FAQ & Knowledge Base

Welcome to our Knowledge Base. Search or browse through the topics below to find answers to your questions.

Categories: Exchange Server Toolbox | Show all categories

status_loader

The "Exchange Server Toolbox" uses .Net regular expressions with the options IgnoreCase and Singleline set to true.

A tool for testing .NET regular expressions can be found here:
https://regex101.com/

An overview can be found here: https://cheatography.com/davechild/cheat-sheets/regular-expressions/

Alternatively, you can now use a generative text AI to generate RegEx. In that case, please use the link above to double check the validity of the expressions.

When the Exchange Server Toolbox tries to send auto reply messages, it uses the Exchange Server to send these mails over SMTP. Since by default the Exchange Server rights are restricted, the Exchange Server Toolbox may not be allowed to do this. Therefore you have to configure your Exchange Server to allow the Exchange Server Toolbox (i.e. localhost) to send mails via Port 25 or 587.

Please run the setup of the licensed full version of the Exchange Server Toolbox.
Please do not uninstall the previous installed trial version.
All settings will be retained.

No, unfortunately this is not possible at present. The Exchange Server Toolbox administration interface is only available on the mail server.

General settings for each third party virus scanner that you want to use are:

  1. If a virus is found (files and archives), no user interaction (asking) may be required. Select "Delete file" or "Rename/Move file".
  2. Disable any scanning of POP3/IMAP and SMTP protocols. This option is usually described as "Scan inbound/outbound email".

You can also use the integrated ClamAV virus scanner in addition to your own.

The results of the integrated SpamAssassin are written in the header of the mail, just like any other SpamAssassin. If you right-click on the mail in your Outlook and select "Message Options", a dialog appears in which you can view the Internet headers of the mail.
There you will find the spam report, which gives information about which rules have been applied to this mail:
e.g.
X-Spam-Checker version: SpamAssassin 3.1.7 (2006-10-05)
     * on server1.intranet.jam-software.com
     * at Wed, 09 Apr 2008 15:56:40 +0200
X-Spam status: No, hits=1.0, required= 3.6, autolearn=no
X-Spam Report: * 0.5 HTML_40_50 BODY: Message is 40% to 50% HTML
     * 0.0 HTML_MESSAGE BODY: HTML included in message
     * 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
     * [score: 0.5077]
     * 0.2 HTML_TITLE_EMPTY BODY: HTML title contains no text
     * -2.0 SP2E_BodyWordWLRule BODY: SP2E_BodyWordWLRule
     * 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
     * [87.19.116.205 listed in dnsbl.sorbs.net]
     * 0.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
     * [87.19.116.205 listed on zen.spamhaus.org]
     * 0.3 URIBL_GREY Contains to URL listed in the URIBL greylist
     * [URIs: googlepages.com]

Yes, the Exchange Server Toolbox becomes active immediately after SMTP reception and processes all incoming (received) rules, regardless of the existence of the recipient. However, the incoming (accepted) rules are not processed until the Exchange Server has accepted the email and therefore wouldn't be triggered.

SpamAssassin, checks SPF records. You will find the default settings in the file 25_SPF.cf and the corresponding scores in the file 50_scores.cf. Both files can be found in the directory "C:\ProgramData\JAM Software\spamdService\sa-rules\updates_spamassassin_org".

If you are using the Exchange Server Toolbox or SmartPOP2Exchange, we recommend using the built-in editor to create customised SpamAssassin configuration files. You can find this under the Spam options. You can customise the scores of the SPF rules to your own requirements. To do this, add "score" followed by the name of the rule, followed by the new score in the configuration file: "score RULE_NAME 3.8".

Alternatively, you can also manually create your own .cf file in which you define your rules. Please note that this file should come last in alphabetical order, as SpamAssassin analyses the .cf files in numerical-alphabetical order. An example of the file name could be XMySettings.cf. For detailed information and instructions on writing rules in SpamAssassin, you can consult the official article in the SpamAssassin documentation. Here is the direct link to the article: Writing Rules in SpamAssassin

Don't forget to enter the SPF records in your MX record to ensure optimal functionality.

You can test spoofing using www.sendanonymousemail.net. This tool allows you to send anonymous emails, which can be useful for testing purposes.

Please note that this tool must not be misused for illegal activities or for sending spam. It is important to act responsibly and in accordance with applicable laws. Misuse can lead to serious legal consequences.

You can find more information about the possibilities with SpamAssassin on the official website: Apache SpamAssassin Wiki

URIBL (https://www.uribl.com) is a DNS-based Blackhole List which tracks IP addresses which are commonly used for sending spam mails. URIBL is enabled by default for SpamAssassin installations but allows only a certain amount of requests from the same IP every day. If this amount is exceeded, any further requests will be blocked by the URIBL servers with the info notification above.

This typically happens for SpamAssassin installations that use public DNS resolvers such as Google. As any request that is forwarded via the Google servers has the same IP when it reaches the Blackhole list, all requests will share the same limit. For usage of an alternative DNS, please follow these instructions.

For the following domains it is currently useful to set up forwarding to ensure the full functionality of SpamAssassin:

  • dbl.spamhaus.org
  • zen.spamhouse.org
  • sbl.spamhouse.org
  • list.dnswl.org
  • multi.uribl.com


Now determine the name server for each of the mentioned domains.
Open a command prompt and issue the following command (e.g. for "lists.dnswl.org"):

nslookup -querytype=ns list.dnswl.org.

Attention: Do not omit the dot at the end of the domain, otherwise nslookup will append your local domain and the command will not work.

Example output:
list.dnswl.org nameserver = b.ns.dnswl.org
list.dnswl.org name server = c.ns.dnswl.org
b.ns.dnswl.org internet address = 74.208.14.82
c.ns.dnswl.org internet address = 173.255.241.134
c.ns.dnswl.org AAAA IPv6 address = 2600:3c01::21:1000

  • Now create a "conditional forwarding" on your domain controller for each IP address.
  • Open the DNS management console on the server
     <Server Name> ' "Conditional Forwarding" ' Right click, "New Conditional Forwarding"
  • Enter the domain (in the example: "lists.dnswl.org") and then enter the IP addresses previously queried.

 

If you are using an enterprise firewall, you can also make these settings there. The function can be found in the 'DNS' section and is called 'DNS Request Routing' or 'DNS Redirection' or similar.

This happens if SpamAssassin finds rules with a score of zero. Tests with such a score a generally used in third party rule sets.
They check for a specific spam or ham sign but do not actually assign a score to leave it to the SpamAssassin admin if they want to use it or not to optimize their spam detection.
The message can be avoided by assigning a score to the related test or by removing the channel which belongs the particular rule from the sa-update call.
To assign a score, open 'local.cf' in the configuration directory (<%SACONFIGPATH%>) and add the line following line:

  • score YET_ANOTHER_TEST 0.0001

All entries (Page 6 / 7)