How to configure antispam of ms exchange 2016?

This is using MS Exchange Server 2016 antispam features. Although I have run the "install antispam.ps1" successfully. However, spam still rampage. How to configure this features so as spam can be detected and caught in no time?

Thanks in advance.
LVL 1
MichaelBalackAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sajid Shaik MSr. System AdminCommented:
windows, exchange updates ... will update the latest spam signature updates... so keep uptodate ..

all the best
0
MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
As commented above it will get updates from Exchange updates.
Microsoft is not a good antispam company.  It is recommended to have a 3rd party antispam.
1
MichaelBalackAuthor Commented:
However, I tried this

Set-SenderFilterConfig -BlankSenderBlockingEnabled $true –BlockedDomainsAnd Subdomains abc.com -BlockedSenders @{Add="user1@def.com","user2@def.com"}

-      BlankSenderBlockingEnabled (true)
-      Enabled $true

Still, the we still received emails from the above 2 listed senders. Does this antispam same as exch2k13?
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

MichaelBalackAuthor Commented:
Hi Sajid,

Windows updates was set automatically. So far, the latest windows updates were downloaded and installed.
0
JohnBusiness Consultant (Owner)Commented:
As MAS has noted, controlling spam is not a Microsoft strength.  Get third party anti spam system like Barracuda.
0
MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
If you want to manage with free antispam.  Configure sender ID. But you have to regularly update the IPs and spam domains as well.
https://technet.microsoft.com/en-us/library/aa997136%28v=exchg.160%29.aspx?f=255&MSPPError=-2147217396

If you can spend some money you can manage with https://www.titanhq.com/

Offtopic
I recently had a bad experience with a customer last week that too we paid for Exchange Online Protection from Microsoft. Solution provoided by Microsoft was to go each PC and mark those emails as junk emails. Lol.

Finally I sorted by by adjusting junkfolder threshold to 6 and all suspected spam emails went to Junkfolder.
https://technet.microsoft.com/en-us/library/aa995744(v=exchg.160).aspx
0
MichaelBalackAuthor Commented:
Hi all,

I found out how to get the antispam installed and configured:

.\install-antispamagent.ps1
a.      On exch2k16, open Windows Explorer, and then browse to C:\Program Files\Microsoft\Exchange Server\
V15\Scripts; search and then edit install-antispamagents.ps1 using notepad

b.      In Notepad, search for and then delete this sentence – “-EscalationTeam “antispam””. Save the file

•      MS Exchange Server 2016 with post-CU6 has to conduct the above deletion

c.      Open EMS (Exchange PowerShell), cd to C:\Program Files\Microsoft\Exchange Server\V15\Scripts; type “.\install-antispamagents.ps1”. Wait for the setup to complete

d.      5 filter agents would be installed, namely, Content filter, Sender ID filter, Sender filter, Recipient filter, Protocol Analysis filter.

Restart-Service MSExchangeTransport

e.      Next, we are going to install Connection filter agent. This agent is by far the most useful of all the agents since it allows to use online blacklists or RBLs. Type the following command in one line

Install-TransportAgent -Name "Connection Filtering Agent" -TransportService FrontEnd -TransportAgentFactory "Microsoft.Exchange.Transport.Agent.ConnectionFiltering.ConnectionFilteringAgentFactory" -AssemblyPath "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\ Microsoft.Exchange.Transport.Agent.Hygiene.dll"

f.      Enabling the agent by Enable-TransportAgent -TransportService FrontEnd -Identity "Connection Filtering Agent"
Restart-Service MSExchangeTransport

g.      In EMS, type “get-transport-agent”; you should see 5 filter agents with priority from 10 to 14

 

h.      In EMS, type “get-transportagent –transportservice frontend”

 

i.      In EMS, type get-transportconfig | fl internalSMTPServers; ensure the Exchange Server IP is included

Set-transportconfig –internalSMTPServers @{add=”192.168.5.20”}

j.      In EMS, type get-transportservice | fl Agentlog*; to see the settings as follows:

AgentLogMaxAge
AgentLogDirectorySize
AgentLogFileSize
AgentLogPath
AgentLogEnabled

Content Filtering
k.      In EMS, type get-contentfilterconfig | fl SCL*; to see the SCLs for Delete, Reject, and Quarantine:

SCLDeleteThreshold (9); SCLDeleteEnabled (true)
SCLRejectThreshold (8); SCLRejectEnabled (false)
SCLQuarantineThreshold (6); SCLQuarantineEnabled (true)
ExternalMailEnabled $true
InternalMailEnabled $true
Enabled $true
QuarantineMailbox administrator@abc.com
Bypassedsender

l.      In EMS, type get-OrganizationConfig | SCL*; to see the settings for SCLJunkThreshold:

SCLJunkThreshold (5)

Sender ID Filtering (2):
m.      In EMS, type get-SenderIDConfig | fl Spoofed*; to see the settings:

SpoofedDomainAction (Delete, changed from StampStatus)
Enabled $true

Sender Reputation (4):
n.       In EMS, type get-SenderReputationConfig | fl: to see the selective settings:

SenderBlockingEnabled (true)
SrlBlockThreshold          (6)        * default, 7
SenderBlockingPeriod    (36)      * default, 24

      Sender Filtering (1):
o.      In EMS, type get-SenderFilterConfig | fl Block*; to add in and see the current blocked sender and blocked sender domain:

Set-SenderFilterConfig -BlankSenderBlockingEnabled $true –BlockedDomainsAnd Subdomains lucernepublishing.com -BlockedSenders @{Add="user1@contoso.com","user2@contoso.com"}

BlankSenderBlockingEnabled (true)
Enabled $true

Connection Filter:
p.      In EMS, type get-IPBlockListProvider; to see list of RBL in descending priority:

Add-IPBlockListProvider:
name (bl.spamcop.net); lookupdomain (bl.spamcop.net)
name (bb.barracudacentral.org); lookupdomain (bb.barracudacentral.org)
name (ix.dnsbl.manitu.net); lookupdomain (ix.dnsbl.manitu.net)
name (combined.njabl.org); lookupdomain (combined.njabl.org)
name (zen.spamhaus.org); lookupdomain (zen.spamhaus.org)
name (psbl.surriel.net); lookupdomain (psbl.surriel.net)
Enabled $true (set-ipblocklistconfig –enabled $true)

q.      In EMS, type get-IPAllowListProvider; to see list of RBL in descending priority:

Add-IPAllowListProvider:
name (swl.spamhaus.org); lookupdomain (swl.spamhaus.org)
name (iadb.isipp.com); lookupdomain (iadb.isipp.com)
name (query.bondedsender.org); lookupdomain (query.bondedsender.org)
Enabled $true

q.   Set-IPAllowListConfig:
Enabled $true

q.   Set-IPBlockListConfig:
Enabled $true

Recipient Filter:
r.    Set-recipientfilterconfig:
Enabled $true
BlockedRecipients
RecipientValidationEnabled $true
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MichaelBalackAuthor Commented:
follow the steps as stated makes the antispam works.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.