Installation & Configuration
Installation of IMF is fairly simple. Just double-click on the downloaded ExchangeIMF.MSI installation file, accept the EULA (End User Licensing Agreement), and follow the prompts. The installation adds a new tab to the Message Delivery tab in System Manager. To access it, open the Exchange System Manager, expand Global Settings, right-click Message Delivery and select Properties. Then click on the new Intelligent Message Filter tab.

IMF calculates a SCL (Spam Confidence Level) which is a rating from 1 to 9 with a 1 representing a very low probability that the message is spam while a 9 means it most likely is spam. IMF allows you to trap spam on the gateway server at one SCL threshold. Messages with an SCL below the gateway threshold are sent on to the Information Store. A second configurable threshold determines whether a message is delivered to the user's Inbox or to their Junk E-mail folder.

You may also configure what to do with messages trapped at the gateway. There are four possibilities, Archive, Delete, No Action, and Reject. Archive stores messages in a folder called UCEArchive under the Exchange folders. These messages can be read using Outlook Express or Notepad. This is a form of quarantining that allows retrieval of messages trapped at the gateway. Messages can be released to their intended recipient by moving them to the Pickup folder.

Delete simply deletes the message without any notification to either sender or recipient. No Action assigns the SCL to the message and passes it on to the mailbox store. Reject rejects the message and sends a non-delivery report to the sender. I generally don't think sending a non-delivery report to a spammer is a good idea. It tells the spammer your server/domain actually exists and it adds more traffic to the Internet. While I'm evaluating IMF, I've got it configured for Archive. Once I'm done, I'll probably set it to delete.

There is one other step to configuration, enabling IMF for each Exchange SMTP Virtual Server. There is typically only one virtual server in a Small Business Server installation, but you may have created more. To do this use Exchange System Manager to open Servers, then your specific server, Protocols, SMTP, and then right-click the new Intelligent Message Filtering and select Properties. Under the General tab (the only tab) you will see a list of your SMTP virtual servers (probably just one). Check the checkbox, click on Apply and OK and it's done.

Results
So, how does it work? Pretty well, actually. I started out with the gateway threshold at 9, which is as wide open as it goes. Even at that level, messages started populating the UCEArchive folder. I set the Junk E-mail threshold to 8 and although I got a fair amount of spam in my inbox, messages were being directed to the Junk E-mail folder. I gradually tightened my thresholds and now they rest at 7 for the gateway and 4 for the Junk E-mail folder. A few spam messages seem to get through but not many. However, I do have a few false positives, messages that are not spam but are considered to be by the filter. For instance, recently my daughter asked me if I had received a message she'd sent. Nope. I hadn't. But since she alerted me, I checked the Junk E-mail folder and sure enough there it was. Nice thing about a spam filter is that it sends suspected spam to the Junk E-mail folder. The user can check their own junk folder to retrieve false positives. Once found, the sender can be put on the safe senders list. Naturally I did this with my daughter's e-mail address. Conversely a user can place a sender of spam that sneaks past the spam filter on the blocked senders list. Either way, the user has control over the process.

How does IMF stack up against the competition? Not bad. Not perfect, but not bad.  I usually use and recommend Sybari Spam Manager, which does an excellent job. It uses a number of approaches including a spam engine that can be updated over the Internet periodically. I have mine set to update automatically every 90 minutes. IMF uses a relatively fixed algorithm to assign the SCL. Over time the spammers will learn how to get around it. I suspect when they do Microsoft will issue an update. Sybari Spam Manager allows the system administrator to send spam to a quarantine area. But unlike IMF, a log is maintained which makes it easy to search the quarantine for false positives. However, as mentioned earlier, sending suspected spam to the user's Junk E-mail folder allows the user to search for falsely trapped messages without having to involve the administrator. The downside of this is that the users' Junk E-mail folders will fill up with, well, junk. We all know users aren't real good about cleaning up their mailboxes as it is. But there are some tools available to the system administrator to help alleviate this problem.

Conclusion

Is IMF a good spam filter? Absolutely!  Are there better ones on the market? Again, absolutely. But did I mention that IMF is FREE?!? At that price it should be the first anti-spam filter to try on your SBS 2003 server. You can always upgrade to another third-party solution if IMF doesn't work out for you. If you're still running SBS 2000, maybe it's time to consider upgrading anyway.