Iniciar sesión
 
InicioBibliotecaAprendizajeDescargaSoporteComunidadForos
Recursos para Profesionales de TI >
Attachment filtering issue exchange with forefront for exchange 2010

Unanswered Attachment filtering issue exchange with forefront for exchange 2010

  • jueves, 13 de octubre de 2011 20:34
     
     
    Inicie sesión para votar
    0

    I've got a real headache because of the following problem.

    In my company our accountants need to receive a "pay check report" from the main office every month. They use special software called Hypersoft to open these reports. The "pay check reports" have an extension .lrp and are added as an attachment to the mail. Both offices use outlook to communicate.

    Now I've got the following problem. Everytime the main office sends through a new "pay check report" (.lrp) the attachment is removed and replaced by the following message: "this attachment was removed". They can receive the mail, and read it, but the attachment is allways replaced.

    I've been searching for days for a solution. The .lrp is not in the attachment blacklist. I've also tried following codes in exchange management shell:

    Set-ContentFilterConfig -BypassedRecipients fictional-email-ouroffice@domain.com

    Set-ContentFilterConfig -BypassedSenders fictional-email-mainoffice@domain.com

    I need to make sure that the mails between two certain emailadresses aren't scanned for malicious attachments, so that they can send anything they want in their attachments without exchange (or forefront?) removing the attachments.

    Anyone got an idea? I've tried almost everything I could find on the internet but haven't found a solution to my problem. I only find explenations of how to block attachments, I need to unblock them and preferably only between these to users. I don't want to turn of all contentfiltering, because that would be unsafe...

    If someone could help me, I would be eternaily grateful! 

    Kindest regards,

    Bob

     

Todas las respuestas

  • jueves, 13 de octubre de 2011 21:32
     
     
    Inicie sesión para votar
    0
    On Thu, 13 Oct 2011 20:34:54 +0000, bob3s wrote:
     
    >
    >
    >I've got a real headache because of the following problem.
    >
    >In my company our accountants need to receive a "pay check report" from the main office every month. They use special software called Hypersoft to open these reports. The "pay check reports" have an extension .lrp and are added as an attachment to the mail. Both offices use outlook to communicate.
    >
    >Now I've got the following problem. Everytime the main office sends through a new "pay check report" (.lrp) the attachment is removed and replaced by the following message: "this attachment was removed". They can receive the mail, and read it, but the attachment is allways replaced.
    >
    >I've been searching for days for a solution. The .lrp is not in the attachment blacklist. I've also tried following codes in exchange management shell:
    >
    >Set-ContentFilterConfig -BypassedRecipients fictional-email-ouroffice@domain.com
    >
    >Set-ContentFilterConfig -BypassedSenders fictional-email-mainoffice@domain.com
    >
    >I need to make sure that the mails between two certain emailadresses aren't scanned for malicious attachments, so that they can send anything they want in their attachments without exchange (or forefront?) removing the attachments.
    >
    >Anyone got an idea? I've tried almost everything I could find on the internet but haven't found a solution to my problem. I only find explenations of how to block attachments, I need to unblock them and preferably only between these to users. I don't want to turn of all contentfiltering, because that would be unsafe...
    >
    >If someone could help me, I would be eternaily grateful!
     
    What have you set the Forefront filtering to do? What about the
    deletion criteria for messages?
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     
    --- Rich Matheisen MCSE+I, Exchange MVP
     
  • viernes, 14 de octubre de 2011 13:57
     
     
    Inicie sesión para votar
    0

    My Forefront 2010 for exchange has got the following filter options:

    - enable file filters --> is checked

    - enable header filters (subject line and sender-domain) --> is checked

    - enable keyword filters (inbound and outbound) --> is checked

    all other options in the filter options are not checked.

     

    In the Forefront filter itself aren't any lists. It's completeley blank.

     

     

    deletion criteria:

    delete corrupted compressed files --> checked

    delete corruptdes uuencoded files --> checked

    delete partial smtp messages --> checked

    delete encrypted compressed files --> unchecked

     

     

     

     

     
  • viernes, 14 de octubre de 2011 19:39
     
     
    Inicie sesión para votar
    0
    On Fri, 14 Oct 2011 13:57:12 +0000, bob3s wrote:
     
    >
    >
    >My Forefront 2010 for exchange has got the following filter options:
    >
    >- enable file filters --> is checked
    >- enable header filters (subject line and sender-domain) --> is checked
    >- enable keyword filters (inbound and outbound) --> is checked
    >all other options in the filter options are not checked.
     
    >In the Forefront filter itself aren't any lists. It's completeley blank.
     
    >deletion criteria:
    >delete corrupted compressed files --> checked
    >delete corruptdes uuencoded files --> checked
    >delete partial smtp messages --> checked
    >delete encrypted compressed files --> unchecked
     
    Do you have an Exchange Edge server? The text "this attachment was
    removed" is the default replacement string for the attachment filter.
     
     
    "Get-TransportAgent" should show you that the "Attachment Filtering
    Agent" is enabled.
     
    These will show you the stuff that's in use:
     
    Get-AttachmentFilterListConfig
    Get-AttachmentFilterEntry
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     
    --- Rich Matheisen MCSE+I, Exchange MVP
     
  • domingo, 16 de octubre de 2011 21:42
     
     
    Inicie sesión para votar
    0

    Thank you for your response,

    I've allready looked up all attachmentfilterentries but .lrp is not in the current list, so that's the actual issue.

    The attachment filtering agent is enabled and I don't really want to disable it, I only want to set it in a way that .lrp documents aren't blocked. 

    Is there a way to just exclude attachmentfiltering for certain domains?

    This problem is so weird. I'll take another look at is tomorrow...

     

    Grtz,

    Bob

     
  • miércoles, 19 de octubre de 2011 10:37
     
     
    Inicie sesión para votar
    0

    Hi bob,

    Any update for your issue?

    Regards!
    Gavin

     
  • jueves, 20 de octubre de 2011 1:24
     
     
    Inicie sesión para votar
    0
    Hi Bob,

    There is no way to just exclude attachmentfilering for certain domain.

    Regards!
    Gavin
     
  • lunes, 24 de octubre de 2011 8:49
     
     
    Inicie sesión para votar
    0

    Hi,

    I've tried numerous things, but am still unable to get the files trough. Something keeps removing them. If I could only say: hey dude, lrp files are ok, stop deleting them! I'd be so happy! :)

    Regards,

    Bob

     

     
  • lunes, 24 de octubre de 2011 21:55
     
     
    Inicie sesión para votar
    0
    On Mon, 24 Oct 2011 08:49:18 +0000, bob3s wrote:
     
    >I've tried numerous things, but am still unable to get the files trough. Something keeps removing them. If I could only say: hey dude, lrp files are ok, stop deleting them! I'd be so happy! :)
     
    Well, let's take a different approach. Are you sure that the files are
    present when they arrive at your server?
     
    http://technet.microsoft.com/en-us/library/bb125018(EXCHG.80).aspx
     
    If the attachment isn't present in the first stage of the pipeline
    then the problem lies outside your Exchange server.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     
    --- Rich Matheisen MCSE+I, Exchange MVP
     
  • miércoles, 02 de noviembre de 2011 18:03
     
     
    Inicie sesión para votar
    0

    Hi Bob

    I don't know if this works with forefront.  But if you type the command get-transportAgent in the EMS, what do you get?  Everything is enabled, and the priority order is the good one?

    Daniel

     
  • miércoles, 09 de noviembre de 2011 11:51
     
     
    Inicie sesión para votar
    0

    Yes everything is enabled. The issue is still not solved. A colleague of mine has tried adding the IP adresses of the senders to a safelist, but still the issue remains...

     

     
  • miércoles, 09 de noviembre de 2011 22:09
     
     
    Inicie sesión para votar
    0
    On Wed, 9 Nov 2011 11:51:32 +0000, bob3s wrote:
     
    >Yes everything is enabled. The issue is still not solved. A colleague of mine has tried adding the IP adresses of the senders to a safelist, but still the issue remains...
     
    What did the pipeline trace reveal? At which stage did the attachment
    disappear?
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     
    --- Rich Matheisen MCSE+I, Exchange MVP
     
  • miércoles, 07 de diciembre de 2011 3:44
     
     
    Inicie sesión para votar
    0

    Hi all,

    I've a similar issue here and I've tried everything that bob3s explained here. My issue is when one of our clients send an email with a encrypted zip file, it always get removed and replaced with the text bob3s said earlier. I've found no solution yet, I temporarily created a Gmail account and put a transport rule to forward emails to this account whenever that particular client sends email. I can get the attachment right from Gmail with no problems!!!

    (Btw, Our main mail server to receive emails are hosted in our Hosting company. We've Exchange 2010 in our office which gets emails from the mail server in the hosting company. Our exchange server is able to send out emails directly, but receives emails only through the servers in the hosting company, except for internal emails. So the forwarding rule I mentioned is configured on that hosting company server. This means that the attachment is lost only when it reaches our Exchange servers!)

    Hope anybody could give an answer.

    Thank you!

     
  • martes, 24 de enero de 2012 13:26
     
     
    Inicie sesión para votar
    0

    As I understood you`ve got Forefront Protection 2010 for Exchange in place.

    You can use Filter Lists to allow messages from specific sender to bypass File Filtering, Content Filtering or Keyword Filtering.

     

    Go to Policy Management -> Filter Lists :

    • Create Filter List for Allowed Sender
    • Name the List 
    • Add the sender 
    • make sure "File" is checked

     

    Hope it will work for you.