SBS2011 with on premises Exchange 2010, Using EOP - Not moving Spam to Junk Folder

Hi,
I have a client with SBS2011 and Exchange 2010 on premises. I have setup Exchange online protection and the email is flowing correctly. However I cannot get the SPAM to be moved to the junk folder.

I have followed the EOP setup procedures by doing the following;

Using EMS the following script was ran:-
set-organizationconfig -scljunkthreshold 4

And the following Transport Rules have been created;

Spam Content Filter:-
Apply Rule to messages when the 'X-Forefront-Antispam-Report' contains 'SFV-SPM'
perpend message subject with 'SPAM' and set the spam confidence level to '5'

Spam Filter:-
Apply Rule to messages when the 'X-Forefront-Antispam-Report' contains 'SFV-SKS'
perpend message subject with 'SPAM' and set the spam confidence level to '5'

Spam message are prepended with the 'SPAM' but are not moved to the junk folder. is there a step I am missing?
I have also tried setting all of the above to 6, but I read somewhere the transport rules have to be one above the scljunkthreshold.

After each change I have restarted the Exchange Transport service.

Thanks and kind regards,
Col
VitalNetworkSolutionsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Randy DownsOWNERCommented:
Have you seen this?

Access the Exchange Management Shell for your on-premises Exchange server. For information about accessing and using the Shell with Exchange 2013, see Exchange Management Shell.

Run the following command to route content-filtered spam messages to the Junk Email folder:

New-TransportRule "NameForRule" -HeaderContainsMessageHeader "X-Forefront-Antispam-Report" -HeaderContainsWords "SFV:SPM" -SetSCL 6

Open in new window


Run the following command to route messages marked as spam prior to reaching the content filter to the Junk Email folder:

New-TransportRule "NameForRule" -HeaderContainsMessageHeader "X-Forefront-Antispam-Report" -HeaderContainsWords "SFV:SKS" -SetSCL 6

Open in new window

0
VitalNetworkSolutionsAuthor Commented:
Hi Randy,

Yes, this is how I created the rules. Initially I created the rules exactly as your previously post, however to prove the emails were been marked as spam I added the action Prepend email with 'SPAM' if detected as spam.

Spam emails are being prepended with 'SPAM' but not being moved to the  junk folder.

I am very confused.

Thanks,
Col
0
Randy DownsOWNERCommented:
This help?

Use the EAC to configure spam filter policies

In the Exchange admin center (EAC), navigate to Protection > Spam filter.
Do one of the following on the general page:

Double-click the default policy in order to edit this company-wide policy.

Click the Add Icon New icon in order to create a new custom spam-filter policy that can be applied to users, groups, and domains in your organization. You can also edit existing custom policies by double-clicking them.
For custom policies only, specify a name for this policy. You can optionally specify a more detailed description as well. You cannot rename the default policy.

Note:
When creating a new policy, all configuration settings appear on a single screen, whereas when editing a policy you must navigate through different screens. The settings are the same in either case, but the rest of this procedure describes how to access these settings when editing a policy.

On the spam and bulk email actions page, under Spam and High confidence spam, select the action to take for incoming spam and bulk email. By default, Move messages to Junk Email folder is selected. The other possible values are:

Move message to Junk Email folder   Sends the message to the Junk Email folder of the specified recipients. This is the default action for both confidence threshold levels.

Important:
For Exchange Online Protection (EOP) customers: In order for this action to work with on-premises mailboxes, you must configure two Exchange Transport rules on your on-premises servers to detect spam headers added by EOP. For details, see Ensure that spam is routed to each user's Junk Email folder.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

VitalNetworkSolutionsAuthor Commented:
Hi Randy,

Unfortunately not. This relates to exchange online mailboxes, and the note at the bottom for users of EOP, which is relevant to my setup, are the procedures to the rules you mentioned before.

Thanks,
Col
0
Randy DownsOWNERCommented:
Did you do this? It's a prerequisite for the 2 rules. Obviously you are catching the emails & pre-pended them. Maybe SclJunkThreshold is not correct.

Note:
These steps assume that the SclJunkThreshold property (of the Set-OrganizationConfig cmdlet) has a value of 4. If this value is changed to a value above 6, such as 7 or 8, the SetScl value in the following cmdlets must be set to 9. For more information about how different SCL ratings are interpreted by the service, see Spam confidence levels.
0
VitalNetworkSolutionsAuthor Commented:
Hi Randy,

Yes, I had previously set the SCLJunkThreshold using the following script in Exchange Management Shell;

Set-OrganizationConfig -SCLJunkThreshold 4

However I cannot confirm it has been applied as I do not know the command to display the SCLJunkThreshold.

Thanks,
Col
0
Randy DownsOWNERCommented:
Myabe this will help.

You can use several built-in scripts located in the %ExchangeInstallPath%Scripts folder, such as get-AntispamSCLHistogram.ps1, for gathering filtering result data. If the data indicates that you need to make immediate adjustments, reconfigure the SCL thresholds. Otherwise, collect data and analyze the spam reporting to determine whether adjustments are required.
0
VitalNetworkSolutionsAuthor Commented:
Hi Randy,

I have confirmed the level with the following;

Get-OrganizationConfig | FL SCLJunkThreshold

The SCLJunkThreshold is 4

Thanks,
Colin
0
VitalNetworkSolutionsAuthor Commented:
Hi Randy,

The results from these scripts only confirm what I have setup and the emails are detected as spam.
I think the issue is with either a server setting or possibly the clients. They use MS Outlook 2010. However the same issue happens using OWA also, the issue is probably originating from the server.

I have just noticed on one of the client the email are delivered to the spam folder but move to the inbox. I'm not sure if this is happening on all clients, but I don't think so. The sender is not in there contacts, and there are no rules within Outlook.

Also I have checked the email header and the SCL is set to 5.

I have other customers using EOP and they work just fine. That's what makes this so confusing.

Thanks and kind regards,
Col
0
Randy DownsOWNERCommented:
Since it's all of your clients & OWA, I would lean in the direction of the server setting. Have you rebooted the server or is that possible?
0
VitalNetworkSolutionsAuthor Commented:
Hi Randy,

That is a good point. I will be able to reboot the server this evening. I'll update you to the results.

Thanks,
Col
0
VitalNetworkSolutionsAuthor Commented:
Hi Randy,

I have reboot the server this evening but I get the same results.
The spam is being prepended with 'SPAM' but not being moved to the junk folder.

Kind regards,
Col
0
Randy DownsOWNERCommented:
This looks like another application is at work. Anti-virus/Anti-SPAM maybe?

noticed on one of the client the email are delivered to the spam folder but move to the inbox.
0
Randy DownsOWNERCommented:
All Exchange & Outlook updates in place? Did Exchange anti-SPAM ever work?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
VitalNetworkSolutionsAuthor Commented:
Hi Randy,
My apologies for responding. The Email as still being marked as SPAM but I have noticed they are delivered to the junk folder then move to the inbox. I am abandoning this question but will award you the points as everything you suggested helped me investigate.

Kind regards,
Col
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.