Anti spam question
- Hi,
I have a question regarding spam,
We have installed EBS 2008, as you this system has edge transport server installed on the TMG server, I did not know that so I did install anti spamon the CA server, now I would like to know if this would cuse some problem? and if I should remove it from CA server?
Shahin
Answers
Individual settings override orgnization-wide settings:
Take a look here:
Per Recipient anti-spam settings - If a user has per recipient anti-spam settings, these settings override the organization-wide settings and are replicated as hashed data to the Edge ADAM. These SCL thresholds can be configured using the Set-Mailbox cmdlet (Figure 9).
http://www.msexchange.org/articles_tutorials/exchange-server-2007/security-message-hygiene/using-safelist-aggregation-part1.htmlAnd here:
With the exception of the junk e-mail settings, the spam confidence level (SCL) settings on the mailbox are the same as the settings that you apply on the Content Filter agent. The content filtering settings are applied to the organization. The mailbox settings are applied to the individual mailbox user. The mailbox settings override the organization-wide content filtering settings.
The SCLDeleteEnabled, SCLJunkEnabled, SCLQuarantineEnabled, and SCLRejectEnabled parameters have three possible values: $true, $false, and $null. If a parameter has the value of $true or $false, that parameter overrides the settings on the Content Filter agent. If the setting is $null, the settings on the Content Filter agent are applied.
http://technet.microsoft.com/en-us/library/bb123559(EXCHG.140).aspx
MCTS: Messaging | MCSE: S+M | Small Business Specialist- Marked As Answer byFrank.WangMSFT, ModeratorThursday, November 12, 2009 2:10 AM
- Proposed As Answer by--Vinod-- Monday, November 09, 2009 1:38 PM
- Agree with Jon-Alfred, if you have an edge server, it's not necessary to eable the anti-spam feature on Hub server.
And Per recipient settings will be override the organization-wide settings.
But maybe you need to understand that the Content Filter agent and the SCL Junk E-mail folder process the SCL threshold value differently.
The SCL Junk E-mail folder takes action on the SCL threshold value that you configure plus 1.
More detials:
Adjusting the Spam Confidence Level Threshold
http://technet.microsoft.com/en-us/library/aa995744.aspx
Frank Wang- Marked As Answer byFrank.WangMSFT, ModeratorThursday, November 12, 2009 2:10 AM
- Proposed As Answer by--Vinod-- Monday, November 09, 2009 1:38 PM
All Replies
Every inbound and outbound Internet message passes through the Edge Transport server (Security Server). So this is typically where you should configures message hygiene. This is also the default for ES 2008.
EBS 2008 E-mail Anti-spam Configuration
http://technet.microsoft.com/en-us/library/cc940967(WS.10).aspx
Now every internal and external message is touched by the Hub Transport Server (CA Server: combined Mailbox, Client Access and Hub Transport server). Of course, if you are afflicted by internal spam, it could make sense to have anti-spam agents there as well. But in most case it will suffice with the Edge server. The anti-spam agents on the Hub Transport server provide only a subset of the functionality as compared to the Edge: notably no attachment filtering.
You won't break anything by running those agents on the Hub Transport, but most likely you won't gain anything either. I would have removed those agents on the Hub Transport:
From C:\Program Files\Microsoft\Exchange Server\Scripts, run uninstall-AntispamAgents.ps1. You may have to close and restart the Exchange Management Console. Then you won't see the anti-spam tabs anymore.
MCTS: Messaging | MCSE: S+M | Small Business Specialist- Hi Jon,
thanks for your reply,
as I said before we did install the anti spam on transport server we also ran theGet-Mailbox | Set-Mailbox - SCLJunkEnabled:$true -SCLJunkThreshold 6
on the same server to redirect the spam to the users junk mail folder, I did check the content filter on the edge server and sow that contenet filter is configured to reject the spam mail with SCL 7, so what should we do?
just remove the anti spam agent as you siad, or should we also run Get-Mailbox | Set-Mailbox - SCLJunkEnabled:$false -SCLJunkThreshold 6. on the transport server as wel?
as I said befoer we want the users get there junk mail in there own junkmail folder, should we live the content filter configuration on the edge server as it is and just run Get-Mailbox | Set-Mailbox - SCLJunkEnabled:$true -SCLJunkThreshold 6 ?
or first remove the check mark for reject the mail with SCL 7 from the content filter (on edge server) and the run the cmd that I mentioned?
Thanks,
Shahin
Shahin Individual settings override orgnization-wide settings:
Take a look here:
Per Recipient anti-spam settings - If a user has per recipient anti-spam settings, these settings override the organization-wide settings and are replicated as hashed data to the Edge ADAM. These SCL thresholds can be configured using the Set-Mailbox cmdlet (Figure 9).
http://www.msexchange.org/articles_tutorials/exchange-server-2007/security-message-hygiene/using-safelist-aggregation-part1.htmlAnd here:
With the exception of the junk e-mail settings, the spam confidence level (SCL) settings on the mailbox are the same as the settings that you apply on the Content Filter agent. The content filtering settings are applied to the organization. The mailbox settings are applied to the individual mailbox user. The mailbox settings override the organization-wide content filtering settings.
The SCLDeleteEnabled, SCLJunkEnabled, SCLQuarantineEnabled, and SCLRejectEnabled parameters have three possible values: $true, $false, and $null. If a parameter has the value of $true or $false, that parameter overrides the settings on the Content Filter agent. If the setting is $null, the settings on the Content Filter agent are applied.
http://technet.microsoft.com/en-us/library/bb123559(EXCHG.140).aspx
MCTS: Messaging | MCSE: S+M | Small Business Specialist- Marked As Answer byFrank.WangMSFT, ModeratorThursday, November 12, 2009 2:10 AM
- Proposed As Answer by--Vinod-- Monday, November 09, 2009 1:38 PM
- Agree with Jon-Alfred, if you have an edge server, it's not necessary to eable the anti-spam feature on Hub server.
And Per recipient settings will be override the organization-wide settings.
But maybe you need to understand that the Content Filter agent and the SCL Junk E-mail folder process the SCL threshold value differently.
The SCL Junk E-mail folder takes action on the SCL threshold value that you configure plus 1.
More detials:
Adjusting the Spam Confidence Level Threshold
http://technet.microsoft.com/en-us/library/aa995744.aspx
Frank Wang- Marked As Answer byFrank.WangMSFT, ModeratorThursday, November 12, 2009 2:10 AM
- Proposed As Answer by--Vinod-- Monday, November 09, 2009 1:38 PM
- Hi Frank,
So iam going to do this,
1.live the antispam Agent configuration on the Hub transport server as it is.
2.live the content filter on the edge server to reject the mail with SCL 7.
3. then run the Get-Mailbox | Set-Mailbox - SCLJunkEnabled:$fenable -SCLJunkThreshold 6 on the edge transport server, to direct the junk mail to the users junk folder in outlook.
Thanks,
Shahin
Shahin - Hi Shahin,
Maybe you want to say run the cmdlet on the HUB transport server.
The per-recipient SCL delete, reject, and quarantine thresholds are stored in the Active Directory directory service and are replicated to the Edge Transport servers by the Microsoft Exchange EdgeSync service.
So please make sure you run the cmdlet Set-Mailbox on the Hub server.
And also you have already create an Edge Subscription.
more details:
Understanding Edge Subscriptions
http://technet.microsoft.com/en-us/library/aa997438.aspx
Frank Wang
