I have a client who gets a TON of spam to their public IP.
I have put a Linux box running exim and spamassassin in front of it, and a bunch of Outlook rules to move mail into the Junk Email folder when spamassassin thought it saw spam. This worked well enough.
Now I've migrated them to Exchange 2007, is there a better way to "enforce" these Outlook rules for everyone, at the server side?
(Spamassassin works by inserting headers into incoming email. Here's some details.)
Thanks
Tom
EDIT: Title changed (as sensibly suggested) from "Spamassassin / exim in front of Exchange 2007"
Exchange 2007 offers Message Transport rules to filter messages based on a number of conditions. One of these conditions is the HeaderContains condition which should do what you want.
To get it to send the mail to your Junk folder, you could set-up SCL to send messages over a certain threshold to the junk folder, then get the message transport rule to stamp an SCL value on the message, higher than that threshold, should that header exist.
Details of what filtering Message Transport Rules support is available here.
Details of how to enable Message Transport Rules can be found here.
We have gone with a similar solution to you - configuring a box as a dedicated spam/virus filter between our Exchange box and the internet. This works wonderfully, and spares the exchange server a-lot of work, allowing it to be more responsive and handle more users than if it were doing all this work itself.
Just to give you some idea: our mail scanners see about 100,000 emails per day - but 80% of that is dropped right away, without making it to the Exchange server. Of the 20,000 that make it to Exchange, about 2,000 of those are marked as SPAM, and usually 2-5 are quarantined with viruses/malware. Our mail scanners are some of the busiest servers on our network.
There is an absolutely EXCELLENT guide for setting this up at: http://www200.pair.com/mecham/spam/spamfilter20090215.html