I have an Exchange 2010 server which is proving to be a challenge where configuring antispam is concerned. It is a hub role server, with only a firewall in front of it. It has the antispam feature installed.
I am finding the following issues:
Opening the ECM, selecting properties of Content Filtering and then the exceptions tab, I see an email address that I entered. If I go to the EMS and issue a get-contentfilterconfig, I see different email addresses in the bypassedsenders property, but not the one I see in the ECM, and the ones I see here are not listed there (in the ECM). Why is that, and how can I get them to be consistent ?
None of the emails appear to have SCL values or stamps in the headers, although something must be putting them in the spam inbox. Checking the agent logs, I can see that emails which arrive in the spam inbox have a value of "SenderIDStatus pass" in the Diagnostics field, but there is nothing in the log entry to indicate why they end up there. Looking at the headers, I see "Content Filter agent quarantined this message", which implies that a score is being assigned and used, but I can't see it.
There are articles I have read about exposing the SCL and various other fields, and displaying them in Outlook 2007, and I have added the columns, but the fields never populate.
There is a version of perfmon which displays counters for the number of emails assigned SCLs from 1 to 9, but I can't see how to configure it to display that report. As an example, it is presented in this article: . The version on my Exchange server is 6.1.7601, which does not show those counters.
I see transport rules in the EMC, but I don't understand where they fit in relative to the antispam features, as in are they processed before or after the antispam rules ?
I have seen different articles about how to use the options in transport rules, and how those options need to be coded in order to work, but I haven't seen them work consistently, and I don't know which one to use in order to accomplish specific filtering tasks. I am referring to "when a recipient's address contains specific words" and other qualifiers like that. Is there a consistent set of characters, like double quotes, which need to be used in such rules ?
I am finding the following issues:
Opening the ECM, selecting properties of Content Filtering and then the exceptions tab, I see an email address that I entered. If I go to the EMS and issue a get-contentfilterconfig, I see different email addresses in the bypassedsenders property, but not the one I see in the ECM, and the ones I see here are not listed there (in the ECM). Why is that, and how can I get them to be consistent ?
None of the emails appear to have SCL values or stamps in the headers, although something must be putting them in the spam inbox. Checking the agent logs, I can see that emails which arrive in the spam inbox have a value of "SenderIDStatus pass" in the Diagnostics field, but there is nothing in the log entry to indicate why they end up there. Looking at the headers, I see "Content Filter agent quarantined this message", which implies that a score is being assigned and used, but I can't see it.
There are articles I have read about exposing the SCL and various other fields, and displaying them in Outlook 2007, and I have added the columns, but the fields never populate.
There is a version of perfmon which displays counters for the number of emails assigned SCLs from 1 to 9, but I can't see how to configure it to display that report. As an example, it is presented in this article: . The version on my Exchange server is 6.1.7601, which does not show those counters.
I see transport rules in the EMC, but I don't understand where they fit in relative to the antispam features, as in are they processed before or after the antispam rules ?
I have seen different articles about how to use the options in transport rules, and how those options need to be coded in order to work, but I haven't seen them work consistently, and I don't know which one to use in order to accomplish specific filtering tasks. I am referring to "when a recipient's address contains specific words" and other qualifiers like that. Is there a consistent set of characters, like double quotes, which need to be used in such rules ?
