IMF Archive Manager for Exchange 2003

Using blacklists for spam protection in Exchange 2003 cuts down a lot of spam for my company. However, we decided to enable IMF to do even better. However, it is imperative these caught messages get monitored for false positives. We’re small enough that monitoring the IMF archive is reasonable, but it wasn’t immediately apparent how to do this.
Luckily I found this tool: http://imfam.codeplex.com/  (IMF Archive Manager)

Setup

To begin, you want to make sure the your IMF settings are set to Archive:

IMF archive settings

By default this archive location is:

%ExchangeInstallPath%\Exchsrvr\Mailroot\vsi 1\UceArchive

However, you can change that location by modifying this registry value:

HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\ContentFilter\ArchiveDir

Once you’ve found or set your archive location, open IMF Manager on your client computer, and click Settings > Archive Folder:

IMF Settings folder

Set this to your archive location, and you should see it populated with the IMF messages. This gives you a safe way to view the spam and identify false positives.

Dealing with False Positives

Identifying false positives isn’t very helpful if you can’t do anything with them. What I’ve done to solve this problem is created a Windows share of the IMF Archive folder, and then using IMF Archive Manager, delete all the spam leaving only false positives. I then open the shared folder, and copy the .eml files out:

IMF False Positives

Once you have an .eml file, you may need to re-configure Outlook 2003 or Outlook 2007 to natively open them.

Office 2003:

http://support.microsoft.com/kb/967346

Office 2007

http://support.microsoft.com/kb/956693

Office 2010 appears to open these files properly.

Leave a Reply

Your email address will not be published.