Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Exchange 2010 Anti-Spam - Custom Words

Posted on 2014-10-16
3
Medium Priority
?
286 Views
Last Modified: 2015-02-19
We've been getting an awful lot of spam, so I've been adding words to the custom words list and changing the rating for deletion down to 6. I also created a transport rule where if the SCL rating is 7+/delete message.

However, using only a specified custom word in both the subject and body - I am still able to email myself from my personal email. So it's never actually checking against the custom words list.

All of the anti spam nodes are enabled in OC>AntiSpam and SC>Hub

Any advice besides purchasing third party software?
0
Comment
Question by:RISLA
  • 2
3 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40385493
Third party software is usually the best option if you find the built in tools aren't doing the job. Custom words I find is not very productive, plus you are wasting bandwidth because the message is delivered before you can actually scan it.

If you look at the headers of the message that gets through - does it have an SCL value?

Simon.
0
 

Author Comment

by:RISLA
ID: 40386508
I am seeing an SCL, never even thought to check...very new to Exchange.

Here is one example of spam

Received: from 006c6859.zymorn.info (173.44.212.153) by
 server.mydomain x.x.x.x) with Microsoft SMTP Server id
 x.x.x.x; Fri, 17 Oct 2014 06:11:52 -0400
Received: by 006c6859.ear60lj.zymorn.info      (amavisd-new, port 6387) with ESMTP
 id 00SWOUNG6C68MJJRED59;      for <me@domain.com>; Fri, 17 Oct 2014 03:12:32
 -0700
Date: Fri, 17 Oct 2014 03:12:32 -0700
Subject: Printer Ink-Save up to 85% off.
To: <me@domain.com>
From: Cheapprinterink <Cheapprinterink@zymorn.info>
Message-ID: <3872017104214387154143545643@ear60lj.zymorn.info>
Content-Language: en-us
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: multipart/alternative;
      boundary="----=Part.715.4235.1413540752"
Return-Path: Cheapprinterink@zymorn.info
X-MS-Exchange-Organization-AuthSource: server.domain.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-PRD: zymorn.info
X-MS-Exchange-Organization-SenderIdResult: None
Received-SPF: None (RIJB-EX.nesla-domain.com: Cheapprinterink@zymorn.info
 does not designate permitted sender hosts)
X-MS-Exchange-Organization-SCL: 5
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.14213.475;SID:SenderIDStatus None;OrigIP:173.44.212.153

Thanks for your help with this!
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 40387290
There is your SCL value:
X-MS-Exchange-Organization-SCL: 5

If you have deletion set at 6, that message should have been deleted.

The IP address in the message is on a number of blacklists, so that would have caught it as well.

Have you configured the content filter to delete the messages at 6?
http://technet.microsoft.com/en-gb/library/aa995953(v=exchg.150).aspx

Simon.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
In this article, I will demonstrate that how to do a PST migration from Exchange Server to Office 365. This method allows importing one single PST, or multiple PST's at once.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month14 days, 23 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question