locked
sender block list RRS feed

  • Question

  • Hi All,

     

    I have installed Forefront Protection 2010 for Exchange Server on Exchange 2010 SP1.  I am trying to get the sender block list to work, I put in my yahoo email address and still lets it through.  Everything is enabled but my emails still come on through.  What am I missing?

    Wednesday, November 9, 2011 3:56 AM

Answers

  • Hi,

    do you receive your emails still over the Exchange 2007? If so then this would explain why the message has an SCL of -1. The communication from your Exchange 2007 to Exchange 2010 uses Exchange authentication and Antispam will be bypassed for those connections.

    X-MS-Exchange-Organization-Antispam-Report: MessageSecurityAntispamBypass

    X-MS-Exchange-Organization-SCL: -1

    Greetings

    Christian


    Christian Groebner MVP Forefront
    • Marked as answer by toolbox Friday, November 18, 2011 10:16 PM
    Friday, November 18, 2011 4:41 PM

All replies

  • Hi,

    this can happen when Cloudmark rates this email as good and assigns a SCL of -1 to is. A SCL of -1 means internal message and that's why your blocklist is skipped.

    You can change this behavior with the follwoing command in the FPE Powershell:

    New-FseExtendedOption –Name CFAllowBlockedSenders –Value true

    After that a SCL of 0 will be assigned instead of -1 and then your blocklist will be processed.

    Greetings

    Christian


    Christian Groebner MVP Forefront
    • Proposed as answer by Nick Gu - MSFT Friday, November 11, 2011 8:38 AM
    • Marked as answer by Nick Gu - MSFT Monday, November 14, 2011 7:24 AM
    • Unmarked as answer by toolbox Thursday, November 17, 2011 7:54 PM
    Wednesday, November 9, 2011 8:19 AM
  • Thanks and I just tried that and that command didn't work.  Emails still have a value of -1.

     

    Also, this doesn’t make any sense to me.  I am explicitly telling it to block an email address.  I don’t care if the message is good or not.  So basically the allowblock list is useless by default?  Any other features that are useless by default and need to be fixed?


    • Edited by toolbox Thursday, November 17, 2011 7:54 PM
    Thursday, November 17, 2011 7:32 PM
  • Hi,

    can you post the header of the email.

    The option is responsible for assigning a value of 0 instead of -1, so I don't see any reason why it shouldn't work with your installation of FPE.

    Greetings

    Christian


    Christian Groebner MVP Forefront
    Thursday, November 17, 2011 8:23 PM
  • Hi,

     

    As I read over the header I forgot to mention that I have an Exchange 2007 server still in production.  The Exchange 2010 server with Forefront is coexisting with Ex2007.  Currently testing out everything on Ex2010 before it goes it production.  Is it possible that this configuration is screwing up Forefront?

     

    Here is the header info:

     

    Received: from exchangeserver1 (2002:8e19:4f89::8e19:4f89) by

    Exchangeserver2 (2002:8e19:4fb9::8e19:4fb9) with Microsoft SMTP Server

    (TLS) id 14.1.218.12; Thu, 17 Nov 2011 15:21:37 -0800

    Received: from aspen.itsd.gov.bc.ca (142.32.11.114) by exchangeserver1

    with Microsoft SMTP Server (TLS) id 8.2.255.0; Thu, 17 Nov

    2011 15:21:37 -0800

    X-Spam-Status: rating: low

    X-Spamassasin-Status: No, score=2.2 required=5.0 tests=BAYES_99,

    DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,

    RP_MATCHES_RCVD shortcircuit=no autolearn=disabled version=3.3.1

    X-Spam-Level: **

    Received: from nm30-vm0.bullet.mail.bf1.yahoo.com

    (nm30-vm0.bullet.mail.bf1.yahoo.com [98.139.213.126])       by aspen.itsd.gov.bc.ca

    (8.13.8/8.13.1) with SMTP id pAHNLnZi020861         for <username@domain.com>; Thu,

    17 Nov 2011 15:21:51 -0800

    Received: from [98.139.212.148] by nm30.bullet.mail.bf1.yahoo.com with NNFMP;

    17 Nov 2011 23:21:49 -0000

    Received: from [98.139.212.227] by tm5.bullet.mail.bf1.yahoo.com with NNFMP;

    17 Nov 2011 23:21:49 -0000

    Received: from [127.0.0.1] by omp1036.mail.bf1.yahoo.com with NNFMP; 17 Nov

    2011 23:21:49 -0000

    X-Yahoo-Newman-Property: ymail-3

    X-Yahoo-Newman-Id: 111047.17066.bm@omp1036.mail.bf1.yahoo.com

    Received: (qmail 50765 invoked by uid 60001); 17 Nov 2011 23:21:48 -0000

    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1321572108; bh=OHHuxmV9KDbWNrav71NjCIM5QT/kg7mcnlYQspAXaBA=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=nNzvdgstWPPxEuQmU47clo0fnFk0u+fWwgWPphfDvsYU0xnUaX9z72pUm3E4rlu+fn66+lbspGMvadZZQIsNPx6p/7+GeodaU03UHTFSgA8MvNAPE4Uw8vxSj+mqbEGFB2j/59wUt0+aXVe794qaDOcOuTV6TFNsFf66/wmknpY=

    DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;

      s=s1024; d=yahoo.com;

      h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;

      b=xSFgozcFK+vZZ5ULzLJ7/qmu2VsxbjvInKHvq+Lbs7dP0b8slt+tDa7aahNHIgRTILEKgLefC1fz4ptmSJJH2cHnb3efL05wPrxedPQm+aaDL4/Ydwgz3CxI6BD8zH3IIP9pLcIH1I+mQt4g9Gk3mTjd9EFegb2Q4O9gZSg+F2Y=;

    X-YMail-OSG: aHg9VRkVM1mzpTQMSJ_O60YpKseYNkVQ65f5SmiuccXYhDh

    3TXJiTCFPOeEjVzhkGxTuNHpCdO7n_M1yF75P9HmdRcSu1BBiF.9G8E_83sV

    mtzmdqpqDAyHX2t_af1N2B1PuqSZX8ewfqo9jU2ZyEueYhnsqTHPKT.OuUX.

    4kTvBQhVjaBzdzxSWzwYS0lE45FykZ7unMfZoDQO8LDrBIraD61k6qvCwDex

    YYyZ5XyMOGTewRHTXvgJKEUAzijX19kqaVbpSYvy3ZW5T60ZEXfTwawylzvO

    un4KkvAfnubktIMAgLnK8bcb7A8.cxosHjqmb11VUi8smdbzR3jy.ezLkzHv

    VNxTYbV4lOyOwfUFBYQ69eE0tvoprt6ZfZMEfWdgTpURxn4_iYMM97lsv70J

    lftCurmfLFCqI1usPlmYdvxQgFH9BzXdr.Q--

    Received: from [142.25.78.203] by web162001.mail.bf1.yahoo.com via HTTP; Thu,

    17 Nov 2011 15:21:48 PST

    X-Mailer: YahooMailClassic/14.0.11 YahooMailWebService/0.8.115.325013

    Message-ID: <1321572108.33508.YahooMailClassic@web162001.mail.bf1.yahoo.com>

    Date: Thu, 17 Nov 2011 15:21:48 -0800

    From: username <username@yahoo.com>

    Subject: test 321

    To: <username@domain.com>

    MIME-Version: 1.0

    Content-Type: multipart/alternative;

                boundary="1969517296-1164468372-1321572108=:33508"

    X-Scanned-By: MIMEDefang 2.68 on 142.32.11.114

    Return-Path: username@yahoo.com

    X-MS-Exchange-Organization-AuthSource: exchange1

    X-MS-Exchange-Organization-AuthAs: Anonymous

    X-MS-Exchange-Organization-Antispam-Report: MessageSecurityAntispamBypass

    X-MS-Exchange-Organization-SCL: -1

    X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;1;0;0 0 0

    • Marked as answer by toolbox Friday, November 18, 2011 10:15 PM
    • Unmarked as answer by toolbox Friday, November 18, 2011 10:15 PM
    Friday, November 18, 2011 4:30 PM
  • Hi,

    do you receive your emails still over the Exchange 2007? If so then this would explain why the message has an SCL of -1. The communication from your Exchange 2007 to Exchange 2010 uses Exchange authentication and Antispam will be bypassed for those connections.

    X-MS-Exchange-Organization-Antispam-Report: MessageSecurityAntispamBypass

    X-MS-Exchange-Organization-SCL: -1

    Greetings

    Christian


    Christian Groebner MVP Forefront
    • Marked as answer by toolbox Friday, November 18, 2011 10:16 PM
    Friday, November 18, 2011 4:41 PM
  • Doh!!

    Thanks.

    Friday, November 18, 2011 10:15 PM