HOW TO: Configure the SMTP Filter in ISA Server to Block SMTP E-mail Attachments by File Name Extension in SBS


This step-by-step article describes how to configure the default Microsoft Internet Security and Acceleration (ISA) Server Simple Mail Transfer Protocol (SMTP) application filter on Small Business Server (SBS) 2000 to delete incoming e-mail messages that contain an attachment that has a specific file name extension.

There are other settings for the SMTP application filter in ISA Server. This article is intended to provide a simple example of the functionality of the SMTP application filter.

By default, you cannot implement the SMTP Commands section of the SMTP filter in SBS 2000. For information about how to use the SMTP Commands functionality of the SMTP filter, visit the following Microsoft Web site: Note that the white paper on this Web site suggests advanced modifications to ISA Server. These advanced modifications are outside the scope of this article and are typically not used in an SBS 2000 environment. If you follow the procedure that is described in this white paper to implement the SMTP Commands functionality, the auth command is not defined. As a result, external SMTP client computers cannot authenticate against the SBS 2000-based computer to send or receive e-mail messages.

NOTE: On an SBS 2000 installation that is using Microsoft Connector for POP3 Mailboxes, the SMTP filter also applies to messages that are delivered by using the POP3 Connector.

ISA Server Service Pack 1 (SP1) addresses several issues that pertain to the default SMTP filter. Microsoft recommends that you obtain and download ISA Server SP1 before you perform the procedure that is described in this article. To obtain ISA Server SP1, visit the following Microsoft Web site: To confirm that ISA Server SP 1 is installed, start the Add/Remove Programs tool in Control Panel and confirm that "Microsoft ISA Server Service Pack 1 and Hot Fixes" is listed.

By default, the components that you must use to have full functionality of the SMTP filter are not installed on a stand-alone version of ISA Server (the non-SBS 2000 version). The integrated Setup program of ISA Server that is part of the SBS 2000 product suite does install the required components.

For additional information about ISA Server as a stand-alone product (the non-SBS 2000 version), click the article number below to view the article in the Microsoft Knowledge Base:

315132 HOW TO: Configure SMTP Message Screener in ISA Server 2000

Default Functionality

The following components of the SMTP filter are functional on a default installation of SBS 2000:

  • Attachments
  • Users/Domains
  • Keywords


The following limitations exist with the SMTP filter:

  • If you want to implement a filter based on keywords, note that the "virus" keyword filters any incoming messages that have "virus" in any part of the message that is specified in the filter properties. For example, if the "virus" keyword is used, messages with "viruses," "antivirus," and other similar words are filtered. This limitation occurs even if you enclose the keywords in quotation marks.
  • Wildcard characters (*) are not permitted.

Configure the SMTP Filter

To configure the default ISA Server SMTP application filter to delete incoming SMTP e-mail messages that have a specific file name extension attachment on SBS 2000:

  1. Click Start, click Programs, click Microsoft ISA Server, and then click ISA Management.
  2. Expand Servers and Arrays, expand Server_name, and then expand Extensions.
  3. Click Application Filters.
  4. In the right pane, right-click the SMTP filter, and then click Properties.

    NOTE: By default, this filter is not turned on.
  5. Click the Attachments tab, and then click Add.
  6. Click Attachment Extension, and then type .test in the Attachment Extension box.
  7. Make sure that Delete message appears in the Action box.
  8. Click OK, and then click OK.
  9. Right-click SMTP Filter, and then click Enable.
  10. Click Save the changes and restart the service(s), and then click OK.

    It may take several minutes for the SMTP filter to become active.
  11. Send a message that has an attachment that has a .test file name extension (for example, Textfile.test) from an external e-mail system (for example, Hotmail) to a user on the SBS 2000-based domain.
  12. After you send the message, check the mailbox of the user to whom you sent the message to confirm that the message does not appear in the user's mailbox.
If you want to verify that the filter is functioning, you can click forward message to in the Action box (as described in step 7) and specify a valid SMTP address. After you finish testing this functionality, make sure that you click Delete message in the Action box.

A common implementation of this filter may cause e-mail messages that have attachments with .exe, .vbs, .bat file name extensions to be filtered and the action is "Delete."

If you implement ISA Server's SMTP filter, you may create additional overhead for the Inetinfo.exe process because the SMTP service runs under the context of Inetinfo.exe. If the SMTP filter is subjected to heavy loads, you may want to use the hotfix that is described in the following Microsoft Knowledge Base article:

292010 High Memory Consumption by SMTP Message Screener Under Stress


For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

305012 How to Remove Corrupt Entries from the SMTP Filter
312552 How to Use the SPCheck Tool to Verify ISA Server Files
292014 Deleting Disabled SMTP Filter Attachment Rules Leaves Rule
313344 SMTP Filter Is Unstable When Using Space in Keyword, Attachment
313345 SMTP Filter UI Displays Red X Instead of Rules
313396 Attachment Rules for SMTP Filter May Become Damaged
285812 Cannot Configure or Use the SMTP Filter

ID articolo: 320703 - Ultima revisione: 11 nov 2008 - Revisione: 1