Exchange 2016 Anti-Spam configuration
Before know how to implement Anti-Spam on exchange server 2016 you should understand its criteria as following
Anti-Spam on exchange 2016 divided into multiple agents that can be run on Edge or mailbox role.
Agent differ according the exchange role on which you are running the anti-spam
You can prioritized the Anti-spam agents to describe how they will be applied.
You can user the Anti-spam on three ways:
- the native Anti-spam transport agents
- add additional Anti-spam protection by using Exchange online protection (EOP)
- Use the third party Anti-spam product
Mailbox Server Agents:
- Sender Filter Agent: the send SMTP address compared with the blacklist of send domains
- Sender ID Agent: Examine the sender IP address and compared it with the SPF record to determine if the sender has been spoofed
- Content Filtering: the Agent will scan the message content.
- Protocol analysis: the message is processed based on the sender’s reputation which specified according to many sender characteristics accumulated over a specific period.
Edge Server Agents:
Edge server has the same agents as the mailbox server plus the below agents:
- Connection Filtering: use the IP block and allow list to allow or block the communication with the sending server
- Recipient Filtering: check if the message is sent to blocked recipients.
- Attachment Filtering: messages can be blocked by attachment name or MIME type
Agents are applied in this order:
- Connection Filtering
- Sender Filter Agent
- Recipient Filtering
- Sender ID Agent
- Content Filtering
- Protocol analysis
- Attachment Filtering
To install anti-spam agents you should do the following:
- Run “./C:Program FilesMicrosoftExchange ServerV15ScriptsInstall-AntiSpamAgents.ps1”
- Restart Microsoft Exchange Transport Service.
- Specify any internal SMTP server to be ignored from sender IP Agent by following:
Set-Transportconfig –InternalSMTPServer @{add=”<IP address1>”,”<IP address2>”,…}
To configure the Anti-Spam Agents it can be done only by Exchange management shell by the following commands for each agent:
- Connection Filtering:
Enable-TransportAgent “Connection Filtering Agent”
Add-IPBlockListEntry <-IPAddress IPAddress | -IPRange IP range or CIDR IP> [-ExpirationTime <DateTime>] [-Comment “<Descriptive Comment>”]
Set-IPBlockListConfig -Enabled $true
- Sender Filter Agent:
Set-SenderFilterConfig -Enabled $false
Set-SenderFilterConfig -BlockedSenders <sender1,sender2…> -BlockedDomains <domain1,domain2…> -BlockedDomainsAndSubdomains <domain1,domain2…>
- Recipient Filtering:
Set-RecipientFilterConfig -Enabled $true
Set-RecipientFilterConfig -BlockedRecipients @{Add=”<recipient1>”,”<recipient2>”…; Remove=”<recipient1>”,”<recipient2>”…}
- Sender ID Agent:
Set-SenderIDConfig -Enabled $true
Set-SenderIDConfig -SpoofedDomainAction <StampStatus | Reject | Delete>
Set-SenderIDConfig -BypassedRecipients <recipient1,recipient2…> -BypassedSenderDomains <domain1,domain2…>
- Content Filtering:
Set-ContentFilterConfig -Enabled $true
Set-ContentFilterConfig -BypassedRecipients <recipient1,recipient2…> -BypassedSenders <sender1,sender2…> -BypassedSenderDomains <domain1,domain2…>
Add-ContentFilterPhrase -Influence GoodWord -Phrase <Phrase> -Influence BadWord -Phrase <Phrase>
- Protocol analysis:
Set-SenderReputationConfig -Enabled $true
Set-SenderReputationConfig -SenderBlockingEnabled <$true | $false> -SrlBlockThreshold <0 – 9> [-SenderBlockingPeriod <0 – 48>]
- Attachment Filtering:
Enable-TransportAgent “Attachment Filtering Agent”
Add-AttachmentFilterEntry -Name <MIMEContentType> -Type ContentType
Remove-AttachmentFilterEntry ContentType:<ContentType>
Set-AttachmentFilterListConfig [-Action <Reject | Strip | SilentDelete>] [-RejectResponse “<Message text>”] [-AdminMessage “<Replacement file text>”] [-ExceptionConnectors <ConnectorGUID>]
Ratish Nair
Microsoft MVP | Office Servers and Services
Team @MSExchangeGuru
March 25th, 2018 at 12:15 am
[…] Exchange 2016 Anti-Spam Setup https://msexchangeguru.com/2017/08/08/exchange-2016-anti-spam-configuration/ […]