Solved

Anti-spam on Exchange

Posted on 2009-07-06
5
3,992 Views
Last Modified: 2012-05-07
Hi,

I installed the anti-spam script in the console and left it as is as I don't really have anyone I want to block or allow, I was kind of hoping that the anti-spam would sort things out for me. Now, all emails are getting rejected by the anti-spam.

I had to go into the console and disable 'content filtering' and now spam populates our mailboxes again. Can someone please explain how to configure the anti-spam services provided in exchange.

Our receive connectors are set to allow all mail from ports 587 and 25. Send connectors send mail to our smart host which is our sendmail server.

Can someone point me in the right direction?
0
Comment
Question by:Network_Padawan
  • 2
  • 2
5 Comments
 

Author Comment

by:Network_Padawan
ID: 24783351
I also got the following warning in my event logs

"Anti-spam agents are enabled, but the list of internal SMTP servers is empty. If there are any MTAs between this server and the Internet, populate this list by using the Set-TransportConfig cmdlet in the Exchange Management Shell."

I went to the console and typed: set-TransportConfig -InternalSMTPServer 203.38.180.201 (which is our sendmail on the edge) and I got the following error:

Set-TransportConfig : Cannot bind parameter 'InternalSMTPServers'. Cannot conve
rt value "203.380.180.201" to type "Microsoft.Exchange.Data.IPRange". Error: "T
he format of the IP address 203.380.180.201 is invalid. Example of a valid IP a
ddress: 192.168.1.10"
At line:1 char:40
+ set-transportconfig -InternalSMTPServer  <<<< 203.380.180.201

I don't understand what's going on here.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24784108
If you have a Sendmail server on the Edge that is what should be doing the spam filtering. By the time it gets to Exchange that is too late.

All of the antispam options are enabled by default, I would suggest you turn them all off, so that you can configure them correctly before enabling them again.

Simon.
0
 

Author Comment

by:Network_Padawan
ID: 24791558
Hi Mestha,

You are right but I just wanted to test it thats all. I read from all manner of exchange books that Exchange hub transport can remove spam, it doesn't need it at the edge (though I know the edge having the anti-spam configured is the best option).

Can I ask you one question mestha? It states at the transport config that I need to declare all Internal SMTP Servers to bypass the content filtering. Does all internal SMTP servers mean just the one exchange server I have or the smarthost that is sitting in the DMZ aswell?

Thanks
0
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24793303
It is NON Exchange servers that have to be entered. Exchange knows when the message has originated from another Exchange server.

Simon.
0
 

Expert Comment

by:ksa9255
ID: 27272134
Configure the list of internal SMTP servers
If your Edge Transport servers are subscribed into the Exchange organization, you must perform the following tasks on a Hub Transport server. The configuration is stored in Active Directory and then the Microsoft Exchange EdgeSync service ensures that the list of internal SMTP servers is propagated to all your subscribed Edge Transport servers.
To configure the list of internal SMTP servers:
1. Open the Exchange Management Shell.
2. To add a single IP address or multiple IP addresses to the list, run the following command: Set-TransportConfig -InternalSMTPServers:"127.0.0.1","127.0.0.2"
3. To add a range of IP addresses to the list, run the following command: Set-TransportConfig -InternalSMTPServers:"127.0.0.1-127.0.0.99"
4. To add a subnet mask to the list, run the following command: Set-TransportConfig -InternalSMTPServers:"127.0.0.1(255.255.0.0)"
5. To add a Classless Interdomain Routing (CIDR) IP address to the list, run the following command: Set-TransportConfig -InternalSMTPServers:"127.0.0.1/24"
6. To display internal SMTP servers setting: "Get-TransportConfig | fl InternalSMTPServers"
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now