none
Increase in Spam and Legitimate email is ending up in Outlook’s Junk-mail folder

    Question

  • We are Running Exchange 2007SP2/2010 SP1

    No Edge Transport Server (yet)

    Most of the 2007 Mailboxes are Moved to 2010 and will be removing the 2007 server soon.

     

    Our MX records are still pointing to the 2007 Server.

    2007 Server is CAS, Mailbox and HT

    2010 Server is CAS, Mailbox and HT

     

    Both Server

    run VamSoft’s ORF Spam filter

    have MS Anti-Spam Agents Installed.

    have Reject Message with SCL of 9

    send Message to Outlook Junk Mail at SCL 6

    Do Not Delete based on SCL

    Do Not Quarantine based on SCL

     

    Symptoms.

     

    Since the Migration from the 2007 server to the 2010 server we seem to be getting much more SPAM in our mailboxes/junkmail folders.

    Our sales staff is receiving emails in their Junk-mail folders from legitimate customers.

                    The SCL on the PO’s range from 4-6

                    Users have Added the Sender and the sender’s Domain to their personal Safe Sender’s List.

     

     

    I’ve set up the 2010 server similar to the 2007 server in terms of the HT policies and rules.   I’m not sure why the increase in SPAM if the MX records are still pointing to the old server.  I know the messages are going though VamSoft’s ORF, though I’m not sure at what point the Message is handed from the 2007 server to the 2010 server and if any of the policies on the 2007 server are getting bypassed and something is not setup on the 2010 server?

     

    When looking through how to get stats on SCL and look into the Spam Health info, it seems to only reference an Edge Transport server, and the AgentLog log folder. Since I do not have an Edge Transport server yet, I’m not sure how to troubleshoot this.

     

    Thanks,

      Scott<-

     

     

     

    Thursday, July 28, 2011 3:25 PM

Answers

  • Hi,

    Since the MX records are still pointing to the old server, the problem should not be caused by the new installation of exchange 2010 server. Exchange server 2007 route the inbound messages to exchange 2010 by using routing group connector, vice versa. And the Anti-Spam Agents will not filter the messages that received from routing group connectors.

     


    Gen Lin 
    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact tngfb@microsoft.com 
    • Edited by Gen Lin Monday, August 01, 2011 6:31 AM
    • Marked as answer by Gen Lin Thursday, August 04, 2011 7:18 AM
    Friday, July 29, 2011 11:20 AM
  • Hello Scott,

    Ans. As you told that your MX is pointing to E2K7 server.

    If VamSoft’s ORF is Stamping SCL rating to the Emails then Your Antispam Feature on E2K7 will again Stamp the SCL on the same Mail. It will simple pass the Email to Inbox or Junk folder of users according to the Filters.

    Please check what SCL rating is set on the VamSoft’s ORF Spam Filter. Set it as Reject Message with SCL of 7 & send Message to Outlook Junk Mail at SCL 6.

    In E2K7 server :--

    Uninstall the Antispam from the E2K7 server and again Reinstalled it .

    Install the Anti Spam on the E2K7 server and configure it:-

    Content Filter -- 7 & 6, IP block list providers, Recipient Filtering & Sender filtering 

    How to install Microsoft Anti Spam Agents on Exchange 2007

    http://support.microsoft.com/kb/555924

    Managing Anti-Spam and Antivirus Features

    http://technet.microsoft.com/en-us/library/aa996604.aspx

    => And updated the AntispamUpdates

    Enable-AntispamUpdates -Identity <SERVERNAME> -IPReputationUpdatesEnabled $True -MicrosoftUpdate RequestNotifyDownload -UpdateMode Automatic -SpamSignatureUpdatesEnabled $True

    How to Configure Anti-Spam Automatic Updates

    http://technet.microsoft.com/en-us/library/bb125199(EXCHG.80).aspx

     => Restart the Transport service on E2K7 server

    [Note: If still after following the above steps you are facing the issue then please contact VamSoft’s ORF Spam Filter support for help or try by using the only Exchange Antispam Feature on E2K7 server.]

    => Do this it will help you to fix your issue.


    EXCHANGE2010, MCSE, MCTS, MCSA MESSAGING, CCNA & GNIIT
    • Proposed as answer by PKT_ Tuesday, August 02, 2011 10:57 PM
    • Marked as answer by Gen Lin Thursday, August 04, 2011 7:18 AM
    Tuesday, August 02, 2011 10:57 PM

All replies

  • to be honest, i would start by calling your spam vendor--VamSoft.

     

    This may be what you don't to hear but...

    1. Instead of planning to implement edge server, i would go buy a barracuda device (for $1500, it can handle 2000+ users). then have the barracuda deliver mail straight to hub servers.

    2. use group policy to turn off the outlook junk filter.


    got a question? guarantee answers at: http://www.infotechguyz.com/forum/
    Thursday, July 28, 2011 7:49 PM
  • Hi,

    Since the MX records are still pointing to the old server, the problem should not be caused by the new installation of exchange 2010 server. Exchange server 2007 route the inbound messages to exchange 2010 by using routing group connector, vice versa. And the Anti-Spam Agents will not filter the messages that received from routing group connectors.

     


    Gen Lin 
    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact tngfb@microsoft.com 
    • Edited by Gen Lin Monday, August 01, 2011 6:31 AM
    • Marked as answer by Gen Lin Thursday, August 04, 2011 7:18 AM
    Friday, July 29, 2011 11:20 AM
  • Since the MX records are still pointing to the old server, the problem should not be caused by the new installation of exchange 2010 server. Exchange server 2007 route the inbound messages to exchange 2010 by using routing group connector, vice versa. And the Anti-Spam Agents will not filter the messages that received from routing group connectors.  

     

    Totally agreed; what I suspect is that, by installing the new exchange instance, the setup went on creating a new "connector" to the old instance and, given that the new instance uses the "VamSoft ORF" which is basically an SMTP filtering proxy, it's possible that the latter is uncorrectly flagging messages from the old server to the new one for some reason (which may be totally correct in case the server was published)

    I think that, before setting up spam filtering, our OP (scooter) should set up a vanilla exchange and ensure to migrate things as needed; done so, he may then proceed installing all the needed spam filters.

    As for the suggestion of setting up a "barracuda" appliance; I disagree, those are ok if you want a "filter in a can" but there's currently NO "magic box" and those follow the rule, this means that while the barracuda may in theory be easier to setup, in practice, it will never be able to work as well as the ORF does

    Just in case, you may either choose amongs "easy to use" and "efficient"; the spam filtering appliances and the "canned" spam filtering solutions generally fall into the first category; ORF falls into the second one along with some other products, then, if you still believe that a box will magically solve any spam issues on this earth, go on and tell it to the world, this way, we won't have spam anymore

     

    Friday, July 29, 2011 12:41 PM
  • Hi,

    Is there any update?

    Monday, August 01, 2011 6:30 AM
  • Hi Scott,

     

    Did you configure ORF to use SCL ratings? Under Exchange 2007/2010 it requires setting up an Exchange Transport Rule from PowerShell. This transport rule recognizes the spam tag added by ORF to the email and assigns an SCL score accordingly. If no such transport rule was added to Exchange, or you have ORF configured to reject emails (which is the default), you can probably exclude ORF as the reason for the issue.

     

    Also, ORF should be doing well alone without the help of any Exchange agents. If you experience any less than 99-98% of spam catch rate, please contact us at orf-support@vamsoft.com, we are happy to help with fine-tuning ORF.

     

      Peter

    Tuesday, August 02, 2011 3:21 PM
  • Hello Scott,

    Ans. As you told that your MX is pointing to E2K7 server.

    If VamSoft’s ORF is Stamping SCL rating to the Emails then Your Antispam Feature on E2K7 will again Stamp the SCL on the same Mail. It will simple pass the Email to Inbox or Junk folder of users according to the Filters.

    Please check what SCL rating is set on the VamSoft’s ORF Spam Filter. Set it as Reject Message with SCL of 7 & send Message to Outlook Junk Mail at SCL 6.

    In E2K7 server :--

    Uninstall the Antispam from the E2K7 server and again Reinstalled it .

    Install the Anti Spam on the E2K7 server and configure it:-

    Content Filter -- 7 & 6, IP block list providers, Recipient Filtering & Sender filtering 

    How to install Microsoft Anti Spam Agents on Exchange 2007

    http://support.microsoft.com/kb/555924

    Managing Anti-Spam and Antivirus Features

    http://technet.microsoft.com/en-us/library/aa996604.aspx

    => And updated the AntispamUpdates

    Enable-AntispamUpdates -Identity <SERVERNAME> -IPReputationUpdatesEnabled $True -MicrosoftUpdate RequestNotifyDownload -UpdateMode Automatic -SpamSignatureUpdatesEnabled $True

    How to Configure Anti-Spam Automatic Updates

    http://technet.microsoft.com/en-us/library/bb125199(EXCHG.80).aspx

     => Restart the Transport service on E2K7 server

    [Note: If still after following the above steps you are facing the issue then please contact VamSoft’s ORF Spam Filter support for help or try by using the only Exchange Antispam Feature on E2K7 server.]

    => Do this it will help you to fix your issue.


    EXCHANGE2010, MCSE, MCTS, MCSA MESSAGING, CCNA & GNIIT
    • Proposed as answer by PKT_ Tuesday, August 02, 2011 10:57 PM
    • Marked as answer by Gen Lin Thursday, August 04, 2011 7:18 AM
    Tuesday, August 02, 2011 10:57 PM