Totally obvious spam not being caught - every mail has SCL -1 RRS feed

  • Question

  • I have just set up a new system with Forefront TMG 2010, Forefront protection for Exchange and Exchange Edge Transport on the same machine. it is our main firewall.

    Mostly everything works fine, but we are receiving way too much spam. It is as if nothing gets caught at all andd in Outlook all mais have either -1 or 0 stamped as the SCL value.

    If I look in the Spam Details Server Security View, I see 1290 messages processed by connection filtering, 120 out of these blocked by IP-block list (due to mistaken initial config). An additional 10 messages blocked by Sender ID and nothing else blocked at all. Actually these stats may be old. I am resetting them now to see if anything gets processed at all.

    Initially TMG blocked cloudmark from fetching updates, but this works fine now, and there are no recent errors or warnings in Windows' event log.

    These are the agents:

    [PS] C:\Windows\system32>Get-TransportAgent

    Identity                                           Enabled         Priority
    --------                                           -------         --------
    Connection Filtering Agent                         True            1
    Address Rewriting Inbound Agent                    True            2
    Edge Rule Agent                                    True            3
    Content Filter Agent                               False           4
    Protocol Analysis Agent                            True            5
    Attachment Filtering Agent                         True            6
    Address Rewriting Outbound Agent                   True            7
    Sender Id Agent                                    True            8
    Sender Filter Agent                                True            9
    Recipient Filter Agent                             True            10
    FSE Routing Agent                                  True            11
    FSE Connection Filtering Agent                     True            12
    FSE Content Filter Agent                           True            13

    Server is running windows server 2008 R2 and is domain-joined. Running all latests updates from Microsoft Update. The server was rebooted this morning.

    Any thoughts?

    Wednesday, June 13, 2012 3:25 PM

All replies