Configuration of the SMTP Filter – Wayne Small
ISA has within it the power to filter SMTP traffic based on a number of features including extension type. The following screen shows show how to configure your ISA server to implement this feature.
1. Open the SBS Administrators Console and navigate to the screen below. By default the SMTP Filter is disabled as shown by the red down arrow in the right hand window.
2. Double click on the SMTP Filter to reveal its properties. Check the “Enable this filter” box.
3. Select the Attachments tab.
4. Select Add and you will have the option to specify either an attachment name, extension or size limit as the screen below shows. You can select either Delete Message, Hold Message or Forward to and can specify the forward to address. I chose to have potential virus sent to the administrator so I can check them before on sending them to the user. The forwarding address has to be a full SMTP address.
5. Once you ve added the file type you want to block you can select OK to save your changes.
6. You will get a warning message indicating that it will need to restart the ISA services for the change to take effect – do it and you should be set to go.
7. If you should decide to disable the SMTP filter at some point in the future, I have found that you need to disable each individual extension that you are filtering on before you disable the actual filter. If you don’t do this then you’ll find that the rules still apply even though the filter is disabled.
A few notes from the field – Calvin McLennan
While setting up the filter rules, if you make a mistake creating a rule (select file name to exclude when you really wanted extension to exclude) then select Remove to get rid of the rule – it doesn’t really get rid of the rule. In fact it corrupts the rule base and ALL SORTS of services FAIL/FAIL/FAIL. Disabling and re-enabling the filter extensions make no difference.
All IIS services fail, Exchange POP, SMTP, etc. fail (though Exchange internally still works).
Fortunately the KB has reference to the error, and there is a patch from PSS. See …
Deleting Disabled SMTP Filter Attachment Rule Leaves Corrupted Rule (Q292014)http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q292014&ID=KB;EN-US;Q292014
But you still need to get rid of the corrupted rule base first to get services back on line. See …
How to Remove Corrupt Entries from the SMTP Filter (Q305012)http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q305012&ID=KB;EN-US;Q305012
I had to use the Registry method to remove the bad rule set completely first. If in fact you got the error and needed to get the system operational ASAP – delete the corrupt rules first and then get the patch if desired. As long as you do not make an error you should be able to create rules that work OK. I did and tested ok but went back to add more when the corruption occurred.
Leave a Reply