Content filtering is not only effective for
eliminating spam, but it can also be beneficial for identifying
messages containing content deemed unacceptable to the organization,
such as sexually derogatory remarks or racial slurs. The content filter
processes messages that are routed through the
Receive Connector on the Edge Transport server. The Content Filtering
Agent is enabled by default and can be configured using the Exchange
Management Console or Exchange Management Shell.
Note
Changes
described in this section are applied only to the local system. This is
important if you have more than one Edge Transport server in your
environment.
To disable the
Content Filtering Agent using the Exchange Management Console,
right-click the agent icon in the action pane and select Disable. To
disable the Content Filtering Agent using the Exchange Management
Shell, run the set-ContentFilterConfig command with the -Enabled $false parameter.
For example "set-ContentFilterConfig -Enabled $false"
The General tab of the Agent
Properties window displays a brief description of the agent and its
capabilities, its current status, and the last time the agent’s
settings were modified.
The content filter
in Exchange 2007 builds on the Intelligent Message Filter technology
that Microsoft developed and included in Exchange 2003. The Intelligent
Message filtering technology, a proprietary message–analyzing filter
developed by Microsoft, “learns” which messages are spam and legitimate
by analyzing the characteristics contained in both. This filter is
updated periodically through Microsoft Software Update Services.
After
message analysis has occurred, the content filter assigns an overall
score to the message that corresponds with an action you choose based
on the needs of the organization. For example, all messages scoring an
8 or higher might be deleted while any message scoring a 3 or lower
might be delivered. This message score is often referred to as the SCL.
Messages are assigned a score ranging from 0–9, with 9 being the “most
confident” score that the message is spam.
The
content filter can leverage the end user’s Safe Recipients List, Safe
Senders List, or trusted contacts list in Outlook (2003 or later) by
enabling Safelist Aggregation. Safelist Aggregation uses the entries
inside of Outlook to help populate the list of legitimate senders so
they can be safely bypassed by the Content Filtering Agent.
To
begin configuring content filtering, launch the Exchange Management
Console, and double-click the Content Filtering Agent in the action
pane. From here, you can customize the Custom Words list to block and
allow certain words or phrases, add recipients to the exclusions list
to exempt them from content filtering, and configure the actions to
take on messages based on the messages’ SCL. Some of these items are
not available through the Exchange Management Console and can only be
configured through the Exchange Management Shell.
The basic function of configuring the content filter on an Edge Transport server is performed as follows:
1. | Enable the Content Filtering Agent (default is enabled).
|
2. | Designate and specify a quarantine mailbox for captured messages.
|
3. | Enable and configure SCL thresholds and actions.
|
4. | Enable or disable puzzle validation.
|
5. | Specify recipient and sender exceptions.
|
6. | Configure Allow phrases and Block phrases.
|
7. | Set the rejection response.
|
These functions are covered in the balance of this section.
1. Configuring the Quarantine Mailbox for Captured Messages
Before
configuring other content filtering components, it is advised that you
first configure the mailbox that will store messages on which an action
of “quarantine” was taken. This action is based on the corresponding
SCL for the Quarantine Messages That Have an SCL Rating Larger or Equal
To setting in the Exchange Management Console, or the SCLQuarantineEnabled and SCLQuarantineThreshold parameters of the Set-ContentFilterConfig Exchange Management Shell command.
Note
The quarantine mailbox can only be assigned to content filtering through the Exchange Management Shell.
To configure a mailbox for content filtering, complete the following steps:
1. | Create
a user account with a mailbox in Active Directory if the quarantine
mailbox will reside on your internal Exchange servers.
|
2. | Run the Set-ContentFilterConfig with the –QuarantineMailbox parameter.
|
3. | Then run the Exchange Management Console.
|
4. | Select the Custom Words tab.
|
5. | Enter
the word or phrase you want to allow in the Messages Containing These
Words or Phrases Will Not Be Blocked field. Email messages containing
these entries will always be allowed to bypass content filtering.
|
6. | Click Add to include the new entry.
|
7. | To remove an entry, highlight it, and click the Delete button.
|
8. | Click Apply to save your changes or OK to save changes and close the Content Filter dialog box.
|
2. Configuring Spam Quarantine
The
spam quarantine holds messages that meet or exceed the SCL threshold
set in the Content Filtering Agent on the Edge Transport server.
Messages marked for quarantine are sent to a quarantine mailbox where
they can be reviewed and delivered, if necessary. Administrators who
need to resend a quarantined message can use the Send Again feature of
Outlook.
For
messages to be quarantined, an Active Directory user and corresponding
mailbox must exist, solely for this purpose. If you are running
multiple Edge Transport servers, you might consider having one spam
quarantine mailbox per server. Although this might increase the amount
of effort needed to find captured messages, it decreases the load
expected of one Mailbox server. This can also help with troubleshooting
configuration differences between Edge Transport servers. Depending on
the size of the organization and the amount of Internet email received,
the spam quarantine can grow substantially.
Tip
It
is recommended to dedicate an Exchange database to the spam quarantine
mailbox, configure an email retention policy or recipient policy to
restrict the mailbox size, and set the duration for how long
quarantined messages should be retained.
After
a mailbox has been created for the use of quarantining spam messages,
the spam quarantine mailbox must be specified on the Edge Transport
server. The spam quarantine mailbox can only be specified on an Edge
Transport server using the Set-ContentFilterConfig command with the QuarantineMailbox parameter.
Set-ContentFilterConfig –QuarantineMailbox [email protected]
