Solved

Ex13 - can't manually install Connection Filtering

Posted on 2014-09-29
14
249 Views
Last Modified: 2014-10-02
Migrated from Ex07 -> Ex13 about a year ago. I have been trying to firm up anti-spam features and wanted to go back to the block lists I had working previously.  I ran the script to install antispam, but saw that Connection Filtering is not there. I searched KBs and found this procedure to manually install the agent:

>>>Install-TransportAgent -Name "Connection Filtering Agent" -TransportService FrontEnd -TransportAgentFactory "Microsoft.Exchange.Transport.Agent.ConnectionFiltering.ConnectionFilteringAgentFactory" -AssemblyPath "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll"

>>>Enable-TransportAgent -TransportService FrontEnd -Identity "Connection Filtering Agent"

(no errors)

>>>Restart-Service MSExchangeTransport

But still no joy here:

>>>Get-Transportagent

Identity                                           Enabled         Priority
--------                                           -------         --------
SMSMSERoutingAgent                                 True            1
SMSMSESMTPAgent                                    True            2
Transport Rule Agent                               True            3
Malware Agent                                      False           4
Text Messaging Routing Agent                       True            5
Text Messaging Delivery Agent                      True            6
Content Filter Agent                               True            7
Sender Id Agent                                    True            8
Sender Filter Agent                                True            9
Recipient Filter Agent                             True            10
Protocol Analysis Agent                            True            11

I have installed and enabled blocklists and still no apparent action in the logs.  I think the reason is the failure to have Connection Filtering active.

I was hoping one of you Exchange wizards (Simon ?) could help out.   Thank you.
0
Comment
Question by:dvanaken
  • 7
  • 5
  • 2
14 Comments
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 250 total points
ID: 40349796
Connection Filter agent is only available on servers with the Edge role.
http://technet.microsoft.com/en-gb/library/jj218660(v=exchg.150).aspx

If you don't have the Edge role then you will need to use something else to do the filtering.
Vamsoft ORF is my usual tool of choice here.

Simon.
0
 

Author Comment

by:dvanaken
ID: 40349840
Simon. Thanks for your help. Pardon my ignorance on this but since I am running  on a single box does that mean no edge role exists?
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 250 total points
ID: 40349933
Correct. Edge is a separate role. It can not coexist on a multi-role server.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40349950
Edge is a separate server, and the role was only introduced recently.
It will require an additional Windows and Exchange licence, which means in most cases it is poor value for money.

Simon.
0
 

Author Comment

by:dvanaken
ID: 40350033
I will check out vamsoft - I used orf years ago on NT-based Exchange.  Many thanks!
0
 

Author Comment

by:dvanaken
ID: 40350035
Do I need to "uninstall" anything I did or can I just go safely forward with vamsoft?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40350067
Looks like despite running those command the Connection Filter didn't install anyway. So you should be good. Up to you whether you want to keep the other Anti-spam features enabled.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:dvanaken
ID: 40350178
Whoops - it now looks like it's working!  I found a blog that swears it works and I followed those steps.

[PS] C:\Windows\system32>Get-TransportAgent -TransportService Frontend

Identity                                           Enabled         Priority
--------                                           -------         --------
Connection Filtering Agent                         True            1

Then I tried an actual test of spamhaus via email:

Here's how the conversation looked from sbl.crynwr.com.
Note that some sites don't apply the SBL block to postmaster, so I use your envelope sender as the To: address.

I connected to 50.243.42.83 and here's the conversation I had:

220 mail.domain.com Microsoft ESMTP MAIL Service ready at Mon, 29 Sep 2014 11:05:25 -0400 helo sbl.crynwr.com
250 mail.domain.com Hello [192.203.178.107] mail from:<>
250 2.1.0 Sender OK
rcpt to:<me@domain.com>
550 5.7.1 Recipient not authorized, your IP has been found on a block list Terminating conversation


Seems to be working - agreed?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40350282
Seems that way. But possibly not a supported configuration by Microsoft.

Can you link the blog post. Would be curious to read it.
0
 

Author Comment

by:dvanaken
ID: 40350307
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40350667
Hmm. Interesting read. My only concern would be if Microsoft would support you in this configuration.
0
 

Author Comment

by:dvanaken
ID: 40350670
GG:  Thanks for your comments.  I guess worst case is I would have to uninstall the agent...  I'll leave it for now and check the results in a week.

Thanks again.
0
 

Author Closing Comment

by:dvanaken
ID: 40357107
Thank you both for your help.  As far as I can tell, this seems to be working despite MSFT architecture.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40358065
Awesome.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now