Microsoft offers a free add-on for Exchange 2003 called Exchange Intelligent Message Filter (IMF). If you haven't used it, give it a try. It's a great tool to cut down on spam. If you are new to Exchange, or to IMF, here are some troubleshooting tips that will get you going.

First, as soon as you install the IMF you need to take a few steps to make sure the filter is working. Go to the Exchange System Manager, Global Settings, and right-click Message Delivery. If you don't see the IMF tab in the properties of Message Delivery, simply close the Exchange System Manager and reopen it. It's best to leave the default settings as shown in the screen shot below at least in the beginning. I will show you later how to customize the filter.

Do not change the option "When blocking messages" for now because you really won't know what the optimum spam confidence level (SCL) is, at least not in the beginning.

Next, go to Servers, server_name, Protocols, SMTP, Intelligent Messaging Filtering. Right-click to go to the Properties option and check the box for your Default SMTP Virtual Server. That's all you need to do in the Exchange System Manager.

One problem that people run into often is that they discover that the messages are going into the Outlook Junk E-mail folder, even though the threshold is set to higher than 0. When you install IMF, Active Directory is updated with the gateway and the store threshold values. However, changes to these values are only registered with the store if you restart Microsoft Exchange Information Store service. If you forget to restart this service, any application that utilizes the Exchange 2003 SCL infrastructure will not work properly.

Another common issue that you may experience has to do with the FTP Publishing service. If you are running FTP service on the Exchange Server, the service will not restart after the IMF installation, even if it was set to start automatically. During the installation IMF stops IIS Admin service, when it finishes installation it starts the SMTP, NNTP, POP3, IMAP and Routing Engine service but doesn't start FTP. You can manually start the FTP service.

Use Perfmon (a.k.a. System Monitor) to monitor all the IMF counters. Look at all the values of Total Messages Assigned an SCL Rating of X, where X is the value 0 through 9. Use the highest number value to configure IMF. For example, if the majority of messages that were filtered had an SCL rating of 5, then you want to configure the IMF tab shown in the screen shot above for 5. The default value is 8. A common problem that people encounter is that when they try to add the counters in System Monitor, the Exchange IMF counter is missing. Be patient, the counter will show up as soon as IMF has processed at least one message. I simply send myself a message to force IMF to process a message and the counter shows up. I remove all other default values in System Monitor and then add all 17 counters for the Performance object MSExchange Intelligent Message Filter, as shown below.

You may be tempted to install IMF on all your Exchange servers but that is not necessary. You only need to install IMF on Internet-facing servers that are responsible for receiving mail from the Internet.

In summary, after you install IMF remember to do at least four things.

1. Configure IMF tab on Message Delivery properties
2. Enable IMF on at least the Default SMTP Virtual Server.
3. Restart Microsoft Exchange Information Store service.
4. Monitor the IMF counters using Perfmon and configure the SCL settings on the Message Delivery tab based on the results.