Microsoft Exchange Server

установка настройка администрирование

Microsoft Exchange server. Статьи Exchange 2010

Exchange анти-спам. Миф развеян.

Exchange anti-spam myths revealed


In Microsoft CSS (Customer Service and Support) we deal with many anti-spam and email security questions. While the anti-spam features that come out of the box with Exchange 2007 provide a robust level of protection against unwanted garbage in your inbox, there is still a lot of confusion out there as to how all the parts work together. The purpose of this post is to dispel some misconceptions about the E2007 AS features (where applicable differences introduced in Exchange 2010 will be pointed out as well). I present you the top 6 SMTP anti-spam myths - revealed! (drum roll)



Myth 1: Creating a hub transport rule to set the SCL will affect the behavior of SCLDeleteThreshold and SCLRejectThreshold.

This myth applies particularly to the case of Hub server role with anti-spam agents installed. While it is fine to install the anti-spam agents on a hub transport server, expecting that a hub transport rule with "set the spam confidence level to value" action will influence the content filter delete/reject/quarantine is false.

  • This is a misconception due to where in the transport pipeline the content filter agent (which does the actual deleting/rejecting) fires. If we run Get-TransportPipeline we will see that the content filter agent fires at OnEndOfData (EOD) while the transport rules fire during the OnRouted stage.

Since the Transport Rule Agent fires after the Content Filter Agent (CFA) anything the rule action does will have no effect on CFA behavior.

Conversely while this would work on an Edge server anti-spam solution due to the location in the pipeline where the Edge rule fires this actually leads me to Myth 1b.

Myth 1b: Setting an edge rule to inspect SCL value that the content filter sets will work out of the box.

Unlike Hub Transport Rules Agent, Edge Transport Rules Agent fires BEFORE the content filter.

So if we leave the default settings with Edge rules firing first we have nothing to inspect or act on since the CFA has not gotten the message yet.

Your best bet for using rules that operate in conjunction with content filtering is to run content filtering on an Edge role and the Transport Rules on the Hub role.


Вы здесь: Главная Exchange 2010 Exchange анти-спам. Миф развеян.