Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 286
  • Last Modified:

Ex13 - can't manually install Connection Filtering

Migrated from Ex07 -> Ex13 about a year ago. I have been trying to firm up anti-spam features and wanted to go back to the block lists I had working previously.  I ran the script to install antispam, but saw that Connection Filtering is not there. I searched KBs and found this procedure to manually install the agent:

>>>Install-TransportAgent -Name "Connection Filtering Agent" -TransportService FrontEnd -TransportAgentFactory "Microsoft.Exchange.Transport.Agent.ConnectionFiltering.ConnectionFilteringAgentFactory" -AssemblyPath "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll"

>>>Enable-TransportAgent -TransportService FrontEnd -Identity "Connection Filtering Agent"

(no errors)

>>>Restart-Service MSExchangeTransport

But still no joy here:

>>>Get-Transportagent

Identity                                           Enabled         Priority
--------                                           -------         --------
SMSMSERoutingAgent                                 True            1
SMSMSESMTPAgent                                    True            2
Transport Rule Agent                               True            3
Malware Agent                                      False           4
Text Messaging Routing Agent                       True            5
Text Messaging Delivery Agent                      True            6
Content Filter Agent                               True            7
Sender Id Agent                                    True            8
Sender Filter Agent                                True            9
Recipient Filter Agent                             True            10
Protocol Analysis Agent                            True            11

I have installed and enabled blocklists and still no apparent action in the logs.  I think the reason is the failure to have Connection Filtering active.

I was hoping one of you Exchange wizards (Simon ?) could help out.   Thank you.
0
dvanaken
Asked:
dvanaken
  • 7
  • 5
  • 2
2 Solutions
 
Simon Butler (Sembee)ConsultantCommented:
Connection Filter agent is only available on servers with the Edge role.
http://technet.microsoft.com/en-gb/library/jj218660(v=exchg.150).aspx

If you don't have the Edge role then you will need to use something else to do the filtering.
Vamsoft ORF is my usual tool of choice here.

Simon.
0
 
dvanakenAuthor Commented:
Simon. Thanks for your help. Pardon my ignorance on this but since I am running  on a single box does that mean no edge role exists?
0
 
Gareth GudgerCommented:
Correct. Edge is a separate role. It can not coexist on a multi-role server.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Simon Butler (Sembee)ConsultantCommented:
Edge is a separate server, and the role was only introduced recently.
It will require an additional Windows and Exchange licence, which means in most cases it is poor value for money.

Simon.
0
 
dvanakenAuthor Commented:
I will check out vamsoft - I used orf years ago on NT-based Exchange.  Many thanks!
0
 
dvanakenAuthor Commented:
Do I need to "uninstall" anything I did or can I just go safely forward with vamsoft?
0
 
Gareth GudgerCommented:
Looks like despite running those command the Connection Filter didn't install anyway. So you should be good. Up to you whether you want to keep the other Anti-spam features enabled.
0
 
dvanakenAuthor Commented:
Whoops - it now looks like it's working!  I found a blog that swears it works and I followed those steps.

[PS] C:\Windows\system32>Get-TransportAgent -TransportService Frontend

Identity                                           Enabled         Priority
--------                                           -------         --------
Connection Filtering Agent                         True            1

Then I tried an actual test of spamhaus via email:

Here's how the conversation looked from sbl.crynwr.com.
Note that some sites don't apply the SBL block to postmaster, so I use your envelope sender as the To: address.

I connected to 50.243.42.83 and here's the conversation I had:

220 mail.domain.com Microsoft ESMTP MAIL Service ready at Mon, 29 Sep 2014 11:05:25 -0400 helo sbl.crynwr.com
250 mail.domain.com Hello [192.203.178.107] mail from:<>
250 2.1.0 Sender OK
rcpt to:<me@domain.com>
550 5.7.1 Recipient not authorized, your IP has been found on a block list Terminating conversation


Seems to be working - agreed?
0
 
Gareth GudgerCommented:
Seems that way. But possibly not a supported configuration by Microsoft.

Can you link the blog post. Would be curious to read it.
0
 
dvanakenAuthor Commented:
0
 
Gareth GudgerCommented:
Hmm. Interesting read. My only concern would be if Microsoft would support you in this configuration.
0
 
dvanakenAuthor Commented:
GG:  Thanks for your comments.  I guess worst case is I would have to uninstall the agent...  I'll leave it for now and check the results in a week.

Thanks again.
0
 
dvanakenAuthor Commented:
Thank you both for your help.  As far as I can tell, this seems to be working despite MSFT architecture.
0
 
Gareth GudgerCommented:
Awesome.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 7
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now