Exchangepedia Blog is read by visitors from all 50 US States and 150 countries world-wide
Exchange 2007 Content Filter: How to move messages to Junk Mail folder
Posted by Bharat Suneja at 5:54 PM
1. SCLDeleteThreshold: Messages with SCL equal to or higher than the SCLDeleteThreshold are deleted silently. To enable the SCLDeleteThreshold:
set-ContentFilterConfig -SCLDeleteThreshold 8 -SCLDeleteEnabled:$true
2. SCLRejectThreshold: Messages with SCL equal to or higher than the SCLRejectThreshold are rejected during the SMTP session, after the data is received. In this case, senders get a NDR. To enable the SCLRejectThreshold:set-ContentFilterConfig -SCLRejectThreshold 7 -SCLRejectEnabled:$true
In the above case, Exchange doesn't accept the message. After the data is received, it responds with a 500 5.7.1 error and a rejection response (by default this response is: Message rejected due to content restrictions. This rejection message can be configured using the following command (response message used here is for illustration, not a real suggestion - Bharat) :set-ContentFilterConfig -RejectionResponse "Stop spamming you *****!"
The actual NDR is generated and sent to the sender by the sending host. What the sending host will see after the message content is sent (and if you actually modified the rejection response based on my example :)500 5.7.1 Stop spamming you *****!
Figure 1: Exchange Server 2007's Content Filtering agent can be configured with the equivalent of all 3 Gateway actions available in Exchange Server 2003's Intelligent Message Filter (IMF): 1) Delete messages 2) Reject messages and 4) Quarantine messages
3. SCLQuarantineThreshold: Messages with SCL equal to or higher than the SCLQuarantineThreshold are delivered to the quarantine mailbox, provided you have one configured. To enable the SCLQuarantineThreshold and configure a quarantine mailbox:
set-ContentFilterConfig -SCLQuarantineThreshold 6 -SCLQuarantineEnabled:$true -QuarantineMailbox:MyQuarantineMailbox@mydomain.com
This is an improvement over IMF, which had only one gateway action (and one corresponding gateway threshold). The Content Filter agent allows the flexibility of enabling all three actions on the gateway - the rule is: SCLDeleteThreshold > SCLRejectThreshold > SCLQuarantineThreshold.To get a list of all three SCL values and whether each action is enabled or not, use the following command:
get-ContentFilterConfig | Select SCL*
So where's the equivalent of IMF's Store threshold? (to move messages to users' Junk Mail folders)?It's called SCLJunkThreshold, and it resides in a different location - in the Organization configuration. It can be set using the set-OrganizationConfig command:
set-OrganizationConfig -SCLJunkThreshold 5
Setting SCLJunkThreshold not intuitive?
Before you jump to conclusions about this being counter-intuitive, or confusing - which it may be, consider this - it is in response to the different server roles in Exchange Server 2007.
The gateway actions - delete, reject and quarantine - can be thought of as message transport actions, and thus applicable to transport server roles (the Edge server, or the Hub if you have antispam agents enabled on it). Moving messages to users' Junk Mail folders can be thought of as something that happens at the Store, performed by the Mailbox Server role.
The Defaults: By default, the SCLJunkThreshold is set to 4. If you have an existing Exchange Server 2003 SP2 server installed, and you haven't tweaked the Store threshold, IMF v2's default Store threshold of 8 is used - this is what you'll see in the Org's SCLJunkThreshold. Given that the SCLRejectThreshold is set to 7 by default, messages will not move to users' Junk Mail folder unless the SCLJunkThreshold is lower than the transport thresholds (i.e. the Delete, Reject and Quarantine thresholds).
How the Junk Mail threshold is calculated: Unlike the transport actions of deleting, rejecting, and quarantining messages - which check for SCL equal to or higher than their respective thresholds, for moving messages to Junk Mail folder the Store checks for SCLs higher than the SCLJunkThreshold. This is consistent with the behavior of IMF in Exchange Server 2003 (read previous post: IMF Confusion - Store threshold rating text in UI).
If you want to disable rejection of messages with SCL of 7 or above, use the following command:
set-ContentFilterConfig -SCLRejectEnabled:$false
Related Posts:
- Exchange Server 2007: Managing And Filtering Anti-Spam Agent Logs
- Moving items to Junk Mail folder doesn't do much
Labels: Anti-Spam, Exchange Server 2007, Exchange Shell, IMF
10 Comments:
I have been racking my brain the past couple days on finding the Junk threshold. Thanks a lot for this post!!
Thank you for this great post, and the formatting as well makes it easy to read.
Thank you, you saved me a lot of time.
Fantastic information! It always helps to find the key items all of us Exchange Admins need. One note: to check the current value of SCLJunkThreshold run the following:
Get-OrganizationConfig
The value for SCLJunkThreshold will be listed.
So does the CFA work if you do not have an Edge Transport? In my single E2007 environment, when I set SCLJunkThreshold to anything other than 8, ALL junk email just disappears, it never makes it into the Junk Mail folder in Outlook.
Have you installed anti-spam agents on Hub Transport server(s)?
HOW TO: Install anti-spam agents on Hub Transport server
If agents are installed on the Hub:
Exchange 2007 Content Filter: How to move messages to Junk Mail folder
Excellent information
Hi guys,
I work for an Hosted Exchange 2007 company and we're modifying the way our incomming emails are filtered.
We have a third-party solution that scan all our incomming emails and we want to have flagged emails (using Transport Rules to set the spam confidence level) moved into Junk Email folder. So to resume, when the spam confidence level is X, we want those emails moved to Junk Email folder.
For now the only way we were able to make it work is by modifying the Junk E-Mail options into OWA (Automatically filter junk e-mail).
As you can understand, we can't ask to our 70000 users to change this setting. So we want to have a way to do it server side.
I have take a look at the Glen script (http://gsexdev.blogspot.com/2007/07/turning-on-filter-junk-email-in.html) but I'm surprise that this is the only way to have the flagged emails move to the Junk Email Folder..
I have also try to set the SCLJunkEnabled to True on 1 test mailbox using this command: Set-Mailbox -SCLJunkEnabled $True -SCLJunkThreshold 7
It's not working.. again I were able to make it work is by modifying the Junk E-Mail options into OWA.
Is there something I don't understand..?
Do you know how we can have flagged emails move to the Junk Email Folder?
Thanks for your help.
Karl
Hi, Can anybody tell me who and how SCL rating of an email is decided.
Thanks for the blog.
If all I want is to have server-side moving spams to Junk Mail folder, do I still have to:
1. run the "install-AntispamAgents.ps1" command?
2. tell every user to log into OWA and enable some junk mail option?
Post a Comment
Links to this post:
Create a Link
<< Home