Exchange 2013 and Exchange 2016 – Enable Anti Spam
In Exchange 2010 when you enabled the Anti Spam plugin you could then manage the various add ons in the Exchange 2010 EMC, this has been discontinued in Exchange 2013 and Exchange 2016 so that you can only manage the Anti Spam agents from power-shell. Here I will show you how to enable and configure Anti Spam in Exchange 2013 and Exchange 2016. If you would like to use a third party product as well then check out this SPAMFighter review.
Exchange 2013 / Exchange 2016 Enable Anti-Spam
As mention to enable the Anti Spam agent we must do it from power-shell, the command is below.
& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1
This command maps to the scripts path and runs the antispamagents script. You will notice once ran you need to restart the Microsoft Exchange Transport Service. to do so run this command.
Restart-Service MSExchangeTransport
We then need to tell the anti spam agents about our Exchange servers. Simply use the command below while replacing my ip address with yours.
Set-TransportConfig -InternalSMTPServers 192.168.1.1
If you have multiple Exchange servers then you will need to set multiple -InternalSMTPServers. The command is s below.
Set-TransportConfig -InternalSMTPServers 192.168.1.1, 192.168.1.2
I only have one Exchange 2013 server as you can see.Once done the agent is ready to be configured.
Exchange 2013
Exchange 2013/2016 IP Block List Provider
This is the same process as process as Exchange 2010, read my article here on setting up the IP Block List Provider.
Exchange 2016/2013 Email Whitelists
Again this is the same process as setting up a white-list in exchange 2010, read the article here.
Exchange 2013 / 2016 Configure Anti Spam Logging
Here we setup the Anti Spam logging feature to keep track of what the agents are doing.
set-TransportService Mailboxserver -AgentLogPath "D:\spamlogs" -AgentLogMaxFileSize 30MB -AgentLogMaxDirectorySize 250MB -AgentLogMaxAge 7.00:00:00
Above we specify our logging folder to be “spamlogs” on the D drive, we set a maximum log file size of 30mb for each log and then a maximum log folder size of 250mb. These logs are kept for 7 days then overwrote.
Exchange 2013 /2016 SCL level configuration
This was simple in Exchange 2013, now its a pain. SCL stands for Spam Confidence Level, with 9 being no doubt 100% a spammy email and 0 being 100% a valid email.
We have 4 SCL commands;
SCL delete threshold – we specify when we delete an email.
SCL reject threshold – we specify when we reject an email into the organization.
SCL quarantine threshold – we specify when we quarantine an email for inspection by an admin.
SCL Junk Email folder threshold – we specify when we dump the email to the users junk-mail folder.
Now these are NOT recommendations below, As each organization is different. However to configure these thresholds do the following.
First enable content filtering
Set-ContentFilterConfig -Enabled $true
If the Anti Spam agents cause a problem, disable them like so.
Set-ContentFilterConfig -Enabled $false
To run the Content Filtering on External only run this command
Set-ContentFilterConfig -ExternalMailEnabled $true
To run theContent Filtering on internal emails only run this command
Set-ContentFilterConfig -InternalMailEnabled $true
Here we configure the SCL ratings
Set-ContentFilterConfig -SCLDeleteEnabled $true -SCLDeleteThreshold 9 SCLRejectEnabled $true -SCLRejectThreshold 7 -SCLQuarantineEnabled $true -SCLQuarantineThreshold 6
So above we delete emails with an SCL of 8 as they are obvious spam, we send a rejection to emails of an SCL of 7 ( I normally don’t enable this as it sends an NDR ) and we quarantine the emails at an SCL rating of 6, all other emails pass fine. I would personally replace the SCJreject email with SCLJunkThreshold so it pops it in the users mailbox.
Finally if you want to send a message to people where the email has been stopped as spam do the below, replacing the test as required.
Set-ContentFilterConfig -RejectionResponse "hey Mr that email was spammy!"
Roger
| #
The enable spam agent powershell command is missing two backslashes:
& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1
Reply
Roger
| #
The Anti Spam Logging command is missing a backslash:
set-TransportService Mailboxserver -AgentLogPath “D:\spamlogs” -AgentLogMaxFileSize 30MB -AgentLogMaxDirectorySize 250MB -AgentLogMaxAge 7.00:00:00
Reply
Allen White
| #
Hi Roger thanks for the Backslash comments, they where there when the article was created however wordpress has a bug that it drops the \ (& # 9 2 ; ) characters if the post is not saved in HTML rather than plan text. See here
http://www.techieshelp.com/how-to-display-backslash-in-wordpress-posts/
Thanks for pointing it out, ive reset the HTML
Allen
Reply
Wayne
| #
Great write up, this might be another wordpress bug, but the command
Set-TransportConfig -InternalSMTPServers @{Add=”192.168.1.1″
is missing the closing bracket… just an fyi for lazy copy / paste people like me
Set-TransportConfig -InternalSMTPServers @{Add=”192.168.1.1″}
Reply
Allen White
| #
Hi Wayne, thanks for spotting that! I have changed accordingly 🙂
Reply
bauke
| #
these examples where very useful !
maybe you could include the Set-OrganizationConfig -SCLJunkThreshold command as an extra. because its not in the same command as the other SCL settings.
thanks
Bauke
Reply
Anton
| #
This command should look like this:
Set-ContentFilterConfig -SCLDeleteEnabled $true -SCLDeleteThreshold 9 SCLRejectEnabled $true -SCLRejectThreshold 7 -SCLQuarantineEnabled $true -SCLQuarantineThreshold 6 -QuarantineMailbox:spam@mydomain.ru
Reply
Krabis
| #
Hi,
great article! I get response:
Cannot process argument transformation on parameter ‘BypassedRecipients’. Cannot convert value “SCLRejectEnabled” to ty
pe “Microsoft.Exchange.Data.MultiValuedProperty`1[Microsoft.Exchange.Data.SmtpAddress]”. Error: “Failed to convert SCLR
ejectEnabled from System.String to Microsoft.Exchange.Data.SmtpAddress. Error: Error while converting string ‘SCLReject
Enabled’ to result type Microsoft.Exchange.Data.SmtpAddress: The email address “SCLRejectEnabled” isn’t correct. Please
use this format: user name, the @ sign, followed by the domain name. For example, tonysmith@contoso.com or tony.smith@
contoso.com.”
+ CategoryInfo : InvalidData: (:) [Set-ContentFilterConfig], ParameterBindin…mationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Set-ContentFilterConfig
+ PSComputerName : MBXserver
Reply
Thomas
| #
Set-ContentFilterConfig -SCLDeleteEnabled $true -SCLDeleteThreshold 9 -SCLRejectEnabled $true -SCLRejectThreshold 7 -SCLQuarantineEnabled $true -SCLQuarantineThreshold 6 -QuarantineMailbox:spam@mydomain.ru
Before: SCLRejectEnabled
After: -SCLRejectEnabled
Reply
Simon
| #
How do we set the SCL rating for junk e-mail folder filtering? I hear that it is set to SCL 4 but can we change that? How do we enable/disable junk e-mail folder filtering – is it per mailbox? Is there a command like Set-ContentFilterConfig -SCLDeleteEnabled $true for junk filtering?
Reply