Forefront Security for Exchange spam filtering

Posted on 2011-03-07
Last Modified: 2012-05-11
We recently disabled antispam services in exchange because it was blocking important emails coming through. We are using forefront as well for exchange. After disabling antispam in exchange we were planning on releying on forefront to take care of everything. We got tons and tons of spam over the weekend. FOrefront doesnt seem to user friendly and I cant see where it would be filtering for spam or if we need to enable it, or even if there is a built in list. Can someone please tell me how to filter for spam in forefront, or how to fine tune it. Thanks.
Question by:JessicaWatters
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 350 total points
ID: 35057801
When you install Forefront Protection for Exchange (FPE 2010) it automatically disables the filtering within that Exchange server regardless of whether you think you have enabled it or not. If you think about it, it would be nigh on impossible to have two filtering systems active at the same time.

Do you actually understand how spam filtering works?

Have you reviewed the policy sections within the FPE console to decide on which engines you want to use and what you want to do with the spam that is found?  ie delete/quarantine etc?

Author Comment

ID: 35058365
Well when I disable content filtering in exchange on the antispam tab we get tons of spam coming in to users, and if I re-enable the content filtering (in exchange) it seems to stop the spam. I was told by one of our IT consultants that we didnt need to have it enabled because it was doing double work and may catch emails we should be getting, and let forefront do the filtering, which it doesnt seem to be doing unless what I disabled is part of forefront to begin with. There must be something I am missing here.

Author Comment

ID: 35058388
By "engines you want to use", do you mean file scanners? If so we are using 4 diff. scanners and set to quarentine. I only see viruse quarentined.....nothing on content.
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

LVL 51

Accepted Solution

Keith Alabaster earned 350 total points
ID: 35058710
The Exchange control is in the Exchange System Manager and should be left as enabled. However, the FPE install then takes all of this over and it is then controlled via the FPE console. You should not amend anything in regards to spam/content in the Exchange system manager at all - leave it alone :)

Have you added anything to the FPE content control such as keyword filters or the like? I know it is not an intuitive interface but you do get used to it - honest.
If you open the gui - select Policy management - Filter lists - create
This will give you a list of things you can do.

Author Comment

ID: 35058999
We are using version 10.2.0942.0 with sp2. I dont see policy mgmt, however see filtering-filter lists, and I have a few things in there. Is there where you are refering to? Dont see anything on "create".
Our IT consultants "disabled" all antispam services in exchange 2007 hub console, I had to re-enable them as per what you mentioned above.  
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35059192
thats the old FSE application - that system has been replaced by Forefront Protection for Exchange (Version 11).
This MAY be of some use to you

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to join another Exchange server to a network, across a WAN 9 41
SBS 2008 active sync issue 2 52
Hybrid Exchange 6 29
Email DNS Issue 2 23
Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
how to add IIS SMTP to handle application/Scanner relays into office 365.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question