Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

Attachment filtering can block attachments from entering the Microsoft Exchange Server 2010 organization by attachment content type or by attachment file name. How the attachments are processed depends on how attachment filtering is configured.

Important:
Configuration changes that you make to attachment filtering by using the Shell are made only to the local computer that has the Edge Transport server role installed. If you have multiple instances of the Edge Transport server role running in your organization, you must apply attachment filter configuration changes to each computer.

You can configure an attachment filter entry to filter attachments by attachment content type or by attachment file name. Before you add an attachment filter entry, you must determine whether you want to filter by MIME content type or by file name. Your choice of attachment filter type depends on your business needs and policies. For more information, see Understanding Attachment Filtering.

Looking for other management tasks related to anti-spam and antivirus features? Check out Managing Anti-Spam and Antivirus Features.

Use the Shell to enable the Attachment Filter agent

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Transport agents" entry in the Transport Permissions topic.

Note:
You can't use the EMC to enable the Attachment Filter agent.

By default, the Attachment Filter agent is enabled on the computer that has the Edge Transport server role installed.

This example enables the Attachment Filter agent if it isn't enabled.

Copy Code
Enable-TransportAgent -Identity "Attachment Filter agent"

For detailed syntax and parameter information, see Enable-TransportAgent.

Use the Shell to add an attachment filter entry

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Anti-spam features" entry in the Transport Permissions topic.

Note:
You can't use the EMC to add an attachment filter entry.

With Exchange 2010, you can configure multiple attachment filters on each Edge Transport server.

To add an attachment filter that filters e-mail attachments that have a specific MIME content type, use the following syntax.

Copy Code
Add-AttachmentFilterEntry -Name <MIMEContentType> -Type ContentType

This example filters all JPEG images by using an attachment filter. Note that you must run the following command on each Edge Transport server.

Copy Code
Add-AttachmentFilterEntry -Name image/jpeg -Type ContentType

To add an attachment filter that filters e-mail attachments based on a file name or file name extension, use the following syntax.

Copy Code
Add-AttachmentFilterEntry -Name <FileName> -Type FileName

This example filters all e-mail attachments that have the file name extension EXE.

Copy Code
Add-AttachmentFilterEntry -Name *.EXE -Type FileName

For detailed syntax and parameter information, see Add-AttachmentFilterEntry.

Use the Shell to configure attachment filtering behavior

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Anti-spam features" entry in the Transport Permissions topic.

Note:
You can't use the EMC to configure attachment filtering behavior.

To configure attachment filtering on an Edge Transport server role, use the Set-AttachmentFilterListConfig cmdlet. This example makes the following configuration changes to the Attachment Filter agent.

  • Sets the Attachment Filter agent to reject messages that have prohibited attachments.

  • Configures a custom response for rejected messages.

Copy Code
Set-AttachmentFilterListConfig -Action -Reject -RejectResponse "The attachment you included in your e-mail message was not allowed. Your e-mail message cannot be delivered. Please remove the e-mail attachment, and send your message again."

For detailed syntax and parameter information, see Set-AttachmentFilterListConfig.