Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2016 anti-spam

Posted on 2016-11-24
3
Medium Priority
?
442 Views
Last Modified: 2017-01-17
Hi everyone, thanks for reading.

We have set up an Exchange 2016 server next to the old 2010 installation. All external mail arrives at a Linux machine first which does some virus scanning and then sends the mail to Exchange 2016, after which it gets delivered in the mailboxes which are still on 2010. Our employees are now complaining about lots of spam arriving in their mailbox, while anti-spam is enabled (sender and content filtering) and configured on Exchange 2016. Somehow, in the mail headers, I see the following information for a mail that's definitely spam (I have replaced the real server names with "TheLinuxServer" and "Exchange2016Server"):

14      X-Virus-Scanned-By      "TheLinuxServer". Result: CLEAN.
15      X-Spam-Score      14.348 (**************) BAYES_99,BAYES_999,FSL_HELO_BARE_IP_1,RCVD_NUMERIC_HELO,RDNS_NONE,STOX_REPLY_TYPE,STOX_REPLY_TYPE_WITHOUT_QUOTES,SUBJECT_NEEDS_ENCODING,SUBJ_ILLEGAL_CHARS,TVD_RCVD_IP,TVD_RCVD_IP4,URI_ONLY_MSGID_MALF
16      X-Scanned-By      MIMEDefang 2.73 on 143.169.242.22
17      Return-Path      "SpammersMailAddress"
18      X-MS-Exchange-Organization-SCL      7
19      X-MS-Exchange-Organization-PCL      2
20      X-MS-Exchange-Organization-Antispam-Report      DV:3.3.5705.600;OrigIP:"SpammersIP"
21      X-MS-Exchange-Organization-AuthSource      "Exchange2016Server"
22      X-MS-Exchange-Organization-AuthAs      Anonymous
23      X-MS-Exchange-Organization-Antispam-Report      MessageSecurityAntispamBypass
24      X-MS-Exchange-Organization-AVStamp-Mailbox      MSFTFF;1;0;0 0 0

Why does it have the Antispam-Report twice and why does the second report say the message bypassed the anti-spam, with a spam score of +14 and an SCL of 7? It didn't do that before we had 2016 anti-spam...

If you need more info, feel free to ask. I don't want to make this post longer than necessary... Thanks in advance!
0
Comment
Question by:SysUA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 20

Expert Comment

by:Peter Hutchison
ID: 41900653
Open EMC and Expand Server Management, Transport Servers.

You need to configure the SCL (Spam confidence level) to say 5 for the Anti-Spam Content Filtering Properties on the Action menu.
E.g Reject messages with SCL rating greater than or equal to 5.

Also check the Exceptions list, to make sure that sender is not included.
0
 

Author Comment

by:SysUA
ID: 41901264
I suppose that's the 2010 console you're referring to. Wouldn't it make more sense to change this in the 2016 settings since that's where mail arrives after being checked for virusses by the linux machine?
0
 
LVL 20

Accepted Solution

by:
Peter Hutchison earned 2000 total points
ID: 41901283
Yes, you are correct, I was referring to Ex 2010 console. I meant the Anti-spam settings within the Ex 2016 ECP console which is now on the Edge and Mailbox servers via the transport agents. More info here:

https://technet.microsoft.com/en-us/library/jj218660(v=exchg.160).aspx
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question