none
lack of recent anti Spam-Filter updates?

    Question

  • Hello,

    it has been a while since my Exchange Server Edge-Transport (2010 Enterprise) installed new anti-spam definition files. 24th September 2016 was the last time.

    Is there something wrong with the definition updates (we had this issue some time ago: Microsoft didn't Update the definition files for some months)? Anyone suffer under the same issue?

    I am also wondering why it is called Standard-Antispam Updates and not Enterprise.

    Wednesday, October 19, 2016 9:07 AM

Answers

All replies

  • Hi Markus,

    Based on my research,  the Microsoft Exchange Server Standard Anti-spam Filter Updates v3.3.16506.864 is the latest update for Exchange Standard Edition. Please be patient and waiting for update.
    For your reference: http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=updates&lang=en (search keywords "Microsoft Exchange Server Standard Anti-spam Filter Updates")

    For Exchange Server 2010, the Standard CAL spam definition updates is provided by Microsoft Update and published twice a month. However, Enterprise CAL anti-spam definition updates is available via Forefront Security for Exchange.


    Allen Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
    Thursday, October 20, 2016 5:24 AM
    Moderator
  • Thank you for your reply, Allen.

    Maybe you can be more specific regarding the Enterprise definition updates in short terms, please? What if I upgrade the Exchange 2010 Edge Transport to 2016? Does it handle the anti spam definition updates in another way? I thought the Enterprise definition updates where published the same way.

    Regarding Exchange 2016 you might help me finding an answer for the question if the Edge Transport is acting RFC conform. The Exchange 2013 has the problem that if an address is not existing the deny of the message comes not after placing the RCPT TO command but rather only at the end.
    Because of this unsecure thing I haven't upgraded the system yet because I don't like the behavior. But I realized that the spam is becoming to a bigger problem now.


    Thursday, October 20, 2016 7:09 AM
  • Hi,

    Correctly, the Enterprise CAL updates will still be offered daily. If you upgrade to Exchange 2016 Edge, you need download antimalware engine and definition updates from Microsoft Download Engine and Definition Updates(similar with Exchange 2016) to keep the Anti-Spam Features up to date.

    Moreover, Recipient filtering is rely on the RCPT TO SMTP header to determine what action, and it's basically unchanged from Exchange Server 2010.

    Note: the older that the antispam agents are applied to messages on Edge Transport servers:
    • Connection Filtering agent
    • Sender Filter agent
    • Recipient Filter agent
    • Sender ID agent
    • Content Filter agent
    • Protocol Analysis agent (sender reputation)
    • Attachment Filtering agent


    Allen Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, October 21, 2016 3:06 AM
    Moderator
  • Hi,

    Correctly, the Enterprise CAL updates will still be offered daily.

    Hi,

    thank you for the reply. How are the updates offered? In the past I recognized them in the WSUS but I don't see them anymore and taking a look into the recent installed updates I only see the Standard filter updates. But Get-ExchangeServer shows me that this is an Enterprise Version.

    Maybe I am totally missing something?

    Friday, October 21, 2016 7:52 AM
  • Oh man. Even if it is embarrassing I just have write what "just" happened (to be honest it happend more than 12 hours ago). All I wanted to do is to remove the Edge-Transport 2010 and install a new 2016. So I though "It is just an Edge-Transport Server. I don't need a new VM!". So I continued my work without having any thoughts regarding a mistake. Now here what I did.

    1. First I removed the Edge-Subscription on the Edge-Transport Server
    2. and removed the Exchange Server with the normal uninstallation routine.
    3. I installed .Net Framework 4.6 because I read it is compatible with the latest version of Exchange 2016.
    4. After a reboot I installed the Exchange 2016. I was getting confused that setup told me that I only can install it with using the /m:RecoverServer parameter.
    5. I did that.
    6. First everything looked normal.
    7. But then I recognized errors in the MMC. I thought "well install the product key first and we will see then what's wrong". I first used Get-ExchangeServer and I was wondered that "Programs and Features" and the Start menu told me it is Exchange 2016 but Get-ExchangeServer told me it is Exchange 2010.
    8. Oh boy.
    9. I was thinking about "Is my Exchange 2013 CU 13 compatible with 2016? It should be though.".
    10. Better install Exchange 2013 CU 14 on my primary Exchange Server!
    11. This went terribly wrong (but I guess the error was already there).
    12. Setup "ended" with "Can't find Object s-mail-1 in the domain. Ehm ok. It was there.
    13. Now the Exchange 2013 was totally ruined. I tried with RecoverServer but it told me he can't because setup is unfinished xD. I swear I saw a trollface in the logs but I was not able to locate it afterwards.
    14. Now my entire environment was totally destroyed!
    15. I recovered the Exchange Server virtual machine and noticed that ADTopology couldn't find any domain controllers. ?! I don't understand anything.
    16. Now I needed to restore a backup of the Domain controller, too. It was a pity that the other domain controller was backed uped after this mess. So I just Seized the rolls of the DC to my restored DC and reinstalled the other DC to be sure to not run in some strange replication errors regarding the Exchange.

    Well, now... The Exchange is running at least. I have copied the database before restore so I don't have any loss of data. But I haven't achieved anything, too, this day. :D - except that Exchange 2013 is running with CU 14 now.

    Now a quick question. I wanted to install the Edge-Transport Server 2016 CU 4 on the new installed machine. I guess I can do this without running into any problems - see above :)? I have removed the Edge-Subscription from the Exchange 2013 as well. Can I just install it on the server without noticing anything? I don't want to upgrade the Exchange 2013, now. I just want to install the Edge-Transport 2016 in my network and keep the 2013 for now.

    Friday, October 21, 2016 9:09 PM
  • Hi

    You can use this link for guidance to setup Exch 2016 Edge server. http://msexperttalk.com/configuring-exchange-2016-edge-transport-server/

    Also read this link https://technet.microsoft.com/en-us/library/dn635117(v=exchg.160).aspx for a better understanding.

    And do this on a new virtual machines always.  Do not change anything on CAS/mailbox server, only follow the new edge subscription setting and that will update in the transport service to point to the new edge server. 


    Saturday, October 22, 2016 8:15 AM
  • Hello,

    thank you for the reply. Unfortunately those are very basic information.

    I still don't get it... how the Anti-Spam thing is getting updated. Because the link Allen sent me does only show the update of the Malware Engine. This engine is only available on the Mailbox servers and not on the Edge-Transport (for whatever reason).

    Monday, October 24, 2016 11:12 AM
  • Hi,

    Based on my research, we need use Microsoft Update to update content filter in Exchange 2016, and it's similar with Exchange 2010. Also, refer to below link to check available update.

    Quote from TechNet article:
    Content filtering in Exchange Server 2016 is provided by the Content Filter agent, and is basically unchanged from Exchange Server 2010. Updates to the Content Filter agent are available periodically through Microsoft Update.

    By default, the Content Filter agent is enabled on Edge Transport servers, but you can enable it on Mailbox servers.


    Allen Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 26, 2016 2:06 AM
    Moderator
  • Hi,

    this is exact how I interpreted the behaviour. And there we are again with the initial question. Based on your linked RSS-Feed (which is helpful) the last Enterprise Update is from last month. Isn't there something wrong the update cycle?

    Wednesday, October 26, 2016 6:32 AM
  • Hi,

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    If you have any updates during this process, please feel free to let me know.


    Allen Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, October 27, 2016 7:31 AM
    Moderator
  • Hi,

    Sorry for delay.

    During discussion with my colleagues, you can install latest Enterprise anti-spam filter update (v3.3.16506.864):
    http://www.catalog.update.microsoft.com/DownloadDialog.aspx

    Besides, here's a RSS-Feed for available Microsoft Exchange Server 2007 Enterprise Anti-spam Filter Updates in Windows Update:
    http://www.catalog.update.microsoft.com/Search.aspx?q=Microsoft%20Exchange%20Server%202007%20Enterprise%20

    Allen Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 2, 2016 7:17 AM
    Moderator
  • Hi,

    Would you please provide us with an update on the status of your issue?
    Please feel free to let me know, also help to mark useful reply as answer if it helps.


    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 8, 2016 8:56 AM
    Moderator
  • Well, there are newer Updates for the Enterprise Anti-Spam list now available. I will see if there will be more recent updates in the next days/weeks.

    Thank you so far.

    Wednesday, November 9, 2016 4:33 PM
  • Hi,

    I just wanted to give a short update for this issue. While further testing I recognized that the Exchange Edge Transport must have some problems.

    My problem now was that every email from Hotmail (and in addition those auth-codes mails for verifying your outlook.com account) were not touching my server at home. It always was only accepted by my hoster which I use as mail spooler and mail relay. For further testing I removed the MX entry in public DNS and recognized that the mails were not coming in. I was confused as I noticed that the agent logs didn't note anything. Just like it never contacted my server. Before I used the Edge Transport I used a postfix server for a while. Because it was running but not used it wasn't complicated to use it again - I just changed the NAT forward and the system was switched. Those mails were coming in now. So it was not a problem with my internet connection or router.

    And in addition I have less spam problems now. It's a pity that I had to drop the Exchange Edge transport but it is working much better now.


    Friday, November 18, 2016 4:27 PM