Se connecter
 
AccueilLibrairieFormationTéléchargementsSupport techniqueCommunautésForums
Pour les professionnels de l’informatique >
External e-mail coming in with -1 SCL rating

Traitée External e-mail coming in with -1 SCL rating

  • lundi 14 mai 2012 23:22
     
     
    Connectez-vous pour voter
    0

    very similar to this post:

    http://social.technet.microsoft.com/Forums/en-US/exchangesvrantivirusandantispam/thread/6bacf3c9-c96e-46a3-a261-3a2cf2bd1596

    But the resolutions didn't seem to match with me.  I checked the receive connectors on Hub and Edge transport servers, but the Externally Secured checkbox (where it was shown) was not checked.  Also, I'm not sure how to "check SCL rating on message on the first hop."

    This started happening when we migrated external mail from from our 2003 server to our Edge server.  I remember testing some settings with transport rules to set messages to -1, but that has long since been removed.  Looking for any one that can help.. I'm at a loss.

    Thanks,

    Robert

     

Toutes les réponses

  • mardi 15 mai 2012 02:24
     
     
    Connectez-vous pour voter
    0
    On Mon, 14 May 2012 23:22:37 +0000, rdecast6308 wrote:
     
    >very similar to this post:
    >
    >http://social.technet.microsoft.com/Forums/en-US/exchangesvrantivirusandantispam/thread/6bacf3c9-c96e-46a3-a261-3a2cf2bd1596
    >
    >
    >
    >But the resolutions didn't seem to match with me. I checked the receive connectors on Hub and Edge transport servers, but the Externally Secured checkbox (where it was shown) was not checked. Also, I'm not sure how to "check SCL rating on message on the first hop."
    >
    >This started happening when we migrated external mail from from our 2003 server to our Edge server. I remember testing some settings with transport rules to set messages to -1, but that has long since been removed. Looking for any one that can help.. I'm at a loss.
     
    What's doing the A/V scanning on the 1st server the mail hits in your
    Exchange organization? Check the agent log files and see if there's
    anything interesting in them.
     
    Besides having the e-mail delivered to the edge server, did you make
    any changes in the definition of what's an internal network? Is youe
    edge server in the same network as the rest of your Exchange
    organization, or does it have an IP address in a DMZ? Does your
    Exchange organization think the edge server network is NOT part of the
    organization?
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     
    --- Rich Matheisen MCSE+I, Exchange MVP
     
  • mardi 15 mai 2012 15:15
     
     
    Connectez-vous pour voter
    0
    >What's doing the A/V scanning on the 1st server the mail hits in your

    >Exchange organization?
    We have a Barracuda that is internet facing and taking care of our spam/AV - the Barracuda then forwards to the Edge

    >Besides having the e-mail delivered to the edge server, did you make
    >any changes in the definition of what's an internal network? Is youe
    >edge server in the same network as the rest of your Exchange
    >organization, or does it have an IP address in a DMZ? 

    Our Edge server is configured with one NIC in a DMZ.  So it is not on the same network as the rest of our Exchange environment.  Also, not on our domain either.

    >Does your Exchange organization think the edge server network is NOT part of the

    >organization?
    Sorry, not sure what you mean by this.  The Edge and Hub are edge synchronized, so I'm thinking that the Hub Transport server acknowledges that the Edge is some part of the organization?

    Thanks for your help.

     
  • mardi 15 mai 2012 23:38
     
     
    Connectez-vous pour voter
    0
    On Tue, 15 May 2012 15:15:37 +0000, rdecast6308 wrote:
     
    >>What's doing the A/V scanning on the 1st server the mail hits in your
    >>Exchange organization?
     
    >We have a Barracuda that is internet facing and taking care of our spam/AV - the Barracuda then forwards to the Edge
     
    So it's part of your e-mail system. Not an Exchange server, but not to
    be considered as some "outside" server.
     
    >>Besides having the e-mail delivered to the edge server, did you make
    >>any changes in the definition of what's an internal network? Is youe
    >>edge server in the same network as the rest of your Exchange
    >>organization, or does it have an IP address in a DMZ?
     
    >Our Edge server is configured with one NIC in a DMZ. So it is not on the same network as the rest of our Exchange environment. Also, not on our domain either.
     
    >>Does your Exchange organization think the edge server network is NOT part of the
    >>organization?
     
    >Sorry, not sure what you mean by this. The Edge and Hub are edge synchronized, so I'm thinking that the Hub Transport server acknowledges that the Edge is some part of the organization?
     
    When you run "(get-transportconfig).InternalSMTPServers" does the set
    of IP addresses include your Barracuda and Edge servers (and any other
    SMTP clients on you LAN)?
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     
    --- Rich Matheisen MCSE+I, Exchange MVP
     
  • mercredi 16 mai 2012 15:50
     
     
    Connectez-vous pour voter
    0

    Running get-transportconfig |ft internalsmtpservers returns:
    {}

    thanks for your help in getting this figured out.

    Robert

     
  • mercredi 16 mai 2012 22:16
     
     
    Connectez-vous pour voter
    0
    On Wed, 16 May 2012 15:50:42 +0000, rdecast6308 wrote:
     
    >Running get-transportconfig |ft internalsmtpservers returns: {}
    >
    >thanks for your help in getting this figured out.
     
    Add the IP addresses of the edge server(s) and the barracuda(s). You
    want to treat thm as part of your organization. Any IP addresses that
    show up in the "Received:" headers after the headers inserted by the
    edge/barracuda machines are the ones that should be subjected to
    sender reputation. Infact, why are you even using Exchange anti-spam
    agents if you have an e-mail security appliance. Don't you trust the
    Barracua(s)?
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     
    --- Rich Matheisen MCSE+I, Exchange MVP
     
  • jeudi 17 mai 2012 18:18
     
     
    Connectez-vous pour voter
    0

    i can give that a shot.

    Can you help me understand what this setting does in terms of the -1 SCL rating that I'm seeing?  Does inputting these IP addresses stop the applying of an SCL rating at all?

    We traditionally have followed a two layer structure in our mail flow for AV and Spam.  Will disabling the content filtering in the Edge server fix the issue I'm seeing?

    Thanks,

    Robert

     
  • vendredi 18 mai 2012 01:08
     
     Traitée
    Connectez-vous pour voter
    0
    On Thu, 17 May 2012 18:18:09 +0000, rdecast6308 wrote:
     
    >
    >
    >i can give that a shot.
    >
    >Can you help me understand what this setting does in terms of the -1 SCL rating that I'm seeing? Does inputting these IP addresses stop the applying of an SCL rating at all?
     
    No, it doesn't stop the SCL rating. The SCL is the result of
    evaluating the message content or the authenticity of the sender (i.e.
    anonymous SMTP or authenticated SMTP session).
     
    By defining the IP addresses or networks of your SMTP clients you'll
    instruct the agents to ignore the "Received:" headers inserted by
    those machines and perfrom the DNSBL or sender reputation filtering on
    the IP address in the first "Received:" header that isn't inserted by
    those machines.
     
    >We traditionally have followed a two layer structure in our mail flow for AV and Spam. Will disabling the content filtering in the Edge server fix the issue I'm seeing?
     
    If you correctly identify the internal addresses, don't do any content
    filtering, and the barracuda is sending the mail to the edge using an
    anonymous SMTP session the SCL shouldn't be inserted in the set of
    headers.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     
    --- Rich Matheisen MCSE+I, Exchange MVP
    • Proposé comme réponse Castinlu lundi 21 mai 2012 01:31
    • Marqué comme réponse rdecast6308 lundi 21 mai 2012 23:57
    •  
     
  • lundi 21 mai 2012 22:18
     
     Traitée
    Connectez-vous pour voter
    0

    Hi Rich,

    Sorry for the late response.  Was away for a long weekend.

    I just ran the set-transportconfig -internalsmtpservers [IP Addresses of Edge and Barracuda]

    Will report back with findings.

    Thanks,

    Robbie

    **************

    Sorry, in addition as you instructed, i disabled content filtering on the Edge server.  Incoming messages from the outside now no longer have an SCL rating on the message details (it reads PASSED) instead.  I force delivered some obvious junk e-mail from the Barracuda to my mailbox and I verified that it did enter my Junk E-mail folder.

    Success!

    Thanks again for your help.




    • Modifié rdecast6308 lundi 21 mai 2012 23:57 additional details/confirmation of resolution
    • Marqué comme réponse Castinlu mercredi 23 mai 2012 01:15
    •