Monday, December 27, 2004

Configure IMF gateway settings per server?


Someone sent me email the other day asking about the global configuration of the Intelligent Message Filter (IMF). "Is there anyway to configure the IMF settings at the Admin Group level or something less than global," they asked.

Well, it turns out there is a way to configure the IMF (or at least, the gateway portion of the IMF) at the server level.

By default, when the IMF initializes, it reads the "gateway action" and "gateway threshold" configuration information from the "Global Settings" configuration defined in ESM -- configuration which is stored in the AD and is global to the entire Exchange organization. See the IMF Deployment Guide or the MSDN Content Filtering Object configuration for more information on these settings stored in the AD.

This configuration is global, however. So how would you facilitate the scenario of having two different gateways with IMF handling inbound spam using different threshold values and/or actions? This might be useful if you have two different DNS domains, one of which requires agressive spam filtering and the other requires very minimal spam filtering. Configuring multiple inbound gateways, each with different IMF thresholds and actions might be quite useful in this case.

The answer is "registry override". The gateway settings are read first from the AD, but the registry on the IMF gateway server is also consulted and if there is an override setting configured, these "per-server" override settings are used instead.

Here are the details:
Reg Key: HKLM\Software\Microsoft\Exchange\ContentFilter

Value: GatewayThreshold
(Create value and set within the range 0-9. This maps to the Gateway threshold defined on Global Settings)

Value: GatewayAction
(Create value and set to one of the values from the following table)

Possible Actions for the GatewayAction (these map to the "when blocking messages" dropdown):
0x0 = No Action
0x1 = Delete
0x2 = Reject
0x5 = Archive (+Delete)

Note that these two registry values will allow you to control the gateway IMF behavior at a per-server basis, but will NOT do anything to control the "information store" UCE behavior.


No comments: