MS Exchange 2007 Anti SPam filter question

Posted on 2011-10-10
Medium Priority
Last Modified: 2012-06-27
We have the anti-SPam feature enabled on our MS exchange 2007 system and I am getting a lot of emails being filtered that I have no idea why.  I have attached an example (with users removed) below of one that is being quarentined but I have no idea why.  Is there something I am missing in the header ?

Diagnostic information for administrators:
Generating server: myserver.local
#550 5.2.1 Content Filter agent quarantined this message ##

Original message headers:

Received: from DNS02.aaa.aa (IP address) by mail.myserver.com
 ( with Microsoft SMTP Server id 8.1.358.0; Mon, 10 Oct 2011
 14:54:08 +0200
X-TM-IMSS-Message-ID: <39fb580f0002d1ad@aaa.aa>
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
Subject: Here are the photos that I want to share with you
Date: Mon, 10 Oct 2011 15:01:31 +0200
Message-ID: <5B4EE23F74711D4FAC808390F59D749D2EB681@Exchange02.aaa.aa>
X-MS-Has-Attach: yes
Thread-Topic: Here are the photos that I want to share with you
Thread-Index: AcyHTLusohxfrve6R+CYo9YM/riMuQ==
From: SENDER<Sender.name@aaa.aa>
To: Receibver<Receiver.name@myserver.com>
X-TM-AS-Product-Ver: SMEX-
X-TM-AS-Result: No--6,700800-8,000000-31
X-imss-scan-details: No--7.431-10.0-31-1
X-TM-AS-User-Approved-Sender: No
Return-Path: Sender.name@aaa.aa
Received-SPF: None (LLLLLLL.myserver.local: sender.name@aaa.aa does
 not designate permitted sender hosts)
X-TM-AS-User-Blocked-Sender: No

Question by:ianLMurdoch
  • 2
  • 2
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36942469
To stop this from happening. Try the following in EMS:

Use this command to add the user to the whitelist
Set-ContentFilterConfig -BypassedSenders foo@somedomain.com

Open in new window

Use this command to add the domain to the whitelist
Set-ContentFilterConfig -BypassedSenderDomains somedomain.com

Open in new window


Author Comment

ID: 36942509
Thanks for the commands, which I will use to add domains and userts, but how do I know what rule or part of the filter is actually quarentining the message ?
The message received is just gobbledegook !  
It says #550 5.2.1 Content Filter agent quarantined this message ## but I have nothing in the content part of the filter to specify what should be removed

LVL 21

Accepted Solution

Hendrik Wiese earned 500 total points
ID: 36942552
See http://technet.microsoft.com/en-gb/library/aa996295.aspx for an introduction to Exchange's handling of Sender Policy Framework (SPF).

SPF allows a DNS domain to include a record which indicates which servers are authorised to send e-mail from that domain.  In your case, Exchange is telling you that the SPF record does not exist in DNS, which is pretty common.

Depending on how you've configured Sender-ID filtering, this may quarantine the message or do nothing.  It is likely that there are other causes for the message being quarantined.

Reference: SteveH_UK: http://www.experts-exchange.com/Security/Software_Firewalls/Q_22995811.html

Author Closing Comment

ID: 36947127

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question