Sunday, June 22, 2008
Saturday, June 21, 2008
How to display IMF's Spam Confidence Level (SCL) rankings in Microsoft Outlook
http://searchexchange.techtarget.com/tip/0,289483,sid43_gci1171867,00.html
When the Intelligent Message Filter (IMF) is running on Exchange Server, all messages processed by it are labeled with a value called the "Spam Confidence Level" (SCL).
The SCL is a ranking that IMF gives an e-mail on a range of 0 to 9. Most of the time, messages ranked 8 or above are definitely spam. But it is possible to have a legitimate message stamped with a high spam score, because it has certain spam-like attributes.
I've noticed, for instance, that legitimate (if non-whitelisted) messages with many hyperlinks in them tend to be scored as spam regardless of where the links lead.
The SCL isn't normally shown on messages received in Microsoft Outlook, but it can be useful to have it displayed. This isn't something you can do with Microsoft Outlook's out-of-the-box options though.
For now, the only way to do it (for now) is to create a custom Microsoft Outlook form that exposes the SCL Property.
The folks at Microsoft's You Had Me At EHLO blog have an example of how to do this, which I'll recap here:
Open Notepad and copy and paste this script (from the above-mentioned article) and save it as SCL.CFG. ;**********The CFG file**********
[Description]
MessageClass=IPM.Note
CLSID={00020D31-0000-0000-C000-000000000046}
DisplayName=SCL Extension Form
Category=Standard
Subcategory=Form
Comment=This forms allows the SCL to be viewed as a column
LargeIcon=IPML.ico
SmallIcon=IPMS.ico
Version=1.0
Locale=enu
Hidden=1
Owner=Microsoft Corporation
Contact=Your Name
[Platforms]
Platform1=Win16
Platform2=NTx86
Platform9=Win95
[Platform.Win16]
CPU=ix86
OSVersion=Win3.1
[Platform.NTx86]
CPU=ix86
OSVersion=WinNT3.5
[Platform.Win95]
CPU=ix86
OSVersion=Win95
[Properties]
Property01=SCL
[Property.SCL]
Type=3
NmidInteger=0x4076
DisplayName=SCL
[Verbs]
Verb1=1
[Verb.1]
DisplayName=&Open
Code=0
Flags=0
Attribs=2
[Extensions]
Extensions1=1
[Extension.1]
Type=30
NmidPropset={00020D0C-0000-0000-C000-000000000046}
NmidInteger=1
Value=1000000000000000
;**********END CFG
Copy that file to the directory that has your Outlook Forms repository. Typically this is C: \Program Files\Microsoft Office\OFFICE11\FORMS\, where is the language-locale number for your installation of Office. For U.S. English, that's 1033; the number will vary depending on what version of Office you have installed.
Open Microsoft Outlook and go to Tools -> Options -> Other -> Advanced Options -> Custom Forms -> Manage Forms.
Click Install and select SCL.CFG to add it to the forms library. Click OK to close out all dialogs.
Go to the mailbox where you want to expose the SCL value, right-click on the column headers and select the Field Chooser.
At the top of the Field Chooser, click the dropdown and select Forms….
Add the SCL Extension Form, which will then appear in the dropdown menu.
When selected, it will give you the choice of adding an "SCL" column. Add the column as needed.
Note that the SCL column will not populate if you're using Microsoft Outlook in conjunction with just the local Junk E-mail filter. It only shows values with e-mails received from Exchange Server and processed with the Intelligent Message Filter.
When the Intelligent Message Filter (IMF) is running on Exchange Server, all messages processed by it are labeled with a value called the "Spam Confidence Level" (SCL).
The SCL is a ranking that IMF gives an e-mail on a range of 0 to 9. Most of the time, messages ranked 8 or above are definitely spam. But it is possible to have a legitimate message stamped with a high spam score, because it has certain spam-like attributes.
I've noticed, for instance, that legitimate (if non-whitelisted) messages with many hyperlinks in them tend to be scored as spam regardless of where the links lead.
The SCL isn't normally shown on messages received in Microsoft Outlook, but it can be useful to have it displayed. This isn't something you can do with Microsoft Outlook's out-of-the-box options though.
For now, the only way to do it (for now) is to create a custom Microsoft Outlook form that exposes the SCL Property.
The folks at Microsoft's You Had Me At EHLO blog have an example of how to do this, which I'll recap here:
Open Notepad and copy and paste this script (from the above-mentioned article) and save it as SCL.CFG. ;**********The CFG file**********
[Description]
MessageClass=IPM.Note
CLSID={00020D31-0000-0000-C000-000000000046}
DisplayName=SCL Extension Form
Category=Standard
Subcategory=Form
Comment=This forms allows the SCL to be viewed as a column
LargeIcon=IPML.ico
SmallIcon=IPMS.ico
Version=1.0
Locale=enu
Hidden=1
Owner=Microsoft Corporation
Contact=Your Name
[Platforms]
Platform1=Win16
Platform2=NTx86
Platform9=Win95
[Platform.Win16]
CPU=ix86
OSVersion=Win3.1
[Platform.NTx86]
CPU=ix86
OSVersion=WinNT3.5
[Platform.Win95]
CPU=ix86
OSVersion=Win95
[Properties]
Property01=SCL
[Property.SCL]
Type=3
NmidInteger=0x4076
DisplayName=SCL
[Verbs]
Verb1=1
[Verb.1]
DisplayName=&Open
Code=0
Flags=0
Attribs=2
[Extensions]
Extensions1=1
[Extension.1]
Type=30
NmidPropset={00020D0C-0000-0000-C000-000000000046}
NmidInteger=1
Value=1000000000000000
;**********END CFG
Copy that file to the directory that has your Outlook Forms repository. Typically this is C: \Program Files\Microsoft Office\OFFICE11\FORMS\
Open Microsoft Outlook and go to Tools -> Options -> Other -> Advanced Options -> Custom Forms -> Manage Forms.
Click Install and select SCL.CFG to add it to the forms library. Click OK to close out all dialogs.
Go to the mailbox where you want to expose the SCL value, right-click on the column headers and select the Field Chooser.
At the top of the Field Chooser, click the dropdown and select Forms….
Add the SCL Extension Form, which will then appear in the dropdown menu.
When selected, it will give you the choice of adding an "SCL" column. Add the column as needed.
Note that the SCL column will not populate if you're using Microsoft Outlook in conjunction with just the local Junk E-mail filter. It only shows values with e-mails received from Exchange Server and processed with the Intelligent Message Filter.
Nbtstat
Nbtstat
Nbtstat is a command-line tool for displaying NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for both the local computer and remote computers, and the NetBIOS name cache. Nbtstat allows a refresh of the NetBIOS name cache and the names registered with Windows Internet Name Service (WINS). Used without parameters, nbtstat displays help.
Eg: nbtstat -n
Nbtstat is a command-line tool for displaying NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for both the local computer and remote computers, and the NetBIOS name cache. Nbtstat allows a refresh of the NetBIOS name cache and the names registered with Windows Internet Name Service (WINS). Used without parameters, nbtstat displays help.
Eg: nbtstat -n
Netdiag
Netdiag
Netdiag is a command-line diagnostic tool that you can use to test network connectivity and the key network status. These tests and information will give network administrators and support personnel a more direct means of identifying and isolating network problems.
Examples
1. To test the domain controller in your domain, type the following line, and then press ENTER: netdiag /v /l /test:dsgetdc
2. To display the IPSec policy, type the following line, and then press ENTER: netdiag /test:ipsec /debug
Netdiag is a command-line diagnostic tool that you can use to test network connectivity and the key network status. These tests and information will give network administrators and support personnel a more direct means of identifying and isolating network problems.
Examples
1. To test the domain controller in your domain, type the following line, and then press ENTER: netdiag /v /l /test:dsgetdc
2. To display the IPSec policy, type the following line, and then press ENTER: netdiag /test:ipsec /debug
DCDIAG
What is DCDIAG tool?
Domain Controller Diagnostic (DCDIAG) is a diagnostic tool that is used to analyze the domain controllers in a forest to report problems or issues. The scope of this tool covers the functions of the domain controllers and interactions across an entire enterprise. The DCDIAG tool is used to diagnose the domain controller status for the following issues:
Connectivity
Replication
Integrity of topology
Permissions on directory partition heads
Permissions of users
Functionality of the domain controller locator
Consistency among domain controllers in the site
Verification of trusts
Diagnosis of replication latencies
Replication of trust objects
Verification of File Replication service
Verification of critical servicesNote: DCDIAG is an analyzing tool, which is mostly used for the reporting purposes. Although this tool allows specific tests to be run individually, it is not intended as a general toolbox of commands for performing specific tasks.
DCDIAG.EXE, from the Windows Server 2003 SP1 Support Tools, has two major improvements:
The /TEST:DNS switch to validate DNS health of domain controllers.
The /TEST:CheckSecurityError to detect security configurations that can cause Active Directory replication to fail.
When you type DCDiag /?, the relevant section of the displayed help is: CheckSecurityError - Locates security errors (or those possibly security related)
and performs the initial diagnosis of the problem.
Optional Arguments:
/ReplSource: to target a specific source,
regardless of it's error status. Need not be a current partner.
DNS - This test checks the health of DNS settings
for the whole enterprise. Sub tests can be run individually
using the switches below. By default, all tests except
external name resolution are run)
/DnsBasic (basic tests, can't be skipped)
/DnsForwarders (forwarders and root hints tests)
/DnsDelegation (delegations tests)
/DnsDynamicUpdate (dynamic update tests)
/DnsRecordRegistration (records registration tests)
/DnsResolveExtName (external name resolution test)
/DnsAll (includes all tests above)
/DnsInternetName: (for test /DnsResolveExtName)
(default is www.microsoft.com)NOTE: If you run DCDiag.exe from your workstation, you need the /s: or /n: switch: /s: Use as Home Server.
/n: Use as the Naming Context to test
Sample Usage:DCDiag /s:JSI001 /test:dns
DCDiag /n:JSIINC.COM /test:dns
Domain Controller Diagnostic (DCDIAG) is a diagnostic tool that is used to analyze the domain controllers in a forest to report problems or issues. The scope of this tool covers the functions of the domain controllers and interactions across an entire enterprise. The DCDIAG tool is used to diagnose the domain controller status for the following issues:
Connectivity
Replication
Integrity of topology
Permissions on directory partition heads
Permissions of users
Functionality of the domain controller locator
Consistency among domain controllers in the site
Verification of trusts
Diagnosis of replication latencies
Replication of trust objects
Verification of File Replication service
Verification of critical servicesNote: DCDIAG is an analyzing tool, which is mostly used for the reporting purposes. Although this tool allows specific tests to be run individually, it is not intended as a general toolbox of commands for performing specific tasks.
DCDIAG.EXE, from the Windows Server 2003 SP1 Support Tools, has two major improvements:
The /TEST:DNS switch to validate DNS health of domain controllers.
The /TEST:CheckSecurityError to detect security configurations that can cause Active Directory replication to fail.
When you type DCDiag /?, the relevant section of the displayed help is: CheckSecurityError - Locates security errors (or those possibly security related)
and performs the initial diagnosis of the problem.
Optional Arguments:
/ReplSource: to target a specific source,
regardless of it's error status. Need not be a current partner.
DNS - This test checks the health of DNS settings
for the whole enterprise. Sub tests can be run individually
using the switches below. By default, all tests except
external name resolution are run)
/DnsBasic (basic tests, can't be skipped)
/DnsForwarders (forwarders and root hints tests)
/DnsDelegation (delegations tests)
/DnsDynamicUpdate (dynamic update tests)
/DnsRecordRegistration (records registration tests)
/DnsResolveExtName (external name resolution test)
/DnsAll (includes all tests above)
/DnsInternetName: (for test /DnsResolveExtName)
(default is www.microsoft.com)NOTE: If you run DCDiag.exe from your workstation, you need the /s: or /n: switch: /s: Use as Home Server.
/n: Use as the Naming Context to test
Sample Usage:DCDiag /s:JSI001 /test:dns
DCDiag /n:JSIINC.COM /test:dns
Subscribe to:
Posts (Atom)
