How to configure antispam of ms exchange 2016?

This is using MS Exchange Server 2016 antispam features. Although I have run the "install antispam.ps1" successfully. However, spam still rampage. How to configure this features so as spam can be detected and caught in no time?

Thanks in advance.
Who is Participating?
MichaelBalackConnect With a Mentor Author Commented:
Hi all,

I found out how to get the antispam installed and configured:

a.      On exch2k16, open Windows Explorer, and then browse to C:\Program Files\Microsoft\Exchange Server\
V15\Scripts; search and then edit install-antispamagents.ps1 using notepad

b.      In Notepad, search for and then delete this sentence – “-EscalationTeam “antispam””. Save the file

•      MS Exchange Server 2016 with post-CU6 has to conduct the above deletion

c.      Open EMS (Exchange PowerShell), cd to C:\Program Files\Microsoft\Exchange Server\V15\Scripts; type “.\install-antispamagents.ps1”. Wait for the setup to complete

d.      5 filter agents would be installed, namely, Content filter, Sender ID filter, Sender filter, Recipient filter, Protocol Analysis filter.

Restart-Service MSExchangeTransport

e.      Next, we are going to install Connection filter agent. This agent is by far the most useful of all the agents since it allows to use online blacklists or RBLs. Type the following command in one line

Install-TransportAgent -Name "Connection Filtering Agent" -TransportService FrontEnd -TransportAgentFactory "Microsoft.Exchange.Transport.Agent.ConnectionFiltering.ConnectionFilteringAgentFactory" -AssemblyPath "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\ Microsoft.Exchange.Transport.Agent.Hygiene.dll"

f.      Enabling the agent by Enable-TransportAgent -TransportService FrontEnd -Identity "Connection Filtering Agent"
Restart-Service MSExchangeTransport

g.      In EMS, type “get-transport-agent”; you should see 5 filter agents with priority from 10 to 14


h.      In EMS, type “get-transportagent –transportservice frontend”


i.      In EMS, type get-transportconfig | fl internalSMTPServers; ensure the Exchange Server IP is included

Set-transportconfig –internalSMTPServers @{add=””}

j.      In EMS, type get-transportservice | fl Agentlog*; to see the settings as follows:


Content Filtering
k.      In EMS, type get-contentfilterconfig | fl SCL*; to see the SCLs for Delete, Reject, and Quarantine:

SCLDeleteThreshold (9); SCLDeleteEnabled (true)
SCLRejectThreshold (8); SCLRejectEnabled (false)
SCLQuarantineThreshold (6); SCLQuarantineEnabled (true)
ExternalMailEnabled $true
InternalMailEnabled $true
Enabled $true

l.      In EMS, type get-OrganizationConfig | SCL*; to see the settings for SCLJunkThreshold:

SCLJunkThreshold (5)

Sender ID Filtering (2):
m.      In EMS, type get-SenderIDConfig | fl Spoofed*; to see the settings:

SpoofedDomainAction (Delete, changed from StampStatus)
Enabled $true

Sender Reputation (4):
n.       In EMS, type get-SenderReputationConfig | fl: to see the selective settings:

SenderBlockingEnabled (true)
SrlBlockThreshold          (6)        * default, 7
SenderBlockingPeriod    (36)      * default, 24

      Sender Filtering (1):
o.      In EMS, type get-SenderFilterConfig | fl Block*; to add in and see the current blocked sender and blocked sender domain:

Set-SenderFilterConfig -BlankSenderBlockingEnabled $true –BlockedDomainsAnd Subdomains -BlockedSenders @{Add="",""}

BlankSenderBlockingEnabled (true)
Enabled $true

Connection Filter:
p.      In EMS, type get-IPBlockListProvider; to see list of RBL in descending priority:

name (; lookupdomain (
name (; lookupdomain (
name (; lookupdomain (
name (; lookupdomain (
name (; lookupdomain (
name (; lookupdomain (
Enabled $true (set-ipblocklistconfig –enabled $true)

q.      In EMS, type get-IPAllowListProvider; to see list of RBL in descending priority:

name (; lookupdomain (
name (; lookupdomain (
name (; lookupdomain (
Enabled $true

q.   Set-IPAllowListConfig:
Enabled $true

q.   Set-IPBlockListConfig:
Enabled $true

Recipient Filter:
r.    Set-recipientfilterconfig:
Enabled $true
RecipientValidationEnabled $true
Sajid Shaik MSr. System AdminCommented:
windows, exchange updates ... will update the latest spam signature updates... so keep uptodate ..

all the best
MAS (MVE)Technical Department HeadCommented:
As commented above it will get updates from Exchange updates.
Microsoft is not a good antispam company.  It is recommended to have a 3rd party antispam.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

MichaelBalackAuthor Commented:
However, I tried this

Set-SenderFilterConfig -BlankSenderBlockingEnabled $true –BlockedDomainsAnd Subdomains -BlockedSenders @{Add="",""}

-      BlankSenderBlockingEnabled (true)
-      Enabled $true

Still, the we still received emails from the above 2 listed senders. Does this antispam same as exch2k13?
MichaelBalackAuthor Commented:
Hi Sajid,

Windows updates was set automatically. So far, the latest windows updates were downloaded and installed.
JohnBusiness Consultant (Owner)Commented:
As MAS has noted, controlling spam is not a Microsoft strength.  Get third party anti spam system like Barracuda.
MAS (MVE)Technical Department HeadCommented:
If you want to manage with free antispam.  Configure sender ID. But you have to regularly update the IPs and spam domains as well.

If you can spend some money you can manage with

I recently had a bad experience with a customer last week that too we paid for Exchange Online Protection from Microsoft. Solution provoided by Microsoft was to go each PC and mark those emails as junk emails. Lol.

Finally I sorted by by adjusting junkfolder threshold to 6 and all suspected spam emails went to Junkfolder.
MichaelBalackAuthor Commented:
follow the steps as stated makes the antispam works.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.