Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3040
  • Last Modified:

Exchange 2013 Spam Filtering does not seem to be working

We have just recently migrated from Exchange 2010 to Exchange 2013 and when we made the switch we immediately started receiving a ton of spam.  I have run the antispm install script and have verified that all of our settings (blacklists, whitelists, etc.) were transfered over. From what I can tell, everything is setup properly on the new server, but we are getting much more spam. How can I tell that everything anti-spam is working properly on the Exchange 2013 server?

If I run Get-TransportAgent I receive the following:
Identity                                           Enabled         Priority
--------                                           -------         --------
Transport Rule Agent                               True            1
Malware Agent                                      True            2
Text Messaging Routing Agent                       True            3
Text Messaging Delivery Agent                      True            4
Content Filter Agent                               True            5
Sender Id Agent                                    True            6
Sender Filter Agent                                True            7
Recipient Filter Agent                             True            8
Protocol Analysis Agent                            True            9
0
OAC Technology
Asked:
OAC Technology
  • 4
  • 3
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
If you use perfmon you can see how many messages were scanned by each option - for the content filter agent it will also show you what the count of each SCL value is.

Start there first, see if the values are above zero or not (they are reset by restarting the transport service).

Simon.
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
It looks like Performance Monitor is showing that messages are being scanned. As far as I can tell everything is set as it should be but we are getting spam email after spam email.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
I'd check your SCL levels.  See here:

http://technet.microsoft.com/en-us/library/aa995744(v=exchg.150).aspx

You can adjust them a little at a time until you find the sweet spot.

http://planetlotus.org/profiles/john-willemse_118363
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
OAC TechnologyProfessional NerdsAuthor Commented:
I just realized that Connection Filtering isn't installed on Exchange 2013. When I run Enable-TransportAgent "Connection Filtering Agent"
I get the response "Transport agent "Connection Filtering Agent" isn't found. This means my RBL's and reverse DNS aren't looking, correct? Is there a way to enable this?
0
 
Brad BouchardInformation Systems Security OfficerCommented:
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
Thanks. I was able to get this installed, but there is a 3 or 4 minute delay on incoming emails. Although if it is working properly and we don't get any more spam, it is worth the delay. I'll post back tomorrow if this did not solve the problem. Thanks for your help!
0
 
Brad BouchardInformation Systems Security OfficerCommented:
The delay will most likely go away.  Let me know how it goes.
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
The delay is still there, but spam has drastically decreased now. Thank you for your help on this
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now