Improve company productivity with a Business Account.Sign Up

x
?
Solved

Exchange 2013 Spam Filtering does not seem to be working

Posted on 2014-04-07
8
Medium Priority
?
3,189 Views
Last Modified: 2014-04-09
We have just recently migrated from Exchange 2010 to Exchange 2013 and when we made the switch we immediately started receiving a ton of spam.  I have run the antispm install script and have verified that all of our settings (blacklists, whitelists, etc.) were transfered over. From what I can tell, everything is setup properly on the new server, but we are getting much more spam. How can I tell that everything anti-spam is working properly on the Exchange 2013 server?

If I run Get-TransportAgent I receive the following:
Identity                                           Enabled         Priority
--------                                           -------         --------
Transport Rule Agent                               True            1
Malware Agent                                      True            2
Text Messaging Routing Agent                       True            3
Text Messaging Delivery Agent                      True            4
Content Filter Agent                               True            5
Sender Id Agent                                    True            6
Sender Filter Agent                                True            7
Recipient Filter Agent                             True            8
Protocol Analysis Agent                            True            9
0
Comment
Question by:OAC Technology
  • 4
  • 3
8 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39983940
If you use perfmon you can see how many messages were scanned by each option - for the content filter agent it will also show you what the count of each SCL value is.

Start there first, see if the values are above zero or not (they are reset by restarting the transport service).

Simon.
0
 
LVL 2

Author Comment

by:OAC Technology
ID: 39984128
It looks like Performance Monitor is showing that messages are being scanned. As far as I can tell everything is set as it should be but we are getting spam email after spam email.
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39984200
I'd check your SCL levels.  See here:

http://technet.microsoft.com/en-us/library/aa995744(v=exchg.150).aspx

You can adjust them a little at a time until you find the sweet spot.

http://planetlotus.org/profiles/john-willemse_118363
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 2

Author Comment

by:OAC Technology
ID: 39984212
I just realized that Connection Filtering isn't installed on Exchange 2013. When I run Enable-TransportAgent "Connection Filtering Agent"
I get the response "Transport agent "Connection Filtering Agent" isn't found. This means my RBL's and reverse DNS aren't looking, correct? Is there a way to enable this?
0
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 2000 total points
ID: 39984267
0
 
LVL 2

Author Comment

by:OAC Technology
ID: 39984277
Thanks. I was able to get this installed, but there is a 3 or 4 minute delay on incoming emails. Although if it is working properly and we don't get any more spam, it is worth the delay. I'll post back tomorrow if this did not solve the problem. Thanks for your help!
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39984445
The delay will most likely go away.  Let me know how it goes.
0
 
LVL 2

Author Comment

by:OAC Technology
ID: 39988771
The delay is still there, but spam has drastically decreased now. Thank you for your help on this
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Organisation is organized in a pattern to flow the day to day business, every application and system is interdepended on each other and when very important “Exchange Server downtime” happened.
This is a very interesting topic. Ransomware has been around for a while but has increased drastically over the last year or so.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question