Wednesday, May 26, 2004

Not sure which is funnier.. The level of blog referrals, or the actual article.

Not sure which is funnier.. The level of blog referrals, or the actual article.

If you are willing to dig, there is a pretty funny story at the end of this long referral! :)

Tuesday, May 25, 2004

Weather in Ilinois

My best friend Eric was complaining that my blog was filled with too much techo babble, so here is something a little different.

IMF Archive Manager

As you may have heard by now, Exchange has released a cool new feature today (5/25/04) that goes by the name of Intelligent Message Filter (IMF). You can find out more details on this cool feature at www.microsoft.com/exchange/imf. On Exchange, we are encouraged internally to Dogfood (consume pre-release deliverables) our own products, and since I’ve always enjoyed battling the UCE problem on my personal mail server, I decided to give IMF a test drive.

After getting everything thing setup, my first choice in filtering was to give my end users (family) the burden of cleaning up UCE from their own junk mail folder. The initial feedback was extremely positive, and I was quickly able to figure out the thresholds that worked for most people (6 on the fence, 7 and up almost always UCE). But I also started getting feedback that the end users didn’t really want to continue to deal with the stuff that was definitely UCE and would prefer it never got to the inbox.

As it so happens, IMF has a choice of choosing different actions at two different levels. The first action that I had already used was storing the UCE to the Junk E-mail folder. The second action was a blocking action that would Archive, Delete, or Reject. I didn’t want to reject, as more likely then not I’d end up with a bunch of NDR’s sitting in an outbound queue that would never be delivered. I didn’t want to delete, as I’m always concerned about accidental mail deletion, so Archive sounded like the perfect solution for me.

Since I knew that level 7 and up typically was UCE, I set the Blocking configuration to Archive messages with SCL 7 or greater. I then started watching messages pile up in my “program files\exchsrvr\mailroot\vsi 1\UceArchive” folder. I now had to figure out a way to manage this folder. Unfortunately this was not an area that the IMF feature was focused on. Using OE or notepad via browser window was not very pleasant. So it was time to fire up Visual Studio and roll my own Archive Manager. The result was the IMF Archive Manager (IMFAM) that is now available on http://workspaces.gotdotnet.com/imfarchive.

IMFAM is a C# GUI tool released as source on GotDotNet that provides a tree view of the archive directory and the eml files in it. It also has a preview pane that displays decoded P2 mail message properties as well as the entire raw message. There are 5 actions; Refresh, Delete, Resubmit, Copy to Clip, and Report. Refresh reloads the tree view as well as the raw message. Delete deletes the selected message. Resubmit moves the message to the pickup directory where it is resubmitted to the MTA and delivered. Copy to Clip copies the entire raw message to the clipboard in case you want to paste it in another window. Report creates a new message, attaches the selected message as an attachment, and then sends it to the recipient listed in the report settings. In addition it optionally strips P1 headers, x-SCL header, and deletes the message if so configured in the report settings. The report feature is useful if you want to send the UCE to reporting organizations such as http://www.spamcop.net.

Since this is released as an open source project on GotDotNet, feel free to download it, kick the tires, provide feedback, or even join the group and provide new features.

Monday, May 17, 2004

IMF Archive Manager: Home

IMF Archive Manager: Home

I've gotten approval for release of my IMF Archive manager tool. More details will be released next week on IMF at TechEd.

Microsoft extends availability of spam filter

Microsoft extends availability of spam filter

The IMF buzz has started. Next week's TechEd conference should be interesting.

Thursday, May 13, 2004

QP/Base64 decoding of RFC 2822 header fields

As I mentioned previously, I have a distain for UCE. On my home Exchange server I'm constantly trying to come up with new ways to block this junk email. For quite some time I've relied on RBL's which is now very easy to use with Exchange 2003. The only problem with RBL's is that the speed that worms/viruses create new open proxies usually allows spammers a couple of hours to exploit a new slave machine before it is black listed. Being an insider lets me test drive new technologies like IMF.

One cool aspect of IMF is that it can be setup to archive messages that exceed a certain spammines. Of course then you are left with a bunch of messages in a directory that you have to browse through.

Being the geek that I am, I decided to write my own browser to parse the messages so I could decide to resubmit them, delete them, or report them to SpamCop. Everything was going great until I found that quite a few spammers have started either QP or Base64 encoding the headers per RFC 1342. I quickly figured out how to solve the Base64 issue with C#, but there didn't seem to be any support for QP decoding. Searching online only generated results of other people looking for the same solution. So after going through the spec I ended rolling my own solution as follows:

//using System;
//using System.Collections;
//using System.Globalization;
//using System.Text;
//using System.Text.RegularExpressions;


private static string DecodeField(string field)
{
string result = field;
int isoStart = field.IndexOf("=?");
int isoEnd = field.IndexOf("?=") - isoStart -2;
if (isoStart > -1 && isoEnd > -1)
{
string text = field.Substring(isoStart + 2, isoEnd);
string[] parts = field.Substring(isoStart + 2, isoEnd).Split('?');

// Only continue parsing if there are 3 parts
// charset?encoding?text
if (parts.Length == 3)
{
Encoding coder = Encoding.GetEncoding(parts[0]);
byte[] bSubject;
if (parts[1].ToLower().Equals("b"))
bSubject = Convert.FromBase64String(parts[2]);
else
bSubject = QPGetString(parts[2]);
result = coder.GetString(bSubject);
if (isoStart + isoEnd + 4 <>
result += field.Substring(isoStart + isoEnd + 4);
if (isoStart > 0)
result = field.Substring(0, isoStart) + result;
}

else
throw new ArgumentException(String.Format("Invalid number of parameters! Expected 3, found {0}. Correct format is =?charset?encoding?text?=", parts.Length));
}
else if (isoStart > -1 isoEnd > -1)
throw new ArgumentException("Invalid encoding detected! Correct format is =?charset?encoding?text?=");

return result;
}

private static byte[] QPGetString(string line)
{
if (line == null)
throw new ArgumentNullException();

ArrayList byteArray = new ArrayList();

// look for =XX where xx is hex
Regex reg = new Regex("(\\=([0-9A-F][0-9A-F]))", RegexOptions.IgnoreCase);
for (int i = 0; i <>
if(line.Length >= i + 3 && Char.Equals(line[i],'=') && reg.IsMatch(line.Substring(i,3)))
{
byteArray.Add(Convert.ToByte(int.Parse(line.Substring(i+1,2), NumberStyles.HexNumber)));
// skip two chars
i += 2;
}
else
{
byteArray.Add(Convert.ToByte(char.Parse(line.Substring(i,1))));
}
}
return (byte[]) byteArray.ToArray(typeof(byte));
}


Updated with error checking

Microsoft Unveils Future Of Tablet PC

Microsoft Unveils Future Of Tablet PC

I never really thought that tablets were all that until I my laptop died and I had to get a new one. Corporate policy dictates the minimum specs for new hardware, so my choice was between a bulky "desktop" laptop with all the bells and whistles or a slim line Toshiba Portege Tablet. Needless to say I went the tablet route and and have quickly fallen in love with it. I've always been a big pad and pen note taker in meetings, so moving to the tablet using Onenote wasn't very hard, especially since I had gone to using one notes to organize my notes before making the switch.

Some of the new features mentioned in this article are sure to only increase my reliance on electronic Ink.

James

Wednesday, May 12, 2004

Slashdot | OptInRealBig Wins Restraining Order On SpamCop

Slashdot | OptInRealBig Wins Restraining Order On SpamCop

Lets hope that Spamcop wins this round, though I suspect that going after the fact that Spamcop is generating reports about websites inside of mail can be construed as harassment. I personally use Spamcop for both RBL as well as a reporting mechanism and find their services very effective at stopping future spam.

Knock Knock...

Who's there...

I guess its time for me to finally plunge into this new world of blogging with my own blog page. The sites name was inspired by my youngest daughter, Emily, who loves "knock knock" jokes. This isn't the first time I've blogged though.

A little about me, I'm a Software Test Engineer lead working on the Exchange Transport team at Microsoft. I live with my wife, two daughters, two cats, and dog in Bellevue a short 5 minute drive to work.

One of my biggest pet peeve's is SPAM aka UCE. Working on the Exchange Transport team helps me provide input into the direction MS is going in terms of fighting this issue. Currently I'm working Edge Server. While I can't talk about any details other then what has been published, I am very excited about the prospects of Edge.

James