Exchangepedia Blog is read by visitors from all 50 US States and 150 countries world-wideMessaging Hygiene features in Exchange Server 2003, including the Intelligent Message Filter (IMF), did not have a way to whitelist sending domains or SMTP addresses.
This is a follow up to a previous post, and one of the more popular ones on this blog— "IMF: Where's the whitelist?". ("IMF and whitelist" has for long been one of the most common search terms on this blog - Bharat).Whitelists are common in most 3rd-party anti-spam tools. Adding domains or SMTP addresses of important senders like customers, vendors, or your CEO's home email address (almost always an AOL address... :) for instance, ensures messages from these domains or addresses do not get filtered by the anti-spam filter.
Bypassed Senders and Sender Domains: The Whitelist
The good news is— Exchange Server 2007's shiny new Content Filter Agent (or IMF v3 if you will) has whitelists! You can add SMTP addresses and domains to the Content Filter configuration, and have messages from these senders and domains bypass the Content Filter Agent. However, you need to resort to the Exchange shell (EMS) to manage it.
Use the following shell command to add sender SMTP addresses to the BypassedSenders list:
Set-ContentFilterConfig -BypassedSenders foo@somedomain.com,foo2@somedomain.com
Use the following command to whitelist the sending domain:Set-ContentFilterConfig -BypassedSenderDomains somedomain.com,someotherdomain.com
Some whitelisting considerationsBefore you start using whitelists, here are a few things you should consider:
- SMTP headers can be spoofed easily. If spammers spoof any of the addresses or domains you whitelist, your recipients may end up getting more spam as all of it will bypass the Content Filter.
- Use SenderID Filtering to detect and protect your mail system from header spoofing.
- Maintaining whitelists, just as maintaining blacklists, is a manual process that imposes its own management costs.
- Checking every inbound message against a list of whitelisted recipients imposes a performance penalty - miniscule as it may be. Use the whitelists sparingly.
Nevertheless, many IMF users have repeatedly demanded this functionality and it's great to finally have it in what some folks call IMF v3.0.
Bypassed Recipients: The Exception List
The Content Filter can also be configured with an exception list - to not apply the filter to inbound messages for particular recipients. This can be done from the console by going to Hub Transport | Anti-spam tab | Content Filtering -> properties | Exceptions. This list is limited to a 100 recipients - you can add generic recipients that you want to exempt from the Content Filter, such as sales@yourdomain.com, info@yourdomain.com, etc.
To add recipients to the exception list using the Exchange shell:
Set-ContentFilterConfig -BypassedRecipients sales@yourdomain.com,info@yourdomain.com
Related Posts:- BypassedSenders, BypassedSenderDomains, and BypassedRecipients are multivalued attributes. The following post shows how to modify multivalued attributes:
HOW TO Update multi-valued attributes in PowerShell - Exchange 2007 Content Filter: How to move messages to Junk Mail folder
- HOW TO: Install anti-spam agents on Hub Transport server
- Quick antispam report or status check?
- HOW TO: Expose original senders and recipients of quarantined messages
Labels: Administration, Anti-Spam, Exchange Server 2007, Exchange Shell, IMF
19 Comments:
Why does Exchange 2007 suck so bad? It is half a product.
When adding people to my safe sender's list, and writing people, and then checking the box that says "trust people I write to", exchange 2007 keeps on sending emails to the SPAM box in Exchange.
And to add a domain whitelist, you have to do it via command shell. And so how can you easily look and find out your settings? And easily undo those at a later date?
You can't.
Exchange 2007 is half a product and was released way way too soon.
I am no longer discussing Exch2007 with any of my customers. Maybe when MSFT releases Service Pack 3 or something, and makes it a complete product.
Come on Microsoft. You're the richest company on the block, and your products are half-assed. This is pathetic.
Tom,
- When you add senders to the Safe Senders list in Microsoft Outlook, Exchange doesn't know about it in real time or by itself. You have to enable Safelist Aggregation.
- Yes, some configuration can only be done from the shell (typically these are non-repetitive tasks e.g. at transport server/connector/Org level).
- Given the number of overall options available to granularly control a whole bunch of settings, it's probably not possible to include everything in the console UI. For instance, look at all the recipient parameters you can set with Set-Mailbox and Set-CASMailbox commands.
- There's no denying Exchange Server 2007, as released (RTM), has some rough edges, but the issues you've raised have been addressed above. There's plenty of documentation on TechNet and other resources (including this blog) to help you navigate through this new version.
- Service Pack 1 is just around the corner, which should take care of a many issues.
- If you have more such specific issues please feel free to post here. I will be happy to respond. You can also pass on feedback directly to Microsoft.
Bharat
I'm a little late to this debate, having only just discovered where all those emails were disappearing to!
Contrary to Tom above, I love the Powershell stuff.
I am somewhat annoyed that no mention of whitelists appears in the Exchange 12 chm file though.
Thank god I've discovered this blog - I've already been sidetracked off my initial query to a couple of other useful things.
It's getting added to my RSS feeds (maybe even using Outlook this time!).
So slag, where are those emails disappearing to? That's exactly what I'm searching for and what led me to this blog!
My application may help some people. I haven't tested it with Exchange 2007 but it works with 2003. It's still in early stages of development and looks basic but it was only intended as an internal program for my own use. Having said that, I understand how annoying it is not being able to whitelist sender addresses easily.
http://auroracode.blogspot.com
Try it, it may save you hours of work and effort! Obviously you should understand the risks of whitelisting addresses rather than IP's but it is a requirement, for me anyway.
The trouble with Microsoft's anti-spam solution is that it still lies in the administrators hands to manually look for the 1% of emails that are actually legitimate, in the vast sea of junk that is out there. In Exchange 2007, Microsoft has further complicated matters by putting this junk mail into an email mailbox! At least in Exchange 2003 IMF they stored it in an EML format on the gateway...
For example, because of spending 50%-60% of my day sifting through junk to catch that small percentage, I developed a Windows service using .NET 2.0 which watches the directory in which IMF puts the archived "SPAM" messages. When a message came in it opens the EML file, logs certain header information into a database (Access or SQL/SQL Express), and twice per day sends a report to all users with a clickable link to "release" those emails. Furthermore, it contains a "whitelist" AND blacklist feature that can auto-release/delete by IP, sender, receiver, SCL rating, etc. The benefit here is that users don't have to sift through hundreds of SPAM messages rated 6 or higher (my gateway is set at 5, and user-level junk at 4) and yet not miss potentially valid email. It's completely eliminated my SPAM administrative workload. It's entirely up to the end-user to sift through his/her own crap and if a legit email does come through, they can release it AND create a "server-side" rule to allow it so it is never caught again. And it also cleans up after itself, never having more than x days/months stored on the server. The last part is that it's smart; tracking those troublesome IP addresses that the RBL doesn't catch...
It may seem to be a good idea to store the archived crap within a single mailbox, but it's taken third party programs (such as mine)which simply had to read a ASCII EML file to now have to have an Outlook client OR use IMAP/POP3 to "fetch" the mail - further fattening up the client (my service is a 48kb executable). By chosing to store their email in a mailbox, the man-hours I've spent are for naught, and ensured that I won't upgrade for a few more years as I refuse to subscribe/purchase a anti-SPAM service/product that is already provided free from Microsoft...
If you're interested in this program (called UCEArchive), send me a message - my display name AT terminalit.com. It's helped me out a lot.
Anyone have any idea how to list or view all the entries in the whitelist from the management shell or elsewhere? I can live with having to add them from the management shell (can hopefully script this someway to make it easy to do so remotely), but I would like to be able to view the list as well... and also how do you remove entries from the list? hmmm...
Here is my million dollar question....
Once you actually "whitelist" in Exchange 2007. Where in the world can you find a list/history of emails and domains "whitelisted".
Hey, trafsta.
get-contentfilterconfig should give you a list of all the content filter settings on that particular Transport server.
And I know this is the simplest of features in PowerShell, but I just love the fact that you can pipe output to the clipboard:
get-contentfilterconfig | clip
and then peruse in your favorite text editor!
The problem with
get-contentfilterconfig | clip
is that it will only post the last bypassedsenders and bypassedsenderdomain
No, it will redirect entire output from the command.
how do you remove entries from the list?
The following post shows how to add and remove single values from multivalued attributes: HOW TO Update multi-valued attributes in PowerShell
OK... you can remove entries from whitelist as explained here.
Thanks Bharat --
Guess I am a day late, and a dollar short!
This is the issue I am having. The Exchange 2007 program only remembers the last entry in the whitelist. Can this be possible? Can anyone give me an easy way, or exact command line to Add more emails in the Powershell, without deleting the last entry?
set-contentfilterconfig -BypassedSenders += user@domain.com
then I ran....
set-contentfilterconfig -BypassedSenders += user2@domain.com
and
set-contentfilterconfig -BypassedSenders += user3@domain.com
The PROBLEM is now I try to see my whitelist by doing this command.
get-ContentFilterConfig | select BypassedSenders | clip (sends output to the
clipboard)
The result of the above command is only and output of user3, it forgets that
I put in addresses 1 and 2. I tried it with the += and the + command
Anyone have any ideas???
It looks like you must add the entire list again (seprated by commas) each time you add a new domain
The way this works, as documented in HOW TO Update multi-valued attributes in PowerShell:
- Get the existing value of the property/attribute from AD and store it in a variable
- Add one or more new values using +=
- Commit updates from the variable back to AD
Do these BypassedSenderDomains and users override the Junk Mail filter settings within each Outlook client?
Post a Comment
Links to this post:
Create a Link
<< Home