Solved

Ex13 - can't manually install Connection Filtering

Posted on 2014-09-29
14
245 Views
Last Modified: 2014-10-02
Migrated from Ex07 -> Ex13 about a year ago. I have been trying to firm up anti-spam features and wanted to go back to the block lists I had working previously.  I ran the script to install antispam, but saw that Connection Filtering is not there. I searched KBs and found this procedure to manually install the agent:

>>>Install-TransportAgent -Name "Connection Filtering Agent" -TransportService FrontEnd -TransportAgentFactory "Microsoft.Exchange.Transport.Agent.ConnectionFiltering.ConnectionFilteringAgentFactory" -AssemblyPath "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll"

>>>Enable-TransportAgent -TransportService FrontEnd -Identity "Connection Filtering Agent"

(no errors)

>>>Restart-Service MSExchangeTransport

But still no joy here:

>>>Get-Transportagent

Identity                                           Enabled         Priority
--------                                           -------         --------
SMSMSERoutingAgent                                 True            1
SMSMSESMTPAgent                                    True            2
Transport Rule Agent                               True            3
Malware Agent                                      False           4
Text Messaging Routing Agent                       True            5
Text Messaging Delivery Agent                      True            6
Content Filter Agent                               True            7
Sender Id Agent                                    True            8
Sender Filter Agent                                True            9
Recipient Filter Agent                             True            10
Protocol Analysis Agent                            True            11

I have installed and enabled blocklists and still no apparent action in the logs.  I think the reason is the failure to have Connection Filtering active.

I was hoping one of you Exchange wizards (Simon ?) could help out.   Thank you.
0
Comment
Question by:dvanaken
  • 7
  • 5
  • 2
14 Comments
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 250 total points
ID: 40349796
Connection Filter agent is only available on servers with the Edge role.
http://technet.microsoft.com/en-gb/library/jj218660(v=exchg.150).aspx

If you don't have the Edge role then you will need to use something else to do the filtering.
Vamsoft ORF is my usual tool of choice here.

Simon.
0
 

Author Comment

by:dvanaken
ID: 40349840
Simon. Thanks for your help. Pardon my ignorance on this but since I am running  on a single box does that mean no edge role exists?
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 250 total points
ID: 40349933
Correct. Edge is a separate role. It can not coexist on a multi-role server.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40349950
Edge is a separate server, and the role was only introduced recently.
It will require an additional Windows and Exchange licence, which means in most cases it is poor value for money.

Simon.
0
 

Author Comment

by:dvanaken
ID: 40350033
I will check out vamsoft - I used orf years ago on NT-based Exchange.  Many thanks!
0
 

Author Comment

by:dvanaken
ID: 40350035
Do I need to "uninstall" anything I did or can I just go safely forward with vamsoft?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40350067
Looks like despite running those command the Connection Filter didn't install anyway. So you should be good. Up to you whether you want to keep the other Anti-spam features enabled.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:dvanaken
ID: 40350178
Whoops - it now looks like it's working!  I found a blog that swears it works and I followed those steps.

[PS] C:\Windows\system32>Get-TransportAgent -TransportService Frontend

Identity                                           Enabled         Priority
--------                                           -------         --------
Connection Filtering Agent                         True            1

Then I tried an actual test of spamhaus via email:

Here's how the conversation looked from sbl.crynwr.com.
Note that some sites don't apply the SBL block to postmaster, so I use your envelope sender as the To: address.

I connected to 50.243.42.83 and here's the conversation I had:

220 mail.domain.com Microsoft ESMTP MAIL Service ready at Mon, 29 Sep 2014 11:05:25 -0400 helo sbl.crynwr.com
250 mail.domain.com Hello [192.203.178.107] mail from:<>
250 2.1.0 Sender OK
rcpt to:<me@domain.com>
550 5.7.1 Recipient not authorized, your IP has been found on a block list Terminating conversation


Seems to be working - agreed?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40350282
Seems that way. But possibly not a supported configuration by Microsoft.

Can you link the blog post. Would be curious to read it.
0
 

Author Comment

by:dvanaken
ID: 40350307
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40350667
Hmm. Interesting read. My only concern would be if Microsoft would support you in this configuration.
0
 

Author Comment

by:dvanaken
ID: 40350670
GG:  Thanks for your comments.  I guess worst case is I would have to uninstall the agent...  I'll leave it for now and check the results in a week.

Thanks again.
0
 

Author Closing Comment

by:dvanaken
ID: 40357107
Thank you both for your help.  As far as I can tell, this seems to be working despite MSFT architecture.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40358065
Awesome.
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now