Solved

Problems with Exchange 2010 transportrule based whitelist

Posted on 2013-01-30
13
1,135 Views
Last Modified: 2013-02-25
I have created an transportrule to whitelist emails from specific senders.

Condition:  When the ‘From’ matches ‘@example.nl’
Action:     Set the spam confidence level to ‘-1’

For some reason several emails are still blocked by their original SCL value.

Below an email header from a not recognized email while the text ‘@vakmedianet.nl’ is in the whitelist condition.

Does anyone know why this email is not recognized by the whitelist transportrule?


-- Start email header ---------------------------------------------------------------------------------------------------------

[Received: from mail64.us4.mcsv.net (205.201.128.64) by mailserver.abcd.nl
 (213.163.67.230) with Microsoft SMTP Server id 14.1.421.2; Tue, 29 Jan 2013
 08:06:41 +0100
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=mail64.us4.mcsv.net;
 h=Subject:From:Reply-To:To:Date:Message-ID:List-Unsubscribe:Sender:Content-Type:MIME-Version; i=vakinformatie=3Dvakmedianet.nl@mail64.us4.mcsv.net;
 bh=Cxwj8TbNCLBTjnBou2mrXh7TqFg=;
 b=tP/2ac/1s+X9l0ddRye4Zyloz7hXo7CabcoNm68nunHNF+pdhUqWa7ZJXV36EyzvLHiXtTpImssC
   RBvqYUVs2lGKqq26oRIYRzHzbgsTIKwZYwl41yW9eTD/ZkllMyIzBuXmoQwRvO/D9TTOPkNkpxfo
   eMH9p2c/5vspKoNHKqo=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=mail64.us4.mcsv.net;
 b=E940+6zqJfDTReKayX5X6fmjLFGQFs32kVlu7dVILQMdKfsFL2PtIVafw2Z6Bh6wx+nfiSpSIOR/
   xudJVY0WeTSlYQ26p6SvcZZVTMcZaWTFWPVbQh347FuZKYRD7kTb+TAseaPw05I3XJoJY6o5Bkag
   S1FPd/YRAlLY4lW9Tlo=;
Received: from (127.0.0.1) by mail64.us4.mcsv.net id h0tqg214huom for
 <medewerker@abcd.nl>; Tue, 29 Jan 2013 07:06:27 +0000 (envelope-from
 <bounce-mc.us1_883425.1243737-medewerker=abcd.nl@mail64.us4.mcsv.net>)
Subject: Uw eigen plan van aanpak voor Het Nieuwe Werken
From: =?utf-8?Q?Platform=20Over=20Het=20Nieuwe=20Werken?=
      <vakinformatie@vakmedianet.nl>
Reply-To: =?utf-8?Q?Platform=20Over=20Het=20Nieuwe=20Werken?=
      <vakinformatie@vakmedianet.nl>
To: =?utf-8?Q??= <medewerker@abcd.nl>
Date: Tue, 29 Jan 2013 07:06:27 +0000
Message-ID: <d0b0b3cc44b2b15b838dabb92f75e19d3f8.20130129070610@mail64.us4.mcsv.net>
X-Mailer: MailChimp Mailer - **CIDedbd0c3b96f75e19d3f8**
X-Campaign: mailchimpd0b0b3cc44b2b15b838dabb92.edbd0c3b96
X-campaignid: mailchimpd0b0b3cc44b2b15b838dabb92.edbd0c3b96
X-Report-Abuse: Please report abuse for this campaign here: http://www.mailchimp.com/abuse/abuse.phtml?u=d0b0b3cc44b2b15b838dabb92&id=edbd0c3b96&e=f75e19d3f8
x-accounttype: pd
List-Unsubscribe: <mailto:unsubscribe-d0b0b3cc44b2b15b838dabb92-edbd0c3b96-f75e19d3f8@mailin1.us2.mcsv.net?subject=unsubscribe>, <http://vakmedianet.us1.list-manage.com/unsubscribe?u=d0b0b3cc44b2b15b838dabb92&id=7604c27550&e=f75e19d3f8&c=edbd0c3b96>
Sender: Platform Over Het Nieuwe Werken
      <vakinformatie=vakmedianet.nl@mail64.us4.mcsv.net>
x-mcda: FALSE
Content-Type: multipart/alternative;
      boundary="_----------=_MCPart_1314170861"
MIME-Version: 1.0
Return-Path: bounce-mc.us1_883425.1243737-medewerker=abcd.nl@mail64.us4.mcsv.net
X-MS-Exchange-Organization-AuthSource: mailserver.abcd.nl
X-MS-Exchange-Organization-AuthAs: Anonymous
X-ESET-AS: SCORE=70
X-MS-Exchange-Organization-SCL: 7
X-EsetResult: clean, is OK
X-EsetId: C5A8343C3AD2183397EF6F

-- End email header ----------------------------------------------------------------------------------------------------------
0
Comment
Question by:ErikE01
  • 6
  • 6
13 Comments
 
LVL 5

Expert Comment

by:wshty
ID: 38834697
do you use the exchange antispam feature? / have it activated?

if that is so my guess might be that the antispam feature takes action even before the message is handled by the transportrules.

try setting the sender to the whitelist in the antispam section.

regards
0
 

Author Comment

by:ErikE01
ID: 38834730
Thanks for your quick response.

I have installed the antispam feature but all options are disabled. This problem also occurred before installation of this feature.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38835312
If it was happening before you installed the antispam agents then it isn't Exchange setting the SCL value. I am aware that other products do that as well - Trend is one I believe, but others do so. If the agents are disabled, then Exchange isn't doing the filtering.

Simon.
0
 

Author Comment

by:ErikE01
ID: 38835469
Hallo Simon,

The example email is received with an ICL=7. The part of the senders email address (= '@vakmedianet.nl’) is defined in the whitelist transportrule. So the transportrule should recognize the sender as whitelisted and change the SCL to -1.

Do you mean that another application changed the SCL back to 7 after the whitelist transportrule changed it to -1?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38835525
That is exactly what I am saying.
You said the problem occured before installing the agents. That means it wasn't Exchange writing the header.

Simon.
0
 

Author Comment

by:ErikE01
ID: 38835609
Have you any idea what kind of application this could be???
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38835724
Antispam or AV with built in Antispam - I gave some suggestions above.

Simon.
0
 

Author Comment

by:ErikE01
ID: 38854095
Yes, the SCL code is added to the emails by the virus checker NOD32. This happens before the transportrules are checking the email. So I still do not understand why the whitelist transportrule does not recognize the sender and does not reset the SCL value to -1???
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38854212
Probably because Exchange didn't do it. I don't know, as I haven't used the NOD32 product.

Simon.
0
 

Author Comment

by:ErikE01
ID: 38907448
Does anyone have a solution?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38908366
You cannot "Bump" questions on this site - the only people who who see that are those that have already posted. I gave you what I believe to be the solution - the SCL value is being placed on the emails by something other than Exchange.

Simon.
0
 

Author Comment

by:ErikE01
ID: 38908547
Thank for your reaction and the effort you put in my question. I appreciate it, but I do not think your  input  is a solution for my problem. As I wrote before, this problem only happening with some emails.  For all the other emails ,who also got their SCL-value from NOD32, it is working well.
On the other hand, I think that the real problem is that the transportrule does not recognize some email address from the whitelist (condition: when the From matches ….). For all the other emails it is working well. So my question is why not always?
As an extra check I add a special message classification in the whitelist transportrule to the email that is recognized as whitelisted.  Again some (not all!) emails that are on the whitelist, are not recognized by the transportrule (the SCL <> -1 an the massage has no classification). So the problem is not the SCL from NOD32.
Do you agree?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 400 total points
ID: 38915004
If you have a third party product that is writing to the headers as well as Exchange then you are going to get problems. The only way I would troubleshoot it is to remove the third party product, reboot and see if the problem continues. Disabling it is not enough, because it still has its hooks in Exchange.
Almost all "odd" behaviour I see in Exchange is caused by third party products, so is always the first thing that I will remove.

Simon.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now