Solved

Exchange 2010  content filtering (Anti-SPAM) not working properly

Posted on 2013-01-08
4
5,001 Views
Last Modified: 2013-01-23
Hello all,

I have a windows server 2012 Standard hosting a Virtual windows server 2008R2 with exchange 2010. The exchange 2010 is newly operational and was migrated from a Windows 2003 server with exchange 2003. The old exchange server is still operational since the server is also acting as DC and DNS and I didn't want to remove exchange 2003 until i know that all is working properly on the exchange 2010. The exchange 2010 is fully operational all that needs to be done is the removal of the old exchange from the 2003 server.
My issue is that I've activated the built in anti-spam on the exchange 2010 and configured it with some basic settings and things don't seem to be working right. Also when i try to configure settings such as add multiple domains to the "Allow" list, add multiple e-mails to the "Allow" list to bypass filtering.

More details:
For example I have the "Reject messages with SCL rating greater than or equal to:" unchecked (See image) SCL settings but there are some people who's e-mails still get rejected with my custom rejection error message even though rejection is set to off.(see image) REjection e-mail

I've been able to add just one domain to the "Allow List" (BypassedSenderDomains) but every time I try to add multiple ones I get an error message (see image)Error when adding multiple domains stating that one of the values is already present but from looking at the results of the "get-ContentFilterConfig" command that is not the case. (see image)get-ContentFilterConfig results
The command used was "Set-ContentFilterConfig -BypassedSenderDomains example.com,anotherdomain.com,andanotherdomain.com" (removed original domain names here).

Also when I add a single domain using the "Set-ContentFilterConfig -BypassedSenderDomains example.com" and then run the "get-ContentFilterConfig" to get the settings the previous domain is no longer on the list but the current one added took it's place.
I also cannot add multiple e-mails to the "Allow" List.

Lastly I would like to set the messages with an SCL higher or equal to "7" straight to Outlook's "SPAM" folder when it comes in but can't find how to do it.

Thank you in advance for your help!! It's greatly appreciated!
0
Comment
Question by:1pcxpert
  • 2
  • 2
4 Comments
 
LVL 16

Assisted Solution

by:PaciB
PaciB earned 500 total points
Comment Utility
Hi,

About adding several domain names in the content filter, I'm not sure but I already had problem with other powershell commands... It was about syntax. Try with quotes like that:

Set-ContentFilterConfig -BypassedSenderDomains "example.com","anotherdomain.com","andanotherdomain.com"


About why you still have some reject mails even after unchecking SCL action:
The Scoring Level rejection in the content filter has nothing to do with Sender Domain filter... Even if you remove any SCL filter you might still have a Sender Domain filter somewhere that blocks e-mails.


About moving spams to an Outlook Folder:
Why not try to "stamp" incoming suspected spam e-mails using a transport rule (you can do it in Exchange) and then add a rule on mailboxes to move stamped messages to a specific folder ?
0
 

Author Comment

by:1pcxpert
Comment Utility
Hello PaciB,
Thanks for the reply.

The problem is not the syntax , I tried it with the quotes as well and had the same result.
Any other ideas?

You were correct , It's the "IP Block List provider" service that was blocking the e-mails and there is no setting that filters allowed domains or users. Unfortunately it'll either block if they are listed on a "Blacklist" or allow the e-mail through if they're not. so in short if I want all my clients to be able to send e-mail and have it all be accepted by the server I have to "disable" that on the server which sucks since it would be better if it gave me the option to filter. I thought the "SCL filtering" and the "IP Block List provider" worked together but they don't.

I already have a transport rule that labels any e-mail with an SCL rating equal to 5 or above with a "***Possible SPAM***" Label. but that doesn't  automatically place the e-mail in the "SPAM" folder, some goes into the "SPAM" folder and others don't.  Also if I do what you recommend then it opens up other potential headaches on each client PC that has that configuration i.e the outlook rule gets corrupted and needs looking into. I want to avoid having to deal with each client PC and want to have more of a central control over this to avoid more work for myself. What I want to know is how to adjust the SCL filtering in a way that I tell the server (and outlook) if an e-mail comes in with an SCL rating equal to or higher then 6  it should automatically make it go to the "SPAM" folder in outlook for any client PC.

Thanks again for the help, i appreciate it!
0
 
LVL 16

Accepted Solution

by:
PaciB earned 500 total points
Comment Utility
Hi,

About a transport rule to tag messages as spam so that Exchange will store them in "Junk mail" folder, take a look at chapter 8.8.2 of this article : http://support.gfi.com/manuals/en/me2010/me2010acmanual.1.36.html


If the transport rule forces the Spam Confident Level (SCL) to 9 then the mail should be stored in the Junk Mail folder.

You may try a rule like that :
"If the SCL is above 'N' then set the SCL to 9" and test it.

Have a good day
0
 

Author Closing Comment

by:1pcxpert
Comment Utility
Thanks again for the help !
Much appreciated!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Outlook Free & Paid Tools
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now