SecurExchange - General -> FAQ

The following represent answers to questions commonly handled by our support staff, along with some tips and tricks that past and current customers have found useful.

Please note:These answers follow a few shorthand conventions for describing user-interface procedures. Key combinations will be presented as: Ctrl+Alt+Delete, which means that you should press and hold down the Control, Alt and Delete keys at the same time. Menu selections will be presented as: File | Open, which means you should open the File menu, and then make the Open selection.

General FAQs for SecurExchange

(this information applies to Nemx Power Tools as well)

1. How can I test an IP address (e.g. 1.2.3.4) of a SMTP server against an RBL (e.g. relays.ordb.org)?
2. How can I allow certain hosts to bypass RBL filtering?
3. How does RBL filtering operate?
4. During the installation of Nemx SecurExchange, the following error message is displayed: "The file \\<your exchange server>\addins\nmxxspca\i386\nmxxsp.hlp could not be opened. Please check that your hard disk is not full and you have access to the destination directory." What do I do?
5. How do I enable the Quarantine form from Outlook 2000?
6. How can I allow certain inbound mail addresses to bypass the Subject, Header, Message Body and Attachment filters?
7. How do I catch a single word within the message body or subject?
8. How do I filter items based upon a particular character set?
9. How do I create an Attachment to Filter Rule to delete messages containing VBS files?

1. How can I test an IP address (e.g. 1.2.3.4) of a SMTP server against an RBL (e.g. relays.ordb.org)?

On the Exchange Server machine, do a nslookup on the IP address:

1. Start | Programs | Accessories | Command Prompt
2. Reverse the IP address and append the RBL site to the end (e.g. 4.3.2.1.relays.ordb.org)
3. Type nslookup 4.3.2.1.relays.ordb.org
4. If the result resolves to an IP address, then the IP address 1.2.3.4 is listed on relays.ordb.org as Spam. An example output follows:
   
   E:\>nslookup 4.2.3.1.relays.ordb.org
   Server: mag2.magmacom.com
   Address: 206.191.0.140
   Non-authoritative answer:
   Name: 4.3.2.1.relays.ordb.org
   Address: 127.0.0.2

Back to Top

2. How can I allow certain hosts to bypass RBL filtering?

When a RBL contains the IP address of a SMTP server trusted not to send Spam, create a Friendly IP Address. IP addresses listed as friendly bypass the Spam Manager RBL filter.

To add an IP address to the Friendly IP list:

Add the IP address of the Friendly SMTP server to the Nemx SecurExchange configuration:

1. On the Spam Manager tab, and in the RBL filtering section click Databases
2. Click Advanced
3. Click Add
4. In the Friendly IP address field, type 1.2.3.4. (e.g. 1.2.3.4)
5. Click Ok
6. Click Ok

Back to Top

3. How does RBL filtering operate?

RBL filtering operates on the IP address of the SMTP server sending an email inbound through the SMTP Server / Internet Mail Service. This IP address is accurate, and cannot be faked like many return email addresses. The IP address of the sender is then reversed and prepended to the RBL host entry, and a DNS look-up is performed. If the lookup is successful, then the IP address is on the Black List for that database.

An example of how a RBL lookup operates is as follows:

1. A message arrives from IP address 127.1.1.1
2. The IP address is reversed to 1.1.1.127 then prepended to blackholes.mail-abuse.org
3. 1.1.1.127.blackholes.mail-abuse.org is used for DNS lookup against the blackholes.mail-abuse.org database
4. If the DNS lookup resolves to an IP address, then the mail is considered to be Spam

Back to Top

4. During the installation of Nemx SecurExchange, the following error message is displayed: "The file \\<your exchange server>\addins\nmxxspca\i386\nmxxsp.hlp could not be opened. Please check that your hard disk is not full and you have access to the destination directory." What do I do?

If you are using Exchange 5.5, you need the shared directory that was part of the original install \\<your exchange server>\add-ins.

If you are using Exchange 2000, you need to download the install from: http://www.nemx.com/downloads/powerpac/xspb2kinfo.htm

Back to Top

5. How do I enable the Quarantine form from Outlook 2000?

To install the Nemx Quarantine Form, follow these steps:

1. From Outlook, select the Tools | Options menu
2. On the Other tab, Click Advanced Options
3. Click Custom Forms
4. Click Manage Forms
5. Select Personal from the list Forms Library
6. Click Install
7. Select Form Message (*.fdm) from the list Files of Type
8. Navigate to the installed directory of Nemx SecurExchange (C:\Program Files\Nemx\Nmxexspp) and select the Nemx_Quarantine.fdm file
9. Click Ok

Back to Top

6. How can I allow certain inbound mail addresses to bypass the Subject, Header, Message Body and Attachment filters?

Create an Action that will ensure nothing is done to the inbound message:

1. Open the Nemx SecurExchange Configuration dialog
2. On the Actions tab, select Spam and Content Actions
3. Click Add
4. In the Action Name field, type Do Nothing
5. Click Ok

Create a Rule to Filter inbound message:

6. On the Spam Manager tab, click Addresses
7. Click Add
8. Enable Active
9. In the Address field, type the address of the originator (example: support@nemx.com)
10. In the Behaviour section, select Halt filtering on Message
11. In the Transfer Mode section, enable Inbound
12. Click Ok
13. Click Ok
14. Click Apply

Back to Top

7. How do I catch a single word within the message body or subject?

• Filter for the word click separated by spaces:
  =(^| )click( |$)
• Filter for the word click separated by anything except alphas:
  =(^|[^a-z])click([^a-z]|$)
• Filter for the word click separated by anything except alphas and numbers:
  =(^|[^0-9a-z])click([^0-9a-z]|$)

Back to Top

8. How do I filter items based upon a particular character set?

Create a Header rule in Spam Manager:

1. Open the Nemx SecurExchange Configuration dialog
2. On the Spam Manager tab, click Headers in the Header Filtering section
3. Click Add
4. Check Active
5. Enter a Header Field in the Header Token field (e.g. content-type)
6. Enter a Character Set in the Header field (e.g. ks_c_5601-1987)
7. Check "Inbound" in the Transfer Mode section
8. Click Ok
9. Click Ok
10. Click Apply

Back to Top

9. How do I create an Attachment to Filter Rule to delete messages containing VBS files?

Create an Action Handler to remove attachments:

1. On the Actions tab, click the button Spam and Content Actions
2. Click Add
3. In the Action Name field, type Handle unwanted VBS files or some other name
4. In the Message Modifications section, enable Delete Attachment
5. Click Ok

Enable the Attachment Filtering section:

6. On the Content Filtering tab in the Attachment Filtering section, enable Attachments Filter

Define a rule to handle VBS files:

7. On the Content Filtering tab in the Attachment Filtering section, click Rules
8. Click Add
9. In the Rule field, type *.vbs
10. In the Action list, select Handle unwanted VBS files
11. In the Direction section, select Inbound and Outbound (inbound and outbound through the IMS), and/or Private and Public (internal from mailbox to mailbox)
12. Enable Active
13. Click Ok
14. Click Apply

Back to Top

• FAQs for SecurExchange Exchange 2003/2000
• FAQs for SecurExchange for Exchange 5.5
• General FAQs for SecurExchange

Need to add virus protection to your solution ?
Check out SecurExchange Anti-Virus

More About This Product: Fact Sheet | FAQS | Price Calculator | Download | Feature Matrix