locked
Get message SRL threshold RRS feed

  • Question

  • Hi all

    How to check if "Sender reputation and the Protocol Analysis agent" does work?

    Get-SenderReputationConfig | Format-List Enabled,*MailEnabled
    Enabled             : True
    ExternalMailEnabled : True
    InternalMailEnabled : False
    Get-TransportAgent -Identity "Protocol Analysis Agent"
    Protocol Analysis Agent      True            9
    Get-SenderFilterConfig | fl action,enabled
    Action  : Reject
    Enabled : True

    However spam still comes.

    How to get SRL threshold of message? There is no information about SRL in "Messagetrackinglog" and in message headers.

    SRL does checks for EHLO HELO and reverse dns. However, spam comes from resources that even don't A record.


    Monday, September 26, 2016 6:06 AM

All replies

  • Hi,

    First of all, SRL information will not show up in "Messagetrackinglog" and in message headers. It's a reputation for sender based on persisted data about the sender. And sender reputation acts on a message only if the message was blocked or otherwise acted on by the Connection Filtering agent, Sender Filter agent, Recipient Filter agent, or Sender ID agent.

    And SRL is influenced by SCL. Over the period if a domain is sending mails with high SCL, this statistics are analyzed and used to calculate SRL and SRL will go high for that domain. SRL will be check in almost entire SMTP session by Connection Filter agent, Sender Filter agent, Recipient Filter agent, or Sender ID agent. If a SRL block threshold is set then it will be blocked even before reaching to mailbox's junk email folder.

    So spam still comes not because of Sender Reputation but some other spam configuration like Sender Filter, Recipient Filter, Sender ID or Content Filter.

    To prevent spam messages, I suggest to configure Connection Filtering, Sender Filter, Recipient Filter, or Sender ID. Otherwise, consider some other anti spam software.

    https://technet.microsoft.com/en-us/library/bb201691(v=exchg.160).aspx


    Regards,

    Lynn-Li

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 27, 2016 7:00 AM
  • https://technet.microsoft.com/en-us/library/bb124512(v=exchg.160).aspx

    According to this article SRL uses

    1. HELO/EHLO analysis
    2. Reverse DNS lookup   
    3. Analysis of SCL ratings on messages from a particular sender   
    4. Sender open proxy test   

    However, spam successfully comes from sources that don't have even A record.

    Any opensource mail server can block mail that don't have "Reverse DNS lookup". Exchange SRL agent is much smarter, it uses different technologies and still can't block spam. I just don't believe that it analyze HELO/EHLO checks for Reverse DNS for address that don't exist and passes this mail.

    Tuesday, September 27, 2016 8:22 AM