Filtering messages with Exchange

Block junk e-mail on the client side or on the server side, but just get it blocked with a little help from Ron Nutter in this Daily Feature.

As if junk mail wasn’t bad enough in your mailbox at home, it seems like more and more is showing up in your e-mail at work, as well. How do you stop it? There are several ways you can block junk mail from clogging up your e-mail inbox.

One method involves using Outlook. Depending on the version of Outlook you’re using, you can use either the Rules Wizard or the Inbox Assistant to set up a client-side filter. Alternatively, you can filter messages at the Exchange server.

The approach you take will depend on how widely a particular junk e-mail message is distributed to users on your Exchange server and/or how PC-fluent your Outlook users are. If a message is going to just one or two users, it may be easier to automatically delete the message in that user’s copy of Outlook. If the message is affecting most or all of your users, then blocking the message at the Exchange server will be less time-consuming. This article will explain how to block a message at the Exchange server.

Setting up a filter
To set up a filter, you will need to go into Exchange Administrator. Double-click on the Internet Mail Service listing under the Connections selection. When the Internet Mail Service properties screen appears, click on the Connections tab. Click on the Messaging Filtering button, and you will see the screen where you can control what messages don’t make it to the users’ mailboxes. (If you don’t see the Message Filtering option, make sure that your Exchange server is version 5.5, using at least Exchange Service Pack 2.)

You have two ways of blocking messages—you can block it by a specific sending e-mail address or for an entire domain. A popular e-mail address that is often spoofed in spam messages is To block messages coming from an entire domain, you would enter, replacing with the domain name you want to block. For example, to block e-mail from every e-mail address from, you would enter To block e-mail from one specific address from another domain, you would enter the complete e-mail address, such as

When you enter either a domain or one specific mail address to block, by default, the Delete Messages check box is checked to automatically delete the message upon receipt at the Exchange server. By clearing the box, you can choose to move the message to the Turf directory for later review.

By default, Exchange expects to find a directory called Turfdir at the root of the C: drive. If you have the room on the drive, you can create the directory at this point. If you want to have the Turfdir directory placed on another drive, you can edit the following registry key:

and change the drive letter to the one where you will place Turfdir. To do so, change the TURFDIR value under the Parameters section to match the new drive letter.

Each time you make a change, whether it’s an addition, a deletion, or the editing of a previously entered e-mail address or domain, you will need to stop and restart the Exchange Internet Mail Service for the change to take effect.

Spam can be very annoying, and you probably have been looking for a good way to stop it. Message Filtering gives you a way to keep useless mail traffic from tying up precious storage space on your server.

Ronald Nutter is a senior systems engineer in Lexington, KY. He's an MCSE, a Novell Master CNE, and a Compaq ASE. Ron has worked with networks ranging in size from single servers to multiserver/multi-OS setups, including NetWare, Windows NT, AS/400, 3090, and UNIX. He's also the help desk editor for Network World. If you’d like to contact Ron, send him an e-mail. (Because of the large volume of e-mail that he receives, it's impossible for him to respond to every message. However, he does read them all.)

The authors and editors have taken care in preparation of the content contained herein, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

Editor's Picks