Applies to: Exchange Server 2013
Topic Last Modified: 2012-10-03
Sender reputation is provided by the Protocol Analysis agent. Sender reputation blocks messages according to various characteristics of the sender. Sender reputation relies on persisted data about the sender to determine what action, if any, to take on an inbound message.
What do you need to know before you begin?
- Estimated time to complete each procedure: 5 minutes
- You need to be assigned permissions before you can perform this
procedure or procedures. To see what permissions you need, see the
"Anti-spam features" entry in the Anti-Spam and
Anti-Malware Permissions topic.
- You can't use the Exchange admin center (EAC) to perform this
procedure. You can only use the Shell.
- By default, anti-spam features aren't enabled in the Transport
service on a Mailbox server. Typically, you only enable the
anti-spam features on a Mailbox server if your Exchange
organization doesn't do any prior anti-spam filtering before
accepting incoming messages. For more information, see Enable Anti-Spam
Functionality on a Mailbox Server.
- The Protocol Analysis agent is the underlying agent for sender
reputation functionality. When you disable sender reputation, the
Protocol Analysis agent is still enabled.
- For information about keyboard shortcuts that may apply to the
procedures in this topic, see Keyboard Shortcuts in
the Exchange Admin Center.
 Tip: |
|---|
| Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection |
What do you want to do?
Use the Shell to enable or disable sender reputation
This example disables sender reputation.
 Copy Code |
|
|---|---|
Set-SenderReputationConfig -Enabled $false |
|
This example enables sender reputation.
| Copy Code |
|
|---|---|
Set-SenderReputationConfig -Enabled $true |
|
How do you know this worked?
To verify that you have successfully enabled or disabled sender reputation, do the following:
- Verify the Protocol Analysis agent is installed and enabled by
running the following command:
Copy CodeGet-TransportAgent
- Verify the sender reputation values you configured by running
the following command:
Copy CodeGet-SenderReputationConfig | Format-List Enabled,*MailEnabled
Use the Shell to enable or disable sender reputation for internal or external messages
By default, sender reputation is enabled for external messages, and disabled for internal messages. A message is considered external if it comes from an unauthenticated connection that's external to your Exchange organization. A message is considered internal if it comes from authenticated connection, and the sender's domain is configured as an authoritative domain in your Exchange organization.
To disable sender reputation for external messages, run the following command:
| Copy Code |
|
|---|---|
Set-SenderReputationConfig -ExternalMailEnabled $false |
|
To enable sender reputation for external messages, run the following command:
| Copy Code |
|
|---|---|
Set-SenderReputationConfig -ExternalMailEnabled $true |
|
To disable sender reputation for internal messages, run the following command:
| Copy Code |
|
|---|---|
Set-SenderReputationConfig -InternalMailEnabled $false |
|
To enable sender reputation for internal messages, run the following command:
| Copy Code |
|
|---|---|
Set-SenderReputationConfig -InternalMailEnabled $true |
|
How do you know this worked?
To verify that you have successfully enabled or disabled sender reputation for internal and external messages, do the following:
- Run the following command:
Copy CodeGet-SenderReputationConfig | Format-List Enabled,*MailEnabled
- Verify the values displayed match the values you
configured.
Use the Shell to configure sender reputation properties
To configure the sender reputation properties, run the following command:
| Copy Code |
|
|---|---|
Set-SenderReputationConfig -SrlBlockThreshold <Value> -SenderBlockingPeriod <Hours> |
|
This example sets the sender reputation level (SRL) block threshold to 6 and configures sender reputation to add offending senders to the IP Block List for 36 hours:
| Copy Code |
|
|---|---|
Set-SenderReputationConfig -SrlBlockThreshold 6 -SenderBlockingPeriod 36 |
|
How do you know this worked?
To verify that you have successfully configured the sender reputation properties, do the following:
- Run the following command:
Copy CodeGet-SenderReputationConfig
- Verify the values displayed match the values you
configured.
Use the Shell to configure outbound access for the detection of open proxy servers
You may need to perform additional steps to allow sender reputation to traverse any firewalls that are between the Internet and the Exchange server that's running the Protocol Analysis agent. The following table lists the outbound ports that are required for sender reputation.
| Protocols | Ports |
|---|---|
|
SOCKS4, SOCKS5 |
1081, 1080 |
|
Wingate, Telnet, Cisco |
23 |
|
HTTP CONNECT, HTTP POST |
6588, 3128, 80 |
To configure outbound access for the detection of open proxy servers, run the following command:
| Copy Code |
|
|---|---|
Set-SenderReputationConfig -ProxyServerName <String> -ProxyServerPort <Port> -ProxyServerType <String> |
|
This example configures sender reputation to use the open proxy server named SERVER01 that uses the HTTP CONNECT protocol on port 80.
| Copy Code |
|
|---|---|
Set-SenderReputationConfig - ProxyServerName SERVER01 -ProxyServerPort 80 -ProxyServerType HttpConnect |
|
How do you know this worked?
To verify that you have successfully configured outbound access for detection of open proxy servers, do the following:
- Run the following command:
Copy CodeGet-SenderReputationConfig | Format-List ProxyServer*
- Verify the values displayed are the values you configured.