none
Exchange 2010 Content Filter Agent Not Working

    Question

  • I have one Exchange 2010 in my enviornment. I have succesfully installed the anti-spam agent on the Hub Transport Server. Under Organization Config - Hub Trans- Anti-spam, everything is enabled. Under Content Filter Properties - under Ation, I have these threshholds; Delete at score 9, Reject at score 7 and Quarantine at score 6. When I look in the AgentLogs nothing seems to be getting rejected. I also noticed that in the logs it says that the policy is disabled. Here is an example:
    RunspaceId      : c0588b76-aedc-4e2f-8f6c-86f61b6cb571
    Timestamp       : 3/15/2010 8:52:32 AM
    SessionId       : 08CC90E28D68B5E4
    IPAddress       : 10.1.1.62
    MessageId       : <5989564.151268668404805.JavaMail.root@pilot>
    P1FromAddress   : info@ck12.org
    P2FromAddresses : {info@ck12.org}
    Recipients      : {user@mydomain.com}
    Agent           : Content Filter Agent
    Event           : OnEndOfData
    Action          : AcceptMessage
    SmtpResponse    :
    Reason          : SCL
    ReasonData      : not available: policy is disabled.
    Diagnostics     :

    A few things I have noticed from troubleshooting the issue. When I suspend the queue, everyone is getting  a SCL score of 0 and -1. The -1 are my local users and everyone else is getting a 0. I think I narrowed this down to the fact that I have a spam filter (Iron Port Appliance) in front of the Exchange Server. So when the Exchange Server gets an email, it's saying the source is from local address 10.1.1.62 (Iron Port). I spoke to Iron Port and they said that the appliance passing on all the sender info to Exchange. They advised me to contact Microsoft.

    I don't know what else to try. Any help is greatly appreciated!




    Monday, March 15, 2010 4:02 PM

Answers

  • Hi,

    The Content Filter agent checks the following conditions in the message. If any of the conditions are true, the message bypasses content filtering and attachment filtering. These messages then go on to antivirus scanning for processing.

    * The sender's IP address is on the IP Allow list for connection filtering.
    * All recipients are on the exceptions list for content filtering.
    * The AntiSpamBypassEnabled parameter is set to $True on all the recipients' mailboxes.
    * All the recipients have added this sender to their Outlook Safe Sender list, which is updated to the Edge Transport server by using safelist aggregation.
    * The sender is a trusted partner and on the organization's list of senders that are not filtered.

    In addition to the conditions listed here, if the SMTP session has been authenticated as a trusted partner, and if the administrator has granted the Bypass Anti-Spam (Ms-Exch-Bypass-Anti-Spam) permission to partners, the anti-spam agents will be disabled for messages during that session. The Bypass Anti-Spam permission is not granted to partners by default and must be assigned by an administrator.

    If a message does not meet any of the conditions described here, content filtering is applied. Content filtering assigns a SCL rating to the message.

    Thanks

    Allen

    • Marked as answer by Allen Song Monday, March 29, 2010 6:47 AM
    Thursday, March 18, 2010 9:28 AM

All replies

  • Hi,

    The Content Filter agent checks the following conditions in the message. If any of the conditions are true, the message bypasses content filtering and attachment filtering. These messages then go on to antivirus scanning for processing.

    * The sender's IP address is on the IP Allow list for connection filtering.
    * All recipients are on the exceptions list for content filtering.
    * The AntiSpamBypassEnabled parameter is set to $True on all the recipients' mailboxes.
    * All the recipients have added this sender to their Outlook Safe Sender list, which is updated to the Edge Transport server by using safelist aggregation.
    * The sender is a trusted partner and on the organization's list of senders that are not filtered.

    In addition to the conditions listed here, if the SMTP session has been authenticated as a trusted partner, and if the administrator has granted the Bypass Anti-Spam (Ms-Exch-Bypass-Anti-Spam) permission to partners, the anti-spam agents will be disabled for messages during that session. The Bypass Anti-Spam permission is not granted to partners by default and must be assigned by an administrator.

    If a message does not meet any of the conditions described here, content filtering is applied. Content filtering assigns a SCL rating to the message.

    Thanks

    Allen

    • Marked as answer by Allen Song Monday, March 29, 2010 6:47 AM
    Thursday, March 18, 2010 9:28 AM
  • If you do not have an Edge Transport Server, will safelist aggregation be performed on the Hub Transport Server?
    Ron
    Friday, April 01, 2011 3:09 PM
  • Hi, I have the same problem.

    * The sender's IP address is NOT on the IP Allow list for connection filtering.
    * All recipients are NOT on the exceptions list for content filtering.
    * The AntiSpamBypassEnabled parameter is NOT set to $True on all the recipients' mailboxes.
    * All the recipients have NOT added this sender to their Outlook Safe Sender list, which is updated to the Edge Transport server by using safelist aggregation.
    * The sender is NOT a trusted partner and on the organization's list of senders that are not filtered.

    And yet the
    ReasonData      : not available: policy is disabled.
    is being logged.

    I also have the recipient filtering enabled and still have <> senders backscattering from my Exchange blacklisting me on backscatterer.org's site. Any clue?


    Tuesday, April 26, 2011 7:37 AM