Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2011-03-19

When the Content Filter agent is enabled on a computer, it filters all messages that come through all receive connectors on that computer. Only messages that come from non-authenticated sources are filtered.

This topic explains how to use the EMC or the Shell to configure content filtering on Exchange Edge Transport servers.

Note:
Content filtering is part of the suite of anti-spam features in Exchange. The anti-spam features are only available on Edge Transport servers by default. You can enable anti-spam features on a Hub Transport server even though it isn't recommended. To learn more about enabling anti-spam features on a Hub Transport server, see Enable Anti-Spam Functionality on a Hub Transport Server. The procedures listed in this topic are for configuring anti-spam functionality on an Edge Transport server, but the process is identical on Hub Transport servers.

What Do You Want to Do?

Use the EMC to configure content filtering

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Anti-spam features" entry in the Transport Permissions topic.

  1. In the console tree, click Edge Transport.

  2. In the result pane, click the Edge Transport server you want to configure and then select the Anti-spam tab in the work pane.

  3. Right-click Content Filtering and then select Properties.

  4. The General tab displays the following information about the content filtering feature.

    • Status   Shows whether content filtering is enabled or disabled.

    • Modified   Shows the date and time when content filtering properties were last modified.

    • Description   Provides a brief description of content filtering.

  5. Use the Custom Words tab on to configure the Content Filter agent to recognize and filter certain words or phrases. When the Content Filter agent encounters the specified words or phrases, it adjusts the Sender Confidence Level rating. The SCL rating is a number between 0 and 9. A higher SCL rating indicates that a message is more likely to be spam.

    • Allow messages containing these words or phrases   In this field, type a word or phrase that isn't likely to be contained in spam messages, and then click Add to add the word or phrase to the allowed phrases list.

      To remove a word or phrase from the allowed phrases list, select the word or phrase, and then click Remove icon.

      When the Content Filter agent encounters an allowed word or phrase, the SCL rating on that message is set to 0.

    • Block messages containing these words or phrases (messages containing words or phrases listed above will not be blocked)   In this field, type a word or phrase that is likely to be contained in spam messages, and then click Add to add the word or phrase to the blocked phrases list. To remove a word or phrase from the list, select the word or phrase, and then click Remove icon.

      When the Content Filter agent encounters a blocked phrase in a message, the SCL rating on that message is set to 9.

      Note:
      The allowed phrases list overrides the blocked phrases list. Therefore, if the message contains a phrase that is listed in the allowed phrases list, it is assigned an SCL rating of 0 even if it also contains blocked phrases.
  6. Use the Exceptions tab to specify up to 100 recipients in your organization for whom messages should not be checked by the Content Filter agent. For example, if you have a customer support e-mail alias, you may want to accept all inbound e-mail messages for that address.

    • Don't filter messages sent to the following recipients   In this field, type the full SMTP address of a recipient in your organization and then click Add.

      To change a recipient address that you have previously added, select the address and click Edit.

      To remove a recipient address that you have previously added, select the address and click Remove icon.

  7. Use the Action tab to define the action the Content Filter agent will take on messages according to their SCL rating. The Delete action takes precedence over the Reject action, and the Reject action takes precedence over the Quarantine action. Therefore, the SCL threshold for the Delete action must be greater than the SCL threshold for the Reject action, which in turn should be greater than the SCL threshold for the Quarantine action.

    • Delete messages that have an SCL rating greater than or equal to   Select this option to configure an SCL threshold for the Delete action, and in the corresponding SCL rating box, type or select a number from 0 to 9.

    • Reject messages that have an SCL rating greater than or equal to   Select this option to configure an SCL threshold for the Reject action, and in the corresponding SCL rating box, type or select a number from 0 to 9.

    • Quarantine messages that have an SCL rating greater than or equal to   Select this option to configure an SCL threshold for the Quarantine action, and in the corresponding SCL rating box, type or select a number from 0 to 9.

      Quarantine mailbox e-mail address   Use this field to type the SMTP address of the mailbox where you want to store any quarantined messages.

Use the Shell to configure content filtering

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Anti-spam features" entry in the Transport Permissions topic.

You can use the Set-ContentFilterConfig, Add-ContentFilterPhrase, Remove-ContentFilterPhrase cmdlets to modify all available content filtering settings. The following examples show how you can use these cmdlets to accomplish various tasks.

Use the Shell to configure allowed and blocked phrases

You use the Add-ContentFilterPhrase cmdlet to add both allowed and blocked words and phrases. The value of the Influence parameter determines if the word or phrase is allowed or blocked. For example, if you want to allow all messages that contain the phrase "customer feedback", but block all messages that contain the phrase "stock tip", you need to run the following commands:

Copy Code
Add-ContentFilterPhrase -Phrase "customer feedback" -Influence GoodWord
Add-ContentFilterPhrase -Phrase "stock tip" -Influence BadWord

For detailed syntax and parameter information, see Add-ContentFilterPhrase.

Use the Shell to configure recipient and sender exceptions

You use the Set-ContentFilterConfig cmdlet to configure both recipient and send exceptions.

  • The following example creates an exception for the recipient tiffany@contoso.com. Messages sent to this recipient aren't checked by the Content Filter agent:

    Copy Code
    Set-ContentFilterConfig -BypassedRecipients tiffany@contoso.com
    
  • The following example creates an exception for the sender joe@fabrikam.com. Messages received from this sender aren't checked by the Content Filter agent:

    Copy Code
    Set-ContentFilterConfig -BypassedSenders joe@fabrikam.com  
    
    To enter multiple SMTP addresses when specifying either recipient or sender exceptions, separate the addresses by using a comma. For example: joe@contoso.com, jeffrey@contoso.com. The maximum number of recipients you can specify is 100.

  • You can also bypass content filtering for all messages received from specific domains. The following example creates an exception for the domain fabrikam.com. Messages received from this domain aren't checked by the Content Filter agent:

    Copy Code
    Set-ContentFilterConfig -BypassedSenderDomains fabrikam.com
    
    To bypass content filtering of messages from specific domains and their subdomains, a wildcard character (*) can be used as shown in the following example:

    Copy Code
    Set-ContentFilterConfig -BypassedSenderDomains *.fabrikam.com
    
    To enter multiple SMTP domains, separate the domains by using a comma. For example: fabrikam.com,*nwtraders.com. The maximum number of domains you can specify is 400.

For detailed syntax and parameter information, see Set-ContentFilterConfig.

Use the Shell to configure SCL thresholds

You use the Set-ContentFilterConfig cmdlet to configure SCL thresholds and actions. The Delete action takes precedence over the Reject action, and the Reject action takes precedence over the Quarantine action. Therefore, the SCL threshold for the Delete action must be greater than the SCL threshold for the Reject action, which in turn should be greater than the SCL threshold for the Quarantine action.

  • The following example enables the Delete action and sets the corresponding SCL threshold to 9:

    Copy Code
    Set-ContentFilterConfig -SCLDeleteEnabled $true -SCLDeleteThreshold 9
    
  • The following example enables the Reject action and sets the corresponding SCL threshold to 8:

    Copy Code
    Set-ContentFilterConfig -SCLRejectEnabled $true -SCLRejectThreshold 8
    
  • The following example enables the Quarantine action and sets the corresponding SCL threshold to 7:

    Copy Code
    Set-ContentFilterConfig -SCLQuarantineEnabled $true -SCLQuarantineThreshold 7
    

For detailed syntax and parameter information, see Set-ContentFilterConfig.

Use the Shell to configure the rejection response

If you enable the Reject action, you can also customize the response that is sent to the message originator when a message is rejected. The following example configures the Content Filter agent to send a customized rejection response.

Copy Code
Set-ContentFilterConfig -RejectionResponse "Your message was rejected because it appears to be SPAM."
Note:
Don't write a rejection response that exceeds 240 characters.

For detailed syntax and parameter information, see Set-ContentFilterConfig.

Use the Shell to configure Outlook E-mail Postmarking

Outlook E-mail Postmarking validation is a computational proof that Microsoft Office Outlook applies to outgoing messages to help recipient messaging systems distinguish legitimate e-mail from junk e-mail. Postmarking first became available in Outlook 2007 or newer. Postmarking helps reduce false positives. To enable Outlook E-mail Postmarking, run the following command:

Copy Code
Set-ContentFilterConfig -OutlookEmailPostmarkValidationEnabled $true

To disable Outlook E-mail Postmarking, run the following command:

Copy Code
Set-ContentFilterConfig -OutlookEmailPostmarkValidationEnabled $false

For detailed syntax and parameter information, see Set-ContentFilterConfig.