SUMMARY

This step-by-step article describes how to extend the Simple Mail Transport Protocol (SMTP) Service by means of a transport event sink. The Microsoft Visual Basic, Scripting Edition (VBScript), code checks incoming SMTP messages for a subject line that contains the word "virus" and for attachments that have a .vbs extension. In both cases, delivery of suspicious messages is blocked.

back to the top

Register a transport event sink for the SMTP Service

1. Start Windows Explorer.
2. Create a new folder called EventSink under the root directory C (C:\EventSink).
3. Copy the file Smtpreg.vbs from the Exchange Software Developers Kit into the newly created folder.
4. In Windows Explorer, open the C:\EventSink folder, right-click the left pane, point to New, and then click Text Document.
5. Name the new file Smtpmsgcheck.vbs. If a Rename dialog box appears, click Yes.

6. Right-click the new file, and then click Edit. In the text editor (Notepad.exe), enter the following VBScript code:

   <SCRIPT LANGUAGE="VBScript"> 
   
   Sub IEventIsCacheable_IsCacheable() 
       'To implement the interface, and return S_OK implicitly 
   End Sub
   
   Sub ISMTPOnArrival_OnArrival(ByVal Msg, EventStatus) 
       Dim envFlds 
       Dim colAttachs 
       Dim iFound 
       Set envFlds = Msg.EnvelopeFields 
   
       If Msg.Subject = "" Or Len(Msg.Subject) < 5 Then 
           iFound = 0 
       Else 
           iFound = Instr(1, Msg.Subject, "VIRUS", 1) ' First position of the word VIRUS 
       End If
    
       'Check whether the message contains a VBS attachment 
       Set colAttachs = Msg.Attachments 
       For Each oAttach in colAttachs 
           If InStrRev(oAttach.FileName, ".vbs",-1, 1) = (Len(oAttach.FileName)-3) Then
               iFound = 1 
           End If
       Next
   
       If iFound > 0 Then 
           'Do not deliver, place message in the Badmail directory. 
           envFlds ("http://schemas.microsoft.com/cdo/smtpenvelope/messagestatus") = 3 
           envFlds.Update  'Commit the changes of the message status 'Skip remain event sinks 
           EventStatus = 1
       End If 
   End Sub 
   
   </SCRIPT>

7. Save the changes, and then close Notepad.

8. Create another text file, name the file Instsink.bat, right-click the file, and then click Edit. In Notepad, enter the following lines:

   @Echo Off
   
   REM*********** The following 2 lines install the Event Sink to log SMTP Messages ***********
   Cscript smtpreg.vbs /add 1 onarrival SMTPMessageCheck CDO.SS_SMTPOnArrivalSink "mail from=*"
   Cscript smtpreg.vbs /setprop 1 onarrival SMTPMessageCheck Sink ScriptName "C:\EventSink\SMTPMsgCheck.vbs"
   
   REM ***** Remove the 'REM' tag from the following line *****
   REM ***** If you want to deinstall the Event Sink again *****
   REM cscript smtpreg.vbs /remove 1 onarrival SMTPMessageCheck
                       

9. Save the changes, and then close Notepad.
10. Click Start, click Run, type cmd, and then click OK to start the Windows 2000 command prompt. Type cd \EventSink to change to the C:\EventSink folder.
11. Type instsink.bat, and then press ENTER to execute the batch file and register the EventSink sample to log messages. Verify that the event sink is registered properly, and then type exit and press ENTER to quit the command prompt.
12. Click Start, click Programs, click Microsoft Exchange, and then click System Manager.
13. Click Servers, expand your server, click SMTP, and then restart the Default SMTP Virtual Server.
14. Test the transport event sink by using Telnet.

back to the top