How to configre anti-spam in Forefront Protection 2010 for Exchange

Last week I switched from Symantec Mail Security for Exchange which was running the anti-spam agent on an E2K3 box to Forefront Protection 2010 for Exchange on an E27K box. It seemed that Symantec caught more spam or virtually all of it. I am not sure if Forefront is configured right or if it is not a good as Syamntec. Below are my settings and spam examples that are getting through in large quantities.
Thanks for any help.
Spam-example.docx
Config1.jpg
Config2.jpg
johnnymagsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
Are all the engine updates sourced and deployed? Advanced options - update all engines - view all engines
0
johnnymagsAuthor Commented:
yes they are
0
Keith AlabasterEnterprise ArchitectCommented:
and adding the word viagra or viagra-store to the keyword block does not sort it out?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

johnnymagsAuthor Commented:
yes I did add and nope did not work, I have tried everything, that's why i posted on here..anyway below are two that I still can't block from the yahoo.com domain

thanks for looking at this

1.
Received: from wsmarth-swift.pas.sa.earthlink.net (207.217.120.253) by
 mail1.mapleton.com (192.168.2.20) with Microsoft SMTP Server (TLS) id
 8.2.254.0; Tue, 20 Apr 2010 10:05:17 -0700
Received: from domrl-brush.atl.sa.earthlink.net ([207.69.231.198])      by
 wsmarth-swift.pas.sa.earthlink.net with smtp (Exim 3.36 #4)      id
 1O4Gsv-00084y-00      for jmagyar@mapletoninvestments.com; Tue, 20 Apr 2010
 10:05:17 -0700
X-ELNK-Loop: john@jmagyar.com
Received: from haji-e6a3badf9d ([131.114.4.119])      by
 domrl-brush.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id
 1o4gSU78w3Nl5vE0      for <jmagyar@mapletoninvestments.com>; Tue, 20 Apr 2010
 13:05:16 -0400 (EDT)
Received: by mta-webmail.rezinpjtcprrx.com (Postfix, from userid 94216)      id
 INDSAC0040C4212; Sun, 19 Mar 2000 19:01:55 -0800
Received: from mail.lobxt       by localdomain with local (Postfix);      Sun, 19 Mar
 2000 19:01:55 -0800
Date: Sun, 19 Mar 2000 19:01:55 -0800
To: <john@jmagyar.com>
From: <usacanada2@yahoo.com>
Reply-To: usacanada2@yahoo.com
Subject: ###########USA CANADA DRUG########
Message-ID: <20000320030180817qgbvt@localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Return-Path: usacanada2@yahoo.com
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-Antispam-Report: v=1.1
 cv=6T7g28+stPFUmD/pL8v9Iko/FM48YqyBijkSt7olyrk= c=1 sm=1 a=GJ3jUI72UeAA:10
 a=qkleutdSrU4A:10 a=oJL9TIRMo0YA:10 a=nSIHA-kfN74A:10 a=8nJEP1OIZ-IA:10
 a=ftvXphmRuDk2HvqR3YtIeg==:17 a=5t_wNYsfAAAA:8 a=-Z1I6zKmfET59E-bUzoA:9
 a=xtk0rTMpCVMBiW79c4oB3ODJtHYA:4 a=wPNLvfGTeEIA:10
 a=DovQ0OSlC1XoSPfO04ShyA==:117;OrigIP:207.217

2.
Received: from wsmarth-swift.pas.sa.earthlink.net (207.217.120.253) by
 mail1.mapleton.com (192.168.2.20) with Microsoft SMTP Server (TLS) id
 8.2.254.0; Tue, 20 Apr 2010 10:05:17 -0700
Received: from domrl-brush.atl.sa.earthlink.net ([207.69.231.198])      by
 wsmarth-swift.pas.sa.earthlink.net with smtp (Exim 3.36 #4)      id
 1O4Gsv-00084y-00      for jmagyar@mapletoninvestments.com; Tue, 20 Apr 2010
 10:05:17 -0700
X-ELNK-Loop: john@jmagyar.com
Received: from haji-e6a3badf9d ([131.114.4.119])      by
 domrl-brush.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id
 1o4gSU78w3Nl5vE0      for <jmagyar@mapletoninvestments.com>; Tue, 20 Apr 2010
 13:05:16 -0400 (EDT)
Received: by mta-webmail.rezinpjtcprrx.com (Postfix, from userid 94216)      id
 INDSAC0040C4212; Sun, 19 Mar 2000 19:01:55 -0800
Received: from mail.lobxt       by localdomain with local (Postfix);      Sun, 19 Mar
 2000 19:01:55 -0800
Date: Sun, 19 Mar 2000 19:01:55 -0800
To: <john@jmagyar.com>
From: <usacanada2@yahoo.com>
Reply-To: usacanada2@yahoo.com
Subject: ###########USA CANADA DRUG########
Message-ID: <20000320030180817qgbvt@localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Return-Path: usacanada2@yahoo.com
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-Antispam-Report: v=1.1
 cv=6T7g28+stPFUmD/pL8v9Iko/FM48YqyBijkSt7olyrk= c=1 sm=1 a=GJ3jUI72UeAA:10
 a=qkleutdSrU4A:10 a=oJL9TIRMo0YA:10 a=nSIHA-kfN74A:10 a=8nJEP1OIZ-IA:10
 a=ftvXphmRuDk2HvqR3YtIeg==:17 a=5t_wNYsfAAAA:8 a=-Z1I6zKmfET59E-bUzoA:9
 a=xtk0rTMpCVMBiW79c4oB3ODJtHYA:4 a=wPNLvfGTeEIA:10
 a=DovQ0OSlC1XoSPfO04ShyA==:117;OrigIP:207.217.120.253;SCL:-1

0
Keith AlabasterEnterprise ArchitectCommented:
Interesting that the SCL (spam confidence level) is set to -1, this normally between 0 and 9 for delivered emails. The value of -1 is reserved for microsoft exchange internal email - ie mail that is sent within your own organisation as opposed to having arrived from outside.

http://msdn.microsoft.com/en-us/library/ms998863



0
johnnymagsAuthor Commented:
Just got off the phone with MSS. The -1 is a problem with Forefront Protection 2010 for Exchange  and E2K7. Apparently when I installed Forefront 2010 Protection for Exchange it set the value to -1 and everything hitting Outlook would go into the Inbox, effectively turning of the Outlook spam feature. But with Exchange 2010 this is not a problem. MS had a cmdlet to fix this, which I haven't found yet, but they should provide it to me.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keith AlabasterEnterprise ArchitectCommented:
Excellent, sounds like I was on the right path but I am surprised MS have not notified the issue with 2007 and that a potential fix exists. That is a fairly naughty omission.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.