locked
Blocked Senders Not Working RRS feed

  • Question

  • I am running Exchange 2010 with Forefront Protection 2010 on a single server with Anti-Spam agents installed for the Hub Transport role.  My problem is that I cannot get Blocked Senders to work. 

    I have tried adding a domain (and specific email address) to the Blocked Senders in 3 different places and none of them work.  This includes the Sender Block Lists in Forefront, the Blocked Senders in Exchange (Hub Transport->Anti-spam->Sender Filtering), and the Blocked Senders in Outlook 2010 with SafeList Aggregation running on the Exchange server.

    I have set Forefront to use an SCL level of 0 instead of -1 (Set-FseExtendedOtpion -Name CFAllowBlockedSenders -Value True) so that's not the problem.

    All emails that I have configured to be blocked in these 3 different places are still coming through with an SCL value of 0.

    The sender is not on any white list that I am aware of.

    Here is the SMTP header from one such message (with certain info redacted):

    Received: from nm4-vm0.bullet.mail.bf1.yahoo.com (98.139.213.129) by
     redacted.xxxxxxxxxx.com (xx.xx.xx.xx) with Microsoft SMTP Server id 14.0.722.0;
     Mon, 22 Aug 2011 09:52:20 -0700
    Received: from [98.139.212.147] by nm4.bullet.mail.bf1.yahoo.com with NNFMP;
     22 Aug 2011 16:52:19 -0000
    Received: from [98.139.212.214] by tm4.bullet.mail.bf1.yahoo.com with NNFMP;
     22 Aug 2011 16:52:19 -0000
    Received: from [127.0.0.1] by omp1023.mail.bf1.yahoo.com with NNFMP; 22 Aug
     2011 16:52:19 -0000
    X-Yahoo-Newman-Property: ymail-3
    X-Yahoo-Newman-Id: 150839.2994.bm@omp1023.mail.bf1.yahoo.com
    Received: (qmail 56434 invoked by uid 60001); 22 Aug 2011 16:52:19 -0000
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1314031938; bh=F5OpV6i53PTnt+npnQKfxb8aZsojYH0ALhL4JO2FEC4=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=ie2aDrKQGMRh5+dM9/siXnlVtOSXzYrAsu23kngqHlF3/GBXEQPpXfw6lTMpyLYi63t6FEKMOPPdsndEtSdoK/SZgZqG8jAw2bfKcvX6XRB1QNCT1sC8zL/eJ0pW0ZQS09E2vR31seAJfwHaNfdAb7PW3jvqxz0N9d3K5rVkOe4=
    DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
      s=s1024; d=yahoo.com;
      h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;
      b=4XnGKPhVW4FNlK4sMxThFefmBp0/R3N9dDRe52665ogOUzHiCaF8rnCBEd3OuZhQUx4WGJuVSSMCr/Hhei8/cQjI2iQ2Ys+zNU8Izq+NxprT/WsA7fUlWyq9c0Stvh8ohpeCj0Y9w8PQcarC2gLbt4BKSW7qYK1yOsPoZ2hta/8=;
    X-YMail-OSG: luQgFeMVM1leguV_uNKsrgzbU7jGNYovkZJFggHxF1g6DTl
     TtlxylFfwUNBqI0GwKjFSFPvdGm5Ubg6JL_EJOeQslMQ46yFpd1oB8_3f08

    Here is the corresponding Forefront Spam agent log entry:

    Timestamp        : 2011-08-22T16:52:20.375Z
    SessionId        : 08CDC9E5ED9E7C49
    LocalEndpoint    : x.x.x.x:25
    RemoteEndpoint   : 98.139.213.129:30100
    EnteredOrgFromIP : 98.139.213.129
    MessageId        : <1314031938.29329.YahooMailClassic@web161014.mail.bf1.yahoo.com>
    P1FromAddress    : redacted@yahoo.com
    P2FromAddresses  : redacted@yahoo.com;
    Recipient        : redacted@xxxxxxxxxx.com
    NumRecipients    : 1
    Agent            : FSE Content Filter Agent
    Event            : OnEndOfData
    Action           : AcceptMessage
    SmtpResponse     :
    Reason           : SCL
    ReasonData       : 0
    Diagnostics      :

     

    Can anyone please help me get Blocked Senders working?  Preferably, I would like to get working the Blocked Senders from Outlook with Safelist Aggregation, but I would settle for Blocked Senders working in any of the 3 places I have tried to configure it.

    Tuesday, August 23, 2011 3:54 PM

Answers