IMF settings
Several people have commented or emailed me asking me for my IMF settings, since I mentioned that I am using the IMF on my personal mail server. There are basically three settings for IMF:
- The Spam Confidence Level threshold for acting at the gateway, as part of the SMTP conversation
- What to do if you act on the message at the gateway (reject, accept and archive, or accept and delete)
- The Spam Confidence Level threshold for putting messages into a user's Junk Mail folder
If you have acquired IMF, hopefully you looked at the documentation, which tells you about the performance counters that you can use to look at how many messages the IMF has classified into each bucket. The best way to determine what your threshold should be is to run the IMF on your normal mail load and look at how many messages fall into each bucket (1-9). 9 is the messages most likely to be spam, 1 is the messages least likely to be spam.
Now, on to actually answering the question: I run 8 as the threshold to reject at the gateway, and 4 as the threshold to put messages into the Junk Mail folder. I have noticed a few false positives at this level, but for me it's acceptable and I look at the junk mail folder periodically. I get about 50 messages in my junk mail folder per day, with an average of 0.25 false positive per day. I get an average of 2 false negative (spam that makes it into my inbox) per day. This is vastly superior to what I was getting with Spamassassin before I switched my mail to Exchange 2003 several months ago. I run 4 as the junk mail folder threshold because I really get very little important mail to this domain, so I would rather err on the side of putting things into the junk mail folder.
Note: other spam marking software may use different criteria to set the SCL, so these numbers are only valid for the Microsoft IMF.
Comments
- Anonymous
May 05, 2004
where can i download the imf? - Anonymous
May 05, 2004
Tim: good question, I should have put info about the availability of IMF in the post. This article by Paul Robichaux talks about the distribution method of the IMF and gives his thoughts about it: http://www.winnetmag.com/Article/ArticleID/41816/Windows_41816.html - Anonymous
May 05, 2004
jcook@inteltech.com
I am a consultant and MSDN subscriber. Can I get IMF yet? I also have Exchange 2003 with SA. Just curious when it will be public or where I can get it to betatest now. Send me an email because I don't think newsgator will update with your comments. - Anonymous
May 05, 2004
this would indicate that its not being made availble to us isv's and exchange partners ?
This seems an increasingly common theme where isvs/partners aren't considered.
This is similar to the WinPE situation where oems and SA licencees are allowed to use butno consideration is iven to us isv's being asked to support our apps on it whilst being denied access to test.
again and again msdn proves it does not provide the all encompassing platform availbility it promises (imf,WinPE, storage server etc).
is anyone addressing this ? I have asked in the exchange partner access program(ed beck) but got no answer... - Anonymous
May 05, 2004
Hmm...I sure hope it's included in MSDN. I'm pretty sure my directors will never authorize us to buy SA just to get IMF. Too bad, I've really been looking forward to giving it a try.
-B- - Anonymous
May 25, 2004
The IMF was released today, to everyone. See http://www.e2ksecurity.com/archives/000810.html. - Anonymous
June 07, 2004
Seems to work well but I can't find documented anywhere the apprarent need to restart the ExchangeIS services on all servers hosting mailboxes for new IMF settings to take effect.
If you know of a way around this I'd be interested to hear it.
Cheers,
leo@kbcfp.com - Anonymous
July 22, 2004
Does microsoft have any plans to update the content filtering database of IMF, available in the following path
exchsrvrbinMSCFv1MSExchange.UceContentFilter.dat
This file is dated 12th feb.
Other AntiSpam vendors like Realsecure Provincia, TrendMicro seem to update their SPAM fingerprint database once in a while. - Anonymous
August 04, 2004
The comment has been removed