Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5469
  • Last Modified:

Exchange 2010 content filtering (Anti-SPAM) not working properly

Hello all,

I have a windows server 2012 Standard hosting a Virtual windows server 2008R2 with exchange 2010. The exchange 2010 is newly operational and was migrated from a Windows 2003 server with exchange 2003. The old exchange server is still operational since the server is also acting as DC and DNS and I didn't want to remove exchange 2003 until i know that all is working properly on the exchange 2010. The exchange 2010 is fully operational all that needs to be done is the removal of the old exchange from the 2003 server.
My issue is that I've activated the built in anti-spam on the exchange 2010 and configured it with some basic settings and things don't seem to be working right. Also when i try to configure settings such as add multiple domains to the "Allow" list, add multiple e-mails to the "Allow" list to bypass filtering.

More details:
For example I have the "Reject messages with SCL rating greater than or equal to:" unchecked (See image) SCL settings but there are some people who's e-mails still get rejected with my custom rejection error message even though rejection is set to off.(see image) REjection e-mail

I've been able to add just one domain to the "Allow List" (BypassedSenderDomains) but every time I try to add multiple ones I get an error message (see image)Error when adding multiple domains stating that one of the values is already present but from looking at the results of the "get-ContentFilterConfig" command that is not the case. (see image)get-ContentFilterConfig results
The command used was "Set-ContentFilterConfig -BypassedSenderDomains example.com,anotherdomain.com,andanotherdomain.com" (removed original domain names here).

Also when I add a single domain using the "Set-ContentFilterConfig -BypassedSenderDomains example.com" and then run the "get-ContentFilterConfig" to get the settings the previous domain is no longer on the list but the current one added took it's place.
I also cannot add multiple e-mails to the "Allow" List.

Lastly I would like to set the messages with an SCL higher or equal to "7" straight to Outlook's "SPAM" folder when it comes in but can't find how to do it.

Thank you in advance for your help!! It's greatly appreciated!
0
1pcxpert
Asked:
1pcxpert
  • 2
  • 2
2 Solutions
 
Bruno PACIIT ConsultantCommented:
Hi,

About adding several domain names in the content filter, I'm not sure but I already had problem with other powershell commands... It was about syntax. Try with quotes like that:

Set-ContentFilterConfig -BypassedSenderDomains "example.com","anotherdomain.com","andanotherdomain.com"


About why you still have some reject mails even after unchecking SCL action:
The Scoring Level rejection in the content filter has nothing to do with Sender Domain filter... Even if you remove any SCL filter you might still have a Sender Domain filter somewhere that blocks e-mails.


About moving spams to an Outlook Folder:
Why not try to "stamp" incoming suspected spam e-mails using a transport rule (you can do it in Exchange) and then add a rule on mailboxes to move stamped messages to a specific folder ?
0
 
1pcxpertAuthor Commented:
Hello PaciB,
Thanks for the reply.

The problem is not the syntax , I tried it with the quotes as well and had the same result.
Any other ideas?

You were correct , It's the "IP Block List provider" service that was blocking the e-mails and there is no setting that filters allowed domains or users. Unfortunately it'll either block if they are listed on a "Blacklist" or allow the e-mail through if they're not. so in short if I want all my clients to be able to send e-mail and have it all be accepted by the server I have to "disable" that on the server which sucks since it would be better if it gave me the option to filter. I thought the "SCL filtering" and the "IP Block List provider" worked together but they don't.

I already have a transport rule that labels any e-mail with an SCL rating equal to 5 or above with a "***Possible SPAM***" Label. but that doesn't  automatically place the e-mail in the "SPAM" folder, some goes into the "SPAM" folder and others don't.  Also if I do what you recommend then it opens up other potential headaches on each client PC that has that configuration i.e the outlook rule gets corrupted and needs looking into. I want to avoid having to deal with each client PC and want to have more of a central control over this to avoid more work for myself. What I want to know is how to adjust the SCL filtering in a way that I tell the server (and outlook) if an e-mail comes in with an SCL rating equal to or higher then 6  it should automatically make it go to the "SPAM" folder in outlook for any client PC.

Thanks again for the help, i appreciate it!
0
 
Bruno PACIIT ConsultantCommented:
Hi,

About a transport rule to tag messages as spam so that Exchange will store them in "Junk mail" folder, take a look at chapter 8.8.2 of this article : http://support.gfi.com/manuals/en/me2010/me2010acmanual.1.36.html


If the transport rule forces the Spam Confident Level (SCL) to 9 then the mail should be stored in the Junk Mail folder.

You may try a rule like that :
"If the SCL is above 'N' then set the SCL to 9" and test it.

Have a good day
0
 
1pcxpertAuthor Commented:
Thanks again for the help !
Much appreciated!
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now