Problems with Exchange 2010 transportrule based whitelist

Posted on 2013-01-30
Last Modified: 2013-02-25
I have created an transportrule to whitelist emails from specific senders.

Condition:  When the ‘From’ matches ‘’
Action:     Set the spam confidence level to ‘-1’

For some reason several emails are still blocked by their original SCL value.

Below an email header from a not recognized email while the text ‘’ is in the whitelist condition.

Does anyone know why this email is not recognized by the whitelist transportrule?

-- Start email header ---------------------------------------------------------------------------------------------------------

[Received: from ( by
 ( with Microsoft SMTP Server id 14.1.421.2; Tue, 29 Jan 2013
 08:06:41 +0100
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1;;
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1;;
Received: from ( by id h0tqg214huom for
 <>; Tue, 29 Jan 2013 07:06:27 +0000 (envelope-from
Subject: Uw eigen plan van aanpak voor Het Nieuwe Werken
From: =?utf-8?Q?Platform=20Over=20Het=20Nieuwe=20Werken?=
Reply-To: =?utf-8?Q?Platform=20Over=20Het=20Nieuwe=20Werken?=
To: =?utf-8?Q??= <>
Date: Tue, 29 Jan 2013 07:06:27 +0000
Message-ID: <>
X-Mailer: MailChimp Mailer - **CIDedbd0c3b96f75e19d3f8**
X-Campaign: mailchimpd0b0b3cc44b2b15b838dabb92.edbd0c3b96
X-campaignid: mailchimpd0b0b3cc44b2b15b838dabb92.edbd0c3b96
X-Report-Abuse: Please report abuse for this campaign here:
x-accounttype: pd
List-Unsubscribe: <>, <>
Sender: Platform Over Het Nieuwe Werken
x-mcda: FALSE
Content-Type: multipart/alternative;
MIME-Version: 1.0
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-SCL: 7
X-EsetResult: clean, is OK
X-EsetId: C5A8343C3AD2183397EF6F

-- End email header ----------------------------------------------------------------------------------------------------------
Question by:ErikE01
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6

Expert Comment

ID: 38834697
do you use the exchange antispam feature? / have it activated?

if that is so my guess might be that the antispam feature takes action even before the message is handled by the transportrules.

try setting the sender to the whitelist in the antispam section.


Author Comment

ID: 38834730
Thanks for your quick response.

I have installed the antispam feature but all options are disabled. This problem also occurred before installation of this feature.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38835312
If it was happening before you installed the antispam agents then it isn't Exchange setting the SCL value. I am aware that other products do that as well - Trend is one I believe, but others do so. If the agents are disabled, then Exchange isn't doing the filtering.

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 38835469
Hallo Simon,

The example email is received with an ICL=7. The part of the senders email address (= '’) is defined in the whitelist transportrule. So the transportrule should recognize the sender as whitelisted and change the SCL to -1.

Do you mean that another application changed the SCL back to 7 after the whitelist transportrule changed it to -1?
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38835525
That is exactly what I am saying.
You said the problem occured before installing the agents. That means it wasn't Exchange writing the header.


Author Comment

ID: 38835609
Have you any idea what kind of application this could be???
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38835724
Antispam or AV with built in Antispam - I gave some suggestions above.


Author Comment

ID: 38854095
Yes, the SCL code is added to the emails by the virus checker NOD32. This happens before the transportrules are checking the email. So I still do not understand why the whitelist transportrule does not recognize the sender and does not reset the SCL value to -1???
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38854212
Probably because Exchange didn't do it. I don't know, as I haven't used the NOD32 product.


Author Comment

ID: 38907448
Does anyone have a solution?
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38908366
You cannot "Bump" questions on this site - the only people who who see that are those that have already posted. I gave you what I believe to be the solution - the SCL value is being placed on the emails by something other than Exchange.


Author Comment

ID: 38908547
Thank for your reaction and the effort you put in my question. I appreciate it, but I do not think your  input  is a solution for my problem. As I wrote before, this problem only happening with some emails.  For all the other emails ,who also got their SCL-value from NOD32, it is working well.
On the other hand, I think that the real problem is that the transportrule does not recognize some email address from the whitelist (condition: when the From matches ….). For all the other emails it is working well. So my question is why not always?
As an extra check I add a special message classification in the whitelist transportrule to the email that is recognized as whitelisted.  Again some (not all!) emails that are on the whitelist, are not recognized by the transportrule (the SCL <> -1 an the massage has no classification). So the problem is not the SCL from NOD32.
Do you agree?
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 400 total points
ID: 38915004
If you have a third party product that is writing to the headers as well as Exchange then you are going to get problems. The only way I would troubleshoot it is to remove the third party product, reboot and see if the problem continues. Disabling it is not enough, because it still has its hooks in Exchange.
Almost all "odd" behaviour I see in Exchange is caused by third party products, so is always the first thing that I will remove.


Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
EXCH2013 DB 3 14
Round robin for Exchange 2013 4 26
PowerShell:  Use of subproperties in a Select statement 7 31
Utilizing an array to gracefully append to a list of EmailAddresses
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question