Anti-Spam

Quick antispam report or status check?

Having received an annoyingly higher proportion of spam in my Inbox this morning, I wanted to quickly check what the antispam agents are doing. Here’s a quick cmdlet (besides the ones to check whether the antispam agents are enabled, checking the Content Filter SCL thresholds, etc.). Get-AgentLog -StartDate “6/16/2008” | group action | ft name,count […]

More →

Errata: Edge Subscription and Synchronization white paper

The white paper on Edge Subscription and Synchronization has the following error: Under Recipient Information: Distribution groups are not replicated to ADAM. Distribution Groups are in fact replicated to ADAM using EdgeSync. In Exchange Server 2007 SP1, Distribution Group membership (the member attribute) is also replicated. On Windows Server 2008, ADAM is replaced by Active […]

More →

Assigning SCL to messages scanned by 3rd-party antispam filters

Here’s a problem I had a hard time resolving on Exchange Server 2003. Exchange Server 2007’s Transport Rules resolve this within minutes. Pretend you’re taking a Microsoft exam: Scenario: “You are the Exchange administrator for your organization… “. Exchange has the Content Filter Agent (CFA), and the Edge Transport Server role designed to be a […]

More →

Keeping tabs on Antispam filters: A few handy scripts in Exchange Server 2007

One of the more useful improvements in Exchange Server 2007 is the abundance of logging for different features and components (read previous post “Exchange Server 2007: How many logs hath thee?“). In particular, the antispam agent logs fill an important gap in monitoring, reporting and troubleshooting message flow as it relates to antispam agents (read […]

More →

Disabled mailboxes: Can they really receive email?

Some truths you live with for a lifetime, like Outlook users cannot send email using an alternate email address (with Outlook in MAPI mode – read previous post: “HOW TO: Send as alternate email address“). Others change as Microsoft Exchange evolves, either through new versions of Exchange server, or service packs and hotfixes. Disabled mailboxes […]

More →

220 Welcome to a California mail server: Fighting spam with SMTP Banners

If you are interested in messaging and fighting spam, you probably watch the legal response to spam with some interest. Given the nature of email and the art of remaining anonymous or otherwise untraceable that spammers seem to have mastered, anti-spam laws were written off as largely ineffective, or even ridiculous. (The FTC begs to […]

More →

Connection Filtering, RBLs and SMTP logs in Exchange 2007/2010

Exchange Server 2003’s Connection Filtering feature allows you to block connections from IP addresses explicitly added to the Global Deny List, or drop messages from IP addresses listed on a RBL (Real-Time Blackhole List / Real-Time Block List). Note: The term “RBL” is commonly used to describe DNS Black Lists (DNSBLs), but it’s a trademark […]

More →

SCRIPT: Turning on Filter Junk Email

OWA users who never logon using Outlook do not have their Junk Mail filtering option turned on by default. Exchange MVP Glen Scales has a script here that allows you to turn this on programmatically for Exchange Server 2007 users.

More →

Why Get-TransportAgent doesn’t agree with the Exchange console

You disable a particular anti-spam agent — let’s say the Content Filtering Agent, using the Exchange Management Console (EMC). Figure 1: Disabling a transport “agent” in the Exchange Management Console Next, you use the Get-TransportAgent command to get the status of transport agents — and surprisingly the Content Filter Agent shows up as Enabled! Figure […]

More →

Header Firewall: Why spammers can’t insert fake SCL (and other Exchange Organization) X headers

After almost a year and a half of working with Exchange Server 2007, I still stumble into features I haven’t tested before. When it happens, it blows holes into my theories about how well I know E12. :) It started when investigating why a certain message – likely not from an authenticated source, would have […]

More →