Problem : Both the Edge Transport and Hub Transport servers have the capability to
protect your organization from spam. However, the Hub Transport server
doesn’t seem to have the features turned on. How do you get my antispam
working on the Hub Transport Server and how do you configure the
settings?
Solution : The recommendation is to work with your antispam settings on your Edge
Transport server. However, in the event you do not have an Edge
Transport server, you can enable these same features on your Hub
Transport server. To do this, perform the following:
1. | Open the EMS.
|
2. | If you installed Exchange to the default directory, change your directory location within the shell to C:\program files\Microsoft\Exchange Server\Scripts.
|
3. | Then type ./install-AntiSpamAgents.ps1.
|
4. | Next, restart your Transport Service.
|
5. | Return
to the EMC, and under the Organization work center and Hub Transport
settings, look for the Anti-Spam tab (which didn’t exist before).
|
To locate the tools on the
Edge Transport server, open the EMC, select Edge Transport, and then
look for them on the Anti-Spam tab.
The Nine Antispam Features
As you can see in Figure 1,
you can configure nine different antispam features. Each one has its
own ability to protect (some might be used more than others). This is
not to say you shouldn’t consider additional antispam or antivirus
products. Many solutions can assist in the battle against spam.
To
work with the antispam features, double-click any of them from within
the list. The key then is to know how to configure the settings. Let’s
review each of the options and how they work.
Content Filtering—
Filters junk email by using a probability-based algorithm that can
learn what is and what isn’t spam. Use the Content Filtering feature to
filter junk email based on the content of the message. You can set the
filtering threshold actions, how content is analyzed, recipient
exceptions, and specific words and phrases for the Content Filtering
feature to act upon. You can configure custom words and exceptions. You
can also determine Spam Confidence Level (SCL) rating thresholds, as
shown in Figure 2.
Note
Messages with an SCL of 9
are more likely to be spam, whereas those of 0 are likely not to be
spam. Depending on the types of issues found with an email, the SCL
rating will rise. You can configure the SCL response to delete the
message if it reaches a threshold, or to quarantine it or reject the
message. If you quarantine it, you have to provide a quarantine mailbox
for the server to use.
IP Allow List— Specifies
IP addresses that you are always allowed to connect to and transmit
email messages to this server. Accept connections from individual IP
addresses or from ranges of IP addresses.
IP Allow List Providers—
Maintains lists of sender domains that can be relied on not to send
junk email. Use this feature to determine which IP Allow List provider
to use.
IP Block List—
Similar to its Allow List counterpart, you specify IP addresses that
you are blocking from connecting to and transmitting email messages to
and from.
IP Block List Providers—
Maintains lists of sender domains that cannot be relied on and that
must be blocked from connecting to and transmitting email messages to
and from. These block list providers can be invaluable in that they
maintain up-to-date lists that you can connect to and utilize.
Recipient Filtering—
A simple feature where you can specify a list of email recipients from
which the server will not accept messages. You can block individuals or
domains. There is also a checkbox option on the Blocked Recipient tab
that enables you to, with one click, block messages sent to recipients
not listed in the Global Address List.
Sender Filtering— Specifies
a list of email senders that you want to block completely. You can
block individuals, domains, or whole domain hierarchies. You can also
specify how Exchange Transport servers respond when a blocked sender or
domain transmits a message. The Sender Filter feature also lets you
block messages that do not specify who sent a message. This means no
messages with blank senders.
Sender ID—
Intended to combat email spoofing and to provide enhanced protection
against phishing schemes. Use Sender ID to examine a senders purported
responsible address (PRA). If the check fails, you can determine whether
you want to reject or delete the message, or send it along with a
stamped message of Sender ID results.
Sender Reputation—
Collects information about recent email messages received, and if a
sender appears to be the source of junk email, the address is added to a
list. There is some flexibility as to the length of time a sender can
be blocked, and you can also enable/disable open proxy testing.
Antispam Updates
To update the
Edge Transport servers’ antispam agents, you can disable and then
re-enable the updates from the Actions pane. This presents you with the
Enable Anti-Spam Updates Wizard, shown in Figure 3.
You can configure the
updates to occur manually or automatically. You can allow/deny spam
signature updates and IP reputation updates. You can also configure the
update service to use the Microsoft Update process to keep definitions
up to date.
