Microsoft KB Archive/320703

= HOW TO: Configure the SMTP Filter in ISA Server to Block SMTP E-mail Attachments by File Name Extension in SBS =

Article ID: 320703

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Small Business Server 2000 Standard Edition

-



This article was previously published under Q320703



IN THIS TASK
SUMMARY
 * Default Functionality
 * Limitations
 * Configure the SMTP Filter

REFERENCES



SUMMARY
This step-by-step article describes how to configure the default Microsoft Internet Security and Acceleration (ISA) Server Simple Mail Transfer Protocol (SMTP) application filter on Small Business Server (SBS) 2000 to delete incoming e-mail messages that contain an attachment that has a specific file name extension.

There are other settings for the SMTP application filter in ISA Server. This article is intended to provide a simple example of the functionality of the SMTP application filter.

By default, you cannot implement the SMTP Commands section of the SMTP filter in SBS 2000. For information about how to use the SMTP Commands functionality of the SMTP filter, visit the following Microsoft Web site:

Configuring and Securing Microsoft Exchange 2000 Server and Clients white paper

Note that the white paper on this Web site suggests advanced modifications to ISA Server. These advanced modifications are outside the scope of this article and are typically not used in an SBS 2000 environment. If you follow the procedure that is described in this white paper to implement the SMTP Commands functionality, the auth command is not defined. As a result, external SMTP client computers cannot authenticate against the SBS 2000-based computer to send or receive e-mail messages.

NOTE: On an SBS 2000 installation that is using Microsoft Connector for POP3 Mailboxes, the SMTP filter also applies to messages that are delivered by using the POP3 Connector.

ISA Server Service Pack 1 (SP1) addresses several issues that pertain to the default SMTP filter. Microsoft recommends that you obtain and download ISA Server SP1 before you perform the procedure that is described in this article. To obtain ISA Server SP1, visit the following Microsoft Web site:

ISA Server Service Pack 1

To confirm that ISA Server SP 1 is installed, start the Add/Remove Programs tool in Control Panel and confirm that &quot;Microsoft ISA Server Service Pack 1 and Hot Fixes&quot; is listed.

By default, the components that you must use to have full functionality of the SMTP filter are not installed on a stand-alone version of ISA Server (the non-SBS 2000 version). The integrated Setup program of ISA Server that is part of the SBS 2000 product suite does install the required components.

For additional information about ISA Server as a stand-alone product (the non-SBS 2000 version), click the article number below to view the article in the Microsoft Knowledge Base:

315132 HOW TO: Configure SMTP Message Screener in ISA Server 2000

back to the top

Default Functionality
The following components of the SMTP filter are functional on a default installation of SBS 2000:
 * Attachments
 * Users/Domains
 * Keywords

back to the top

Limitations
The following limitations exist with the SMTP filter:
 * If you want to implement a filter based on keywords, note that the &quot;virus&quot; keyword filters any incoming messages that have &quot;virus&quot; in any part of the message that is specified in the filter properties. For example, if the &quot;virus&quot; keyword is used, messages with &quot;viruses,&quot; &quot;antivirus,&quot; and other similar words are filtered. This limitation occurs even if you enclose the keywords in quotation marks.
 * Wildcard characters (*) are not permitted.

back to the top

Configure the SMTP Filter
To configure the default ISA Server SMTP application filter to delete incoming SMTP e-mail messages that have a specific file name extension attachment on SBS 2000:
 * 1) Click Start, click Programs, click Microsoft ISA Server, and then click ISA Management.
 * 2) Expand Servers and Arrays, expand  , and then expand Extensions.
 * 3) Click Application Filters.
 * 4) In the right pane, right-click the SMTP filter, and then click Properties.

NOTE: By default, this filter is not turned on.
 * 1) Click the Attachments tab, and then click Add.
 * 2) Click Attachment Extension, and then type .test in the Attachment Extension box.
 * 3) Make sure that Delete message appears in the Action box.
 * 4) Click OK, and then click OK.
 * 5) Right-click SMTP Filter, and then click Enable.
 * 6) Click Save the changes and restart the service(s), and then click OK.

It may take several minutes for the SMTP filter to become active.
 * 1) Send a message that has an attachment that has a .test file name extension (for example, Textfile.test) from an external e-mail system (for example, Hotmail) to a user on the SBS 2000-based domain.
 * 2) After you send the message, check the mailbox of the user to whom you sent the message to confirm that the message does not appear in the user's mailbox.

If you want to verify that the filter is functioning, you can click forward message to in the Action box (as described in step 7) and specify a valid SMTP address. After you finish testing this functionality, make sure that you click Delete message in the Action box.

A common implementation of this filter may cause e-mail messages that have attachments with .exe, .vbs, .bat file name extensions to be filtered and the action is &quot;Delete.&quot;

If you implement ISA Server's SMTP filter, you may create additional overhead for the Inetinfo.exe process because the SMTP service runs under the context of Inetinfo.exe. If the SMTP filter is subjected to heavy loads, you may want to use the hotfix that is described in the following Microsoft Knowledge Base article:

292010 High Memory Consumption by SMTP Message Screener Under Stress

back to the top

