Solved

Exchange 2010 Anti-Spam - Custom Words

Posted on 2014-10-16
3
246 Views
Last Modified: 2015-02-19
We've been getting an awful lot of spam, so I've been adding words to the custom words list and changing the rating for deletion down to 6. I also created a transport rule where if the SCL rating is 7+/delete message.

However, using only a specified custom word in both the subject and body - I am still able to email myself from my personal email. So it's never actually checking against the custom words list.

All of the anti spam nodes are enabled in OC>AntiSpam and SC>Hub

Any advice besides purchasing third party software?
0
Comment
Question by:RISLA
  • 2
3 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40385493
Third party software is usually the best option if you find the built in tools aren't doing the job. Custom words I find is not very productive, plus you are wasting bandwidth because the message is delivered before you can actually scan it.

If you look at the headers of the message that gets through - does it have an SCL value?

Simon.
0
 

Author Comment

by:RISLA
ID: 40386508
I am seeing an SCL, never even thought to check...very new to Exchange.

Here is one example of spam

Received: from 006c6859.zymorn.info (173.44.212.153) by
 server.mydomain x.x.x.x) with Microsoft SMTP Server id
 x.x.x.x; Fri, 17 Oct 2014 06:11:52 -0400
Received: by 006c6859.ear60lj.zymorn.info      (amavisd-new, port 6387) with ESMTP
 id 00SWOUNG6C68MJJRED59;      for <me@domain.com>; Fri, 17 Oct 2014 03:12:32
 -0700
Date: Fri, 17 Oct 2014 03:12:32 -0700
Subject: Printer Ink-Save up to 85% off.
To: <me@domain.com>
From: Cheapprinterink <Cheapprinterink@zymorn.info>
Message-ID: <3872017104214387154143545643@ear60lj.zymorn.info>
Content-Language: en-us
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: multipart/alternative;
      boundary="----=Part.715.4235.1413540752"
Return-Path: Cheapprinterink@zymorn.info
X-MS-Exchange-Organization-AuthSource: server.domain.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-PRD: zymorn.info
X-MS-Exchange-Organization-SenderIdResult: None
Received-SPF: None (RIJB-EX.nesla-domain.com: Cheapprinterink@zymorn.info
 does not designate permitted sender hosts)
X-MS-Exchange-Organization-SCL: 5
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.14213.475;SID:SenderIDStatus None;OrigIP:173.44.212.153

Thanks for your help with this!
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40387290
There is your SCL value:
X-MS-Exchange-Organization-SCL: 5

If you have deletion set at 6, that message should have been deleted.

The IP address in the message is on a number of blacklists, so that would have caught it as well.

Have you configured the content filter to delete the messages at 6?
http://technet.microsoft.com/en-gb/library/aa995953(v=exchg.150).aspx

Simon.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Identify bottom to remote server 2 32
Exchange 2010 Public Folder move to new Exchange 2010 server. 1 39
exchange out of office 8 40
Exchange 2010 Certs 2 15
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now