MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

Exchange 2016 Anti-Spam configuration

Before know how to implement Anti-Spam on exchange server 2016 you should understand its criteria as following

Anti-Spam on exchange 2016 divided into multiple agents that can be run on Edge or mailbox role.

Agent differ according the exchange role on which you are running the anti-spam

You can prioritized the Anti-spam agents to describe how they will be applied.

You can user the Anti-spam on three ways:

  • the native Anti-spam transport agents
  • add additional Anti-spam protection by using Exchange online protection (EOP)
  • Use the third party Anti-spam product

Mailbox Server Agents:

  • Sender Filter Agent: the send SMTP address compared with the blacklist of send domains
  • Sender ID Agent: Examine the sender IP address and compared it with the SPF record to determine if the sender has been spoofed
  • Content Filtering: the Agent will scan the message content.
  • Protocol analysis: the message is processed based on the sender’s reputation which specified according to many sender characteristics accumulated over a specific period.

Edge Server Agents:

Edge server has the same agents as the mailbox server plus the below agents:

  • Connection Filtering: use the IP block and allow list to allow or block the communication with the sending server
  • Recipient Filtering: check if the message is sent to blocked recipients.
  • Attachment Filtering: messages can be blocked by attachment name or MIME type

Agents are applied in this order:

  • Connection Filtering
  • Sender Filter Agent
  • Recipient Filtering
  • Sender ID Agent
  • Content Filtering
  • Protocol analysis
  • Attachment Filtering

To install anti-spam agents you should do the following:

  • Run “./C:Program FilesMicrosoftExchange ServerV15ScriptsInstall-AntiSpamAgents.ps1”
  • Restart Microsoft Exchange Transport Service.


  • Specify any internal SMTP server to be ignored from sender IP Agent by following:

Set-Transportconfig –InternalSMTPServer @{add=”<IP address1>”,”<IP address2>”,…}

To configure the Anti-Spam Agents it can be done only by Exchange management shell by the following commands for each agent:

  • Connection Filtering:

Enable-TransportAgent “Connection Filtering Agent”

Add-IPBlockListEntry <-IPAddress IPAddress | -IPRange IP range or CIDR IP> [-ExpirationTime <DateTime>] [-Comment “<Descriptive Comment>”]

Set-IPBlockListConfig -Enabled $true

  • Sender Filter Agent:

Set-SenderFilterConfig -Enabled $false

Set-SenderFilterConfig -BlockedSenders <sender1,sender2…> -BlockedDomains <domain1,domain2…> -BlockedDomainsAndSubdomains <domain1,domain2…>

  • Recipient Filtering:

Set-RecipientFilterConfig -Enabled $true

Set-RecipientFilterConfig -BlockedRecipients @{Add=”<recipient1>”,”<recipient2>”…; Remove=”<recipient1>”,”<recipient2>”…}

  • Sender ID Agent:

Set-SenderIDConfig -Enabled $true

Set-SenderIDConfig -SpoofedDomainAction <StampStatus | Reject | Delete>

Set-SenderIDConfig -BypassedRecipients <recipient1,recipient2…> -BypassedSenderDomains <domain1,domain2…>

  • Content Filtering:

Set-ContentFilterConfig -Enabled $true

Set-ContentFilterConfig -BypassedRecipients <recipient1,recipient2…> -BypassedSenders <sender1,sender2…> -BypassedSenderDomains <domain1,domain2…>

Add-ContentFilterPhrase -Influence GoodWord -Phrase <Phrase> -Influence BadWord -Phrase <Phrase>

  • Protocol analysis:

Set-SenderReputationConfig -Enabled $true

Set-SenderReputationConfig -SenderBlockingEnabled <$true | $false> -SrlBlockThreshold <0 – 9> [-SenderBlockingPeriod <0 – 48>]

  • Attachment Filtering:

Enable-TransportAgent “Attachment Filtering Agent”

Add-AttachmentFilterEntry -Name <MIMEContentType> -Type ContentType

Remove-AttachmentFilterEntry ContentType:<ContentType>

Set-AttachmentFilterListConfig [-Action <Reject | Strip | SilentDelete>] [-RejectResponse “<Message text>”] [-AdminMessage “<Replacement file text>”] [-ExceptionConnectors <ConnectorGUID>]

Ratish Nair

Microsoft MVP | Office Servers and Services

Team @MSExchangeGuru



Leave a Reply

ad

Categories

Archives