Content filtering can be used for more than
just identifying the content of messages in reviewing whether content
is considered spam or whether the content is appropriate for the users
of an organization. The content filtering function can be used to
delete, reject, or quarantine messages based on an SCL rating where the
fine-tuning of the SCL helps keep unwanted messages out of the
organization’s email system, yet minimizes the potential of false
positives where messages are deleted or quarantined even when they are
being sent by legitimate senders. This section covers the fine-tuning
of content filtering on an Edge Transport server.
Configuring Content Filtering Actions
Several
options are available in the Content Filter properties that can be
configured. The following goes through the configuration options and
notes what the various settings do. To configure content filtering, do
the following:
1. | In the Content Filter Properties window, select the Action tab.
|
2. | Check
the Delete Messages That Have an SCL Rating Larger or Equal To option,
and set the threshold appropriately. All messages with the respective
SCL are deleted.
|
3. | Check
the Reject Messages That Have an SCL Rating Larger or Equal To option,
and set the threshold appropriately. All messages with the respective
SCL are rejected.
|
4. | Check
the Quarantine Messages That Have an SCL Rating Larger or Equal To
option, and set the threshold appropriately. All messages with the
respective SCL are quarantined.
Note
A quarantine mailbox must first be defined. A prompt appears if it is not and the action cannot be enabled.
|
5. | To disable an action, uncheck the box next to it.
|
6. | To
change the corresponding SCL threshold of an action, either enter a new
number in the box or use the up/down arrows to change the value.
|
7. | Click Apply to save your changes or OK to save changes and close the Content Filter.
|
Using the Exchange Management Shell to Configure Content Filtering
Content
filtering can also be configured through the Exchange Management Shell.
Each shell command has its own parameters you can set based on the
action(s) performed by the command. There are four commands: Get, Add, Remove, and Set. Each command works with one or more content filtering components.
The Get- command is used to retrieve the configuration of a component. For example, entering Get-ContentFilterConfig displays the Content Filter configuration on the local system.
The Add-ContentFilterPhrase
command can be used to add an acceptable or unacceptable word or phrase
to the filter. The following example adds an unacceptable phrase.
Add-ContentFilterPhrase -Phrase "this is unacceptable" -Influence BadWord
The Remove-ContentFilterPhrase command can be used to remove a blocked or allowed keyword or phrase. The following example removes an unacceptable phrase.
Remove-ContentFilterPhrase -Identity "this is unacceptable"
Note
When replacing the <String>
option with a phrase, the phrase must be enclosed with quotation marks
and the phrase must be “influenced” so it gets added to the correct
list.
The Set
command allows an administrator to enable or disable the agent and
modify the configuration of the content filter components. The
following example enables the Content Filtering Agent on email received
on External SMTP connections, bypasses scanning of one domain, enables
Outlook 2007 postmark validation, sets the spam quarantine mailbox, and
assigns the thresholds for the different actions.
Set-ContentFilterConfig -BypassedSenderDomains Microsoft.com -Enabled $true -ExternalMailEnabled $true
-OutlookEmailPostmarkValidationEnabled $true -QuarantineMailbox [email protected] -SCLDeleteEnabled $true
-SCLDeleteThreshold 7 -SCLQuarantineEnabled $true -SCLQuarantineThreshold 4] -SCLRejectEnabled $false
Configuring Puzzle Validation for Content Filtering
Puzzle
validation in Exchange 2007 works in conjunction with the Outlook 2007
Email Postmark validation feature to lower the SCL of a message—if the
message was detected as spam. This helps reduce false positives in
email messages exchanged between organizations running exclusively in
Exchange 2007 and Outlook 2007 messaging environments. Postmark
validation is disabled by default.
Note
Puzzle validation can only be configured using the Set-ContentFilterConfig Exchange Management Shell command.
When
Email Postmark validation is configured for Outlook 2007 clients, and
those clients send an email message, a presolved computational puzzle
that an Exchange 2007 server running the Content Filtering Agent with
Puzzle Validation enabled will be able to “solve.” If the message was
marked as spam, but contains an Outlook 2007 Postmark Validation stamp
and the Content Filtering Agent was able to successfully resolve the
inserted “puzzle,” then the SCL of the message will be lowered because
the sender has technically been validated making the message unlikely
to be spam. If the message contains an invalid Email Postmark
validation header or no Email Postmark validation at all, the SCL will
remain unchanged.
To enable or disable
Puzzle Validation and Outlook 2007 Email Postmark validation, run the
following command in the Exchange Management Shell:
Set-ContentFilterConfig [-OutlookEmailPostmarkValidationEnabled <$true | $false>
