Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exchange 2010 spam filter

Status
Not open for further replies.

jmics

Technical User
Feb 29, 2012
42
US
I have an Exchange 2010 server which is proving to be a challenge where configuring antispam is concerned. It is a hub role server, with only a firewall in front of it. It has the antispam feature installed.

I am finding the following issues:

Opening the ECM, selecting properties of Content Filtering and then the exceptions tab, I see an email address that I entered. If I go to the EMS and issue a get-contentfilterconfig, I see different email addresses in the bypassedsenders property, but not the one I see in the ECM, and the ones I see here are not listed there (in the ECM). Why is that, and how can I get them to be consistent ?

None of the emails appear to have SCL values or stamps in the headers, although something must be putting them in the spam inbox. Checking the agent logs, I can see that emails which arrive in the spam inbox have a value of "SenderIDStatus pass" in the Diagnostics field, but there is nothing in the log entry to indicate why they end up there. Looking at the headers, I see "Content Filter agent quarantined this message", which implies that a score is being assigned and used, but I can't see it.

There are articles I have read about exposing the SCL and various other fields, and displaying them in Outlook 2007, and I have added the columns, but the fields never populate.

There is a version of perfmon which displays counters for the number of emails assigned SCLs from 1 to 9, but I can't see how to configure it to display that report. As an example, it is presented in this article: . The version on my Exchange server is 6.1.7601, which does not show those counters.

I see transport rules in the EMC, but I don't understand where they fit in relative to the antispam features, as in are they processed before or after the antispam rules ?

I have seen different articles about how to use the options in transport rules, and how those options need to be coded in order to work, but I haven't seen them work consistently, and I don't know which one to use in order to accomplish specific filtering tasks. I am referring to "when a recipient's address contains specific words" and other qualifiers like that. Is there a consistent set of characters, like double quotes, which need to be used in such rules ?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top