Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2009-04-29
This topic explains how to use the Exchange Management Shell to configure attachment filtering. Attachment filtering cannot be managed by using the Exchange Management Console.
Attachment filtering can block attachments from entering the Microsoft Exchange Server 2007 organization by attachment content type or by attachment file name. How the attachments are processed depends on how attachment filtering is configured.
|Configuration changes that you make to attachment filtering by using the Exchange Management Shell are made only to the local computer that has the Edge Transport server role installed. If you have multiple instances of the Edge Transport server role running in your organization, you must apply attachment filter configuration changes to each computer.|
Enabling Attachment Filtering
By default, the Attachment Filter agent is enabled on the computer that has the Edge Transport server role installed. To determine whether the Attachment Filter agent is enabled, run the Get-TransportAgent cmdlet. For more information, see Get-TransportAgent.
To enable the Attachment Filter agent if it is not
enabled, run the following command:
-Identity "Attachment Filtering agent"
For more information about the Enable-TransportAgent cmdlet, see Enable-TransportAgent.
Configuring Attachment Filtering by MIME Type or File Name
As mentioned earlier in this topic, you can configure an attachment filter entry to filter attachments by attachment content type or by attachment file name.
- MIME content types MIME content types
indicate the attachment type, whether it is a JPEG image, an
executable file, a Microsoft Office Excel 2003 file,
or another file type. E-mail attachments are encoded in e-mail
messages as ASCII text. E-mail servers and clients use the MIME
content type information to decode the ASCII text information in an
e-mail message and convert it into a usable binary file that is
familiar to the user. Content types are expressed as
type/subtype. For example, the JPEG image content type is expressed as
For more information about MIME content types, see Request for Comments (RFC) 1341.
Note: The third-party Web site information in this topic is provided to help you find the technical information you need. The URLs are subject to change without notice.
- File names You can specify attachment
file names in the attachment filter lists with an exact file name,
such as BadFilename.exe. Alternatively, you can specify any file
name with a certain extension if you replace the part of file name
that is to the left of the period with a wildcard character. An
example how you can use a wildcard character in a file name is
Before you add a new attachment filter entry, you must determine whether you want to filter by MIME content type or by file name. Your choice of attachment filter type depends on your business needs and policies.
Adding a New Attachment Filter Entry
Exchange 2007 lets you configure multiple attachment filters on each Edge Transport server. If you have more than one Edge Transport server that accepts e-mail that you want to filter, you must configure the same attachment filter on each Edge Transport server.
To add a new attachment filter that filters e-mail attachments that have a specific MIME content type, use the following command:
Add-AttachmentFilterEntry -Name <MIMEContentType> -Type ContentType
For example, if you want to filter all JPEG images by using an attachment filter, run the following command on each Edge Transport server:
Add-AttachmentFilterEntry -Name image/jpeg -Type ContentType
To add a new attachment filter that filters e-mail attachments based on a file name or file name extension, run the following command:
Add-AttachmentFilterEntry -Name <FileName> -Type FileName
For example, if you want to filter all e-mail attachments that have the file name extension EXE, run the following command:
Add-AttachmentFilterEntry -Name *.EXE -Type FileName
|If you want to filter e-mail attachments that have a specific
file name, you can specify that file name in the Name
parameter when you specify the
Configuring Attachment Filtering Behavior
You configure attachment filtering for each Edge Transport server role. All attachment filter entries that run on an Edge Transport server role use the same attachment filtering behavior. The following parameters are available on each Edge Transport server role to configure attachment filtering behavior:
- RejectResponse This parameter specifies
the string response that is included in the non-delivery report
(NDR) message if an e-mail message that has a filtered e-mail
attachment is returned to the sender.
- Action This parameter specifies how
attachment filtering handles an attachment that matches an
attachment filter entry. The default value is
Strip. Valid values include the following values:
- Reject Use this value to prevent both
the e-mail message and attachment from being delivered to the
recipient and to issue a NDR failure message to the sender.
- Strip Use this value to remove the
attachment from the e-mail message. This value allows the message
and other attachments that do not match an entry on the attachment
block list to be delivered to the recipient. A notification that
the attachment was blocked is added to the e-mail message.
- SilentDelete Use this value to prevent
both the e-mail message and attachment from being delivered to the
recipient. A notification that the e-mail message and attachment
were blocked is not returned to the sender.
- Reject Use this value to prevent both the e-mail message and attachment from being delivered to the recipient and to issue a NDR failure message to the sender.
To configure attachment filtering on an Edge Transport server role, use the Set-AttachmentFilterListConfig cmdlet. For example, the following command configures the RejectResponse parameter:
Set-AttachmentFilterListConfig -Action -Reject -RejectResponse "The attachment you included in your e-mail message was not allowed. Your e-mail message cannot be delivered. Please remove the e-mail attachment, and send your message again."
Before You Begin
To perform this procedure on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.
To configure attachment filtering
Run the following command to create a new attachment filter entry:
Run the following command to configure the behavior of attachment filter entries on a specific Edge Transport server role:
For detailed syntax and parameter information for these commands, see the following topics: