Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
Forefront for Exchange 2010

Answered Forefront for Exchange 2010

  • Friday, November 09, 2012 2:16 PM
     
     
    Sign In to Vote
    0

    Hi,

    We have Forefront for Exchange 2010 with Rollup 4 installed on Exchange server 2010 HUB servers.

    Before installing Forefront we used to get relevant SCL values appended in the X-MS-Exchange-Organization-SCL. But after FPE installation we used X-MS-Exchange-Organization-SCL: -1 for all emails and only few with SCL value 9. We have set SCL 5-9 stamp and deliver. This happens for both internal and external emails.

    I would like to clarify below points in FPE.

    1. How to stamp correct SCL value for all emails through forefront instead of -1.

    2. Is it possible to quarantine only for SCL 7-9.

    3. Is it possible to use both IMF and Forefront content filter on same server.

    4. Is it possible to set user specific SCL controls in Forefront as we do in Exchange IMF.

    Please help me.

    Jayaram

     

All Replies

  • Friday, November 09, 2012 7:18 PM
     
     Answered
    Sign In to Vote
    0

    See below for some answers to you questions:

    1. FPE's content filtering engine, Cloudmark, will stamp the majority of mail as safe (SCL -1) and spam (SCL 9).  There usually aren't too many SCL 7's and 8's.  If the SCL -1 is causing you issues with your Outlook client blocked sender lists you can use an extended option to have Cloudmark stamp a SCL 0 for safe mail instead of the SCL -1 which will bypass Outlook blocked sender lists. See http://support.microsoft.com/kb/2276432?wa=wsignin1.0

    2. You can change the Suspected Spam action to quarantine for SCL 5 to 9.  Keep in mind that Cloudmark converted spam scores will never convert to SCL 5 or 6 so this action should give you what you want.

    3. No, it is not possbile to use both content filters on the same server.  The second content filtering agent will respect the SCL given by the first and will bypass content filtering.  If you had 2 servers you could enable Exchange content filtering on one server and FPE Content filtering on the other but you'd have to create a transport rule to remove the SCL stamped from the first server from the headers and make sure the connection from the servers wasn't authenticated which would bypass spam scanning by default.

    4.  This is not possible.



     
  • Monday, November 12, 2012 7:16 AM
     
     
    Sign In to Vote
    0

    Thanks Ryan.

    I can conclude that FPE will stamp SCL values of -1 (safe) and 9 (SPAM) only. To enable Outlook blocked sender feature we need to add CFAllowBlockedSenders Extended option in FPE to convert SCL value from -1 to 0.

    Is it possible to install FPE on HUB Transport for Malware alone and use IMF for Anti-SPAM. If possible please share reference doc for this configuration.

    When we try installing FPE it uninstalls IMF content agent and while bringing it back using install-anti-spam script no SCL is stamped.

    Please suggest.

    Jayaram

     
  • Wednesday, November 14, 2012 9:37 AM
     
     
    Sign In to Vote
    0
    Hi Ryan, Please help me on this role separation in the same server on Anti-spam.

    Jayaram

     
  • Wednesday, November 14, 2012 1:13 PM
     
     Answered
    Sign In to Vote
    0

    Hi Jayaram,

    Yes, you can use FPE for malware scanning alone and use Exchange's IMF for content filtering.  You will need to disable the FSEContentFiltering Agent and enable the Content filter agent (see get-transportagent).  By default when you install FPE and opt into Antispam it will disable IMF (content filter agent) because it will use its own content filtering agent (FSE content filter agent - Cloudmark) and they cannot both be used on the same server.  So just disable Forefront's content filtering agent and enable Exchange's and cycle the transport service and you'll get what you're looking for.

    -Ryan

     
  • Wednesday, November 14, 2012 2:37 PM
     
     
    Sign In to Vote
    0
    Thanks Ryan. I will check it out.

    Jayaram