Exchange 2007 anti spam on the hub transport
tenrou
Member Posts: 108
Hey,I'm having a bit of a problem with the sender filtering in that it's not working. When I put an email or a domain in that we want to block it's not actually blocking them.
I'm not getting anything in the event log, I've tried restarting all the services and I've tried uninstalling and reinstalling the script. When I look in the agent logs the messages are given the allowed tag so they're being scanned but Exchange doesn't seem to be picking up that the smtp address is in the sender filtering list.
The only possible thing that is coming to my mind is that the agents are given different priorities and possibly one of the other agents is allowing the message before it gets to sender filtering. I have made no changes to any of the default settings for any of the other agents. Only to add this specific email to sender filtering (I've tried my personal hotmail one and it doesn't block this either). I only installed the ant spam agents to block this specific domain
.
Any help would be much appreciated.
I'm not getting anything in the event log, I've tried restarting all the services and I've tried uninstalling and reinstalling the script. When I look in the agent logs the messages are given the allowed tag so they're being scanned but Exchange doesn't seem to be picking up that the smtp address is in the sender filtering list.
The only possible thing that is coming to my mind is that the agents are given different priorities and possibly one of the other agents is allowing the message before it gets to sender filtering. I have made no changes to any of the default settings for any of the other agents. Only to add this specific email to sender filtering (I've tried my personal hotmail one and it doesn't block this either). I only installed the ant spam agents to block this specific domain
.Any help would be much appreciated.
Comments
-
Claymoore
Member Posts: 1,637
How to Enable Anti-Spam Functionality on a Hub Transport Server
Ignore what I said before, I re-read your post and answered my own question.
Further down in that article are instructions on additional configuration steps that are necessary when the HT is behind another relay. I assume your HT isn't directly connected to the internet, so check out that section and the set-transportconfig -InternalSmtpServers command to configure the agent to ignore your internal servers. It is possible that the agent is filtering based on your other SMTP server information and not information further down in the header. Or maybe you didn't restart the transport agent to load the new settings.
You say you have no other rules, so nothing should be overriding your filter. The rules are processed in a specific order, but once the message clears connection filtering, sender filtering is still applied. Here is the message filtering diagram:
Understanding Anti-Spam and Antivirus Mail Flow -
Tyrant1919
Member Posts: 519 ■■■□□□□□□□
Do you have anything listed in your BypassedSenderDomains for Get-Contentfilterconfig? The only thing I can think of that would pass mail through no matter what else you've set.
I've had to add a few here in order to make sure known good mail gets through. I hate how I have to add all this via powershell, although not too hard, it is just a pain. Wish I had a nice gui.A+/N+/S+/L+/Svr+
MCSA:03/08/12/16 MCSE:03s/EA08/Core Infra
CCNA -
tenrou
Member Posts: 108
Hey, Thanks for getting back to me. The relay thing is a possiblity because all of our mail hits Messagelabs, then our ISA then Exchange. In the logs all external email has a source of the ISA server so it's maybe seeing it all as internal mail and not actually applying the sender rules to it.
In the set-transportconfig settings I don't have the ISA set in internal SMTP server. I'll try it and see what it does.
Thanks -
tenrou
Member Posts: 108
Okay, adding the ISA to the transport config was unsuccessful. I'll need to investigate but I can't understand why it doesn't just see the sender smtp address as blocked. Grrr....