------------
>
> "irishronan" <ronan.mcg...(a)gmail.com> wrote in message
>
> news:1186147787.641893.283910(a)22g2000hsm.googlegroups.com...
>
> > We have exchange 2007 behind a solaris MX server running a/v and
> > spamassassin. I am wishing to write the(normalised ie 43 = 4) header X-
> > MS-Exchange-Organisation-SCL equal to the spamassassin score. Im aware
> > of the 0..9 range. However currently All messages coming from external
> > sources have some X-MS-Exchange-Organisation- headers in them but the
> > SCL one which i add is removed!
>
> > This leads me to believe that the header firewall is not removing it
> > as it would then have to remove all -Organisation- type headers.
>
> > Could I add the MX machines as trusted partners or something similar
> > that would allow the setting of this header to be maintained.
>
> > The reason for this is obviously for server filtering into JunkMail
> > folder. I have a webinterface which write the JunkThreshold attribute
> > for a users account into the AD using LDAP so that they can control
> > their settings.
>
> > Please advise

Bharet, That document was one of many that I read. So, to clarify
I add a new receive connector and limit it on IP to the 3 MX machines
that all mail for my organisation goes through. Then on the connector
allow anonymous submission privilidges from those 3 IPs. Will this
then allow all mail through that connector to write the organisation-
SCL header!?

thanks
Ronan

From: Bharat Suneja [MVP] on
And allow the MS-Exch-Accept-Headers-Organization permission on that Receive
Connector to anonymous senders. This will *not remove* any Org headers
inserted by the gateway boxes.

--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------------------------


"irishronan" <ronan.mcglue(a)gmail.com> wrote in message
news:1186154637.783932.239530(a)l70g2000hse.googlegroups.com...
> On Aug 3, 2:45 pm, "Bharat Suneja [MVP]" <bha...(a)nospam.org> wrote:
>> Header Firewall: Why spammers can't insert fake SCL (and other Exchange
>> Organization) X
>> headershttp://exchangepedia.com/blog/2007/07/header-firewall-why-spammers-ca...
>>
>> You'll need to assign MS-Exch-Accept-Headers-Organization permission to
>> anonymous senders (assuming your gateway boxes are not authenticating).
>> It's
>> a good idea to do this on scoped Connectors only.
>>
>> --
>> Bharat Suneja
>> MVP - Exchangewww.zenprise.com
>> NEW blog location:
>> exchangepedia.com/blog
>> ----------------------------------------------
>>
>> "irishronan" <ronan.mcg...(a)gmail.com> wrote in message
>>
>> news:1186147787.641893.283910(a)22g2000hsm.googlegroups.com...
>>
>> > We have exchange 2007 behind a solaris MX server running a/v and
>> > spamassassin. I am wishing to write the(normalised ie 43 = 4) header X-
>> > MS-Exchange-Organisation-SCL equal to the spamassassin score. Im aware
>> > of the 0..9 range. However currently All messages coming from external
>> > sources have some X-MS-Exchange-Organisation- headers in them but the
>> > SCL one which i add is removed!
>>
>> > This leads me to believe that the header firewall is not removing it
>> > as it would then have to remove all -Organisation- type headers.
>>
>> > Could I add the MX machines as trusted partners or something similar
>> > that would allow the setting of this header to be maintained.
>>
>> > The reason for this is obviously for server filtering into JunkMail
>> > folder. I have a webinterface which write the JunkThreshold attribute
>> > for a users account into the AD using LDAP so that they can control
>> > their settings.
>>
>> > Please advise
>
> Bharet, That document was one of many that I read. So, to clarify
> I add a new receive connector and limit it on IP to the 3 MX machines
> that all mail for my organisation goes through. Then on the connector
> allow anonymous submission privilidges from those 3 IPs. Will this
> then allow all mail through that connector to write the organisation-
> SCL header!?
>
> thanks
> Ronan
>


From: irishronan on
On Aug 3, 4:43 pm, "Bharat Suneja [MVP]" <bha...(a)nospam.org> wrote:
> And allow the MS-Exch-Accept-Headers-Organization permission on that Receive
> Connector to anonymous senders. This will *not remove* any Org headers
> inserted by the gateway boxes.
>
> --
> Bharat Suneja
> MVP - Exchangewww.zenprise.com
> NEW blog location:
> exchangepedia.com/blog
> ----------------------------------------------
>
> "irishronan" <ronan.mcg...(a)gmail.com> wrote in message
>
> news:1186154637.783932.239530(a)l70g2000hse.googlegroups.com...
>
> > On Aug 3, 2:45 pm, "Bharat Suneja [MVP]" <bha...(a)nospam.org> wrote:
> >> Header Firewall: Why spammers can't insert fake SCL (and other Exchange
> >> Organization) X
> >> headershttp://exchangepedia.com/blog/2007/07/header-firewall-why-spammers-ca...
>
> >> You'll need to assign MS-Exch-Accept-Headers-Organization permission to
> >> anonymous senders (assuming your gateway boxes are not authenticating).
> >> It's
> >> a good idea to do this on scoped Connectors only.
>
> >> --
> >> Bharat Suneja
> >> MVP - Exchangewww.zenprise.com
> >> NEW blog location:
> >> exchangepedia.com/blog
> >> ----------------------------------------------
>
> >> "irishronan" <ronan.mcg...(a)gmail.com> wrote in message
>
> >>news:1186147787.641893.283910(a)22g2000hsm.googlegroups.com...
>
> >> > We have exchange 2007 behind a solaris MX server running a/v and
> >> > spamassassin. I am wishing to write the(normalised ie 43 = 4) header X-
> >> > MS-Exchange-Organisation-SCL equal to the spamassassin score. Im aware
> >> > of the 0..9 range. However currently All messages coming from external
> >> > sources have some X-MS-Exchange-Organisation- headers in them but the
> >> > SCL one which i add is removed!
>
> >> > This leads me to believe that the header firewall is not removing it
> >> > as it would then have to remove all -Organisation- type headers.
>
> >> > Could I add the MX machines as trusted partners or something similar
> >> > that would allow the setting of this header to be maintained.
>
> >> > The reason for this is obviously for server filtering into JunkMail
> >> > folder. I have a webinterface which write the JunkThreshold attribute
> >> > for a users account into the AD using LDAP so that they can control
> >> > their settings.
>
> >> > Please advise
>
> > Bharet, That document was one of many that I read. So, to clarify
> > I add a new receive connector and limit it on IP to the 3 MX machines
> > that all mail for my organisation goes through. Then on the connector
> > allow anonymous submission privilidges from those 3 IPs. Will this
> > then allow all mail through that connector to write the organisation-
> > SCL header!?
>
> > thanks
> > Ronan

I have done what you suggested, however there is no header
organisation-SCL header in the messages I recieve however there are
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-AuthSource: punt.fqdn
X-MS-Has-Attach:
X-MS-Exchange-Organization-SenderIdResult: Neutral
X-MS-Exchange-Organization-PRD: google.com

is there an order in which headers must be added for exchange to
accept them. ie im only adding the header
X-MS-Exchange-Organization-SCL: <0..9>
at the gateway.
All mail for other domains that are stored on linux/imap servers come
through with the X-MS-Exchange-Organization-SCL: <0..9> set.

any advice?!

R

 |  Next  |  Last
Pages: 1 2
Prev: ATTN: Andy David {MVP}
Next: Move 2003->2007 Failure