Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Implementing Edge Services for an Exchange 2010 Environment : Using Content Filtering to Isolate Inappropriate Content

- Windows 10 Product Activation Keys Free 2019 (All Versions)
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
3/21/2011 5:48:18 PM
Content filtering is not only effective for eliminating spam, but it can also be beneficial for identifying messages containing content deemed unacceptable to the organization, such as sexually derogatory remarks or racial slurs. The content filter processes messages that are routed through the Receive Connector on the Edge Transport server. The Content Filtering Agent is enabled by default and can be configured using the Exchange Management Console or Exchange Management Shell.

Note

Changes described in this section are applied only to the local system. This is important if you have more than one Edge Transport server in your environment.


To disable the Content Filtering Agent using the Exchange Management Console, right-click the agent icon in the action pane and select Disable. To disable the Content Filtering Agent using the Exchange Management Shell, run the set-ContentFilterConfig command with the -Enabled $false parameter:

For example "set-ContentFilterConfig -Enabled $false"

The General tab of the Agent Properties window displays a brief description of the agent and its capabilities, its current status, and the last time the agent’s settings were modified.

The content filter in Exchange Server 2010 builds on the Intelligent Message Filter technology that Microsoft developed and included in Exchange Server 2003. The Intelligent Message filtering technology, a proprietary message–analyzing filter developed by Microsoft, “learns” which messages are spam and legitimate by analyzing the characteristics contained in both. This filter is updated periodically through Microsoft Software Update Services.

After message analysis has occurred, the content filter assigns an overall score to the message that corresponds with an action you choose based on the needs of the organization. For example, all messages scoring an 8 or higher might be deleted, whereas any message scoring a 3 or lower might be delivered. This message score is often referred to as the SCL. Messages are assigned a score ranging from 0–9, with 9 being the “most confident” score that the message is spam.

The content filter can leverage the end user’s Safe Recipients List, Safe Senders List, or trusted contacts list in Outlook (2003 or later) by enabling Safelist Aggregation. Safelist Aggregation uses the entries inside of Outlook to help populate the list of legitimate senders so they can be safely bypassed by the Content Filtering Agent.

To begin configuring content filtering, launch the Exchange Management Console, and double-click the Content Filtering Agent in the action pane. From here, you can customize the Custom Words list to block and allow certain words or phrases, add recipients to the exclusions list to exempt them from content filtering, and configure the actions to take on messages based on the messages’ SCL. Some of these items are not available through the Exchange Management Console and can only be configured through the Exchange Management Shell.

The basic function of configuring the content filter on an Edge Transport server is performed as follows:

1.
Enable the Content Filtering Agent (default is enabled).

2.
Designate and specify a quarantine mailbox for captured messages.

3.
Enable and configure SCL thresholds and actions.

4.
Enable or disable puzzle validation.

5.
Specify recipient and sender exceptions.

6.
Configure Allow phrases and Block phrases.

7.
Set the rejection response.

These functions are covered in the balance of this section.

Configuring the Quarantine Mailbox for Captured Messages

Before configuring other content-filtering components, it is advised that you first configure the mailbox that will store messages on which an action of “quarantine” was taken. This action is based on the corresponding SCL for the Quarantine Messages That Have an SCL Rating Larger or Equal To setting in the Exchange Management Console, or the SCLQuarantineEnabled and SCLQuarantineThreshold parameters of the Set-ContentFilterConfig Exchange Management Shell command.

To configure a mailbox for content filtering, complete the following steps:

1.
Create a user account with a mailbox in Active Directory if the quarantine mailbox will reside on your internal Exchange servers.

2.
To configure the mailbox using the Exchange Management Console, select the Action tab of the Content Filter and enter the email address of the mailbox.

3.
To configure the mailbox using the Exchange Management Shell, run the Set-ContentFilterConfig with the –QuarantineMailbox parameter.

Then run the Exchange Management Console.

4.
In the Content Filtering Properties window, select the Custom Words tab.

5.
Enter the word or phrase you want to allow in the Messages Containing These Words or Phrases Will Not Be Blocked field. Email messages containing these entries will always be allowed to bypass content filtering.

6.
Click Add to include the new entry.

7.
To remove an entry, highlight it, and click the Delete button.

8.
Click Apply to save your changes or OK to save changes and close the Content Filter dialog box.

Configuring Spam Quarantine

The spam quarantine holds messages that meet or exceed the SCL threshold set in the Content Filtering Agent on the Edge Transport server. Messages marked for quarantine are sent to a quarantine mailbox where they can be reviewed and delivered, if necessary. Administrators who need to resend a quarantined message can use the Send Again feature of Outlook.

For messages to be quarantined, an Active Directory user and corresponding mailbox must exist, solely for this purpose. If you are running multiple Edge Transport servers, you might consider having one spam quarantine mailbox per server. Although this might increase the amount of effort needed to find captured messages, it decreases the load expected of one mailbox server. This can also help with troubleshooting configuration differences between Edge Transport servers. Depending on the size of the organization and the amount of Internet email received, the spam quarantine can grow substantially.

Tip

It is recommended to dedicate an Exchange Server database to the spam quarantine mailbox, configure an email retention policy or recipient policy to restrict the mailbox size, and set the duration for how long quarantined messages should be retained.


After a mailbox has been created for the use of quarantining spam messages, the spam quarantine mailbox must be specified on the Edge Transport server. The spam quarantine mailbox can only be specified on an Edge Transport server using the Set-ContentFilterConfig command with the QuarantineMailbox parameter.

Set-ContentFilterConfig –QuarantineMailbox anti-spam@companyabc.com

Configuring the Allowed Keyword or Phrases List

Content filtering varies from organization to organization, so Exchange Server 2010 Edge Services has exceptions to allow for keywords or phrases to not cause a message to be filtered or blocked. This is commonly used in the medical profession where the reference to certain drugs, body parts, or human activities is part of the field of business, whereas in other organizations, those references are commonly used in unwanted or unsolicited email messages.

To configure the Exchange Server 2010 Edge Transport server to allow keywords or key phrases, do the following from within the Exchange Management Console:

1.
Select the Custom Words tab.

2.
Enter the word or phrase you want to allow in the Messages Containing These Words or Phrases Will Not Be Blocked field. Email messages containing these entries will always be allowed to bypass content filtering.

3.
Click Add to include the new entry.

4.
To remove an entry, highlight it, and click the Delete button.

5.
Click Apply to save your changes or OK to save changes and close the Content Filter dialog box.

Note

Messages containing an allowed word or phrase are given an SCL score of 0.


Configuring Keyword or Phrases List to Block Messages

The second section of the Custom Words tab allows you to define words or phrases in messages that should be blocked. There are two exceptions to this: use of the allowed word or phrase list and the exclusions list. Entries in this section result in the message being blocked, unless the word or phrase appears in the Messages Containing These Words or Phrases Will Not Be Blocked section or the recipient’s email address is listed in the exclusions list.

For example, your organization might have an email policy that states any message containing racial slurs or derogatory terms should be blocked unless the message is sent to or from the organization’s attorneys and senior management. To accomplish this, you would use the Block Messages Containing These Words or Phrases section to include the racially discriminatory language, the Messages Containing These Words or Phrases Will Not Be Blocked section could contain the lawyers’ names, office names, addresses, and so forth of the law firm the attorneys work for, and the Exceptions tab would hold the email addresses of the company’s executive staff. This would ensure any message not deemed appropriate would be blocked unless it contained information about the company’s lawyers or were sent or copied to one of the organization’s executives.

To configure blocked keywords or phrases, from within the Exchange Management Console, do the following:

1.
Select the Custom Words tab.

2.
Enter the word or phrase you want to block in the Block Messages Containing These Words or Phrases field. Email messages containing these entries will always be blocked unless they contain a word or phrase that is included in the allow list or are sent to recipients included in the Exceptions tab.

3.
Click Add button to include the new entry.

4.
To remove an entry, highlight it, and click the Delete button.

5.
Click Apply to save your changes or OK to save changes and close the Content Filter dialog box.

Note

Messages containing a blocked word or phrase are given an SCL score of 9.


As a recommendation from experience, get creative but, be precise! In the previous example scenario, you could request the law firm to insert a particular code or phrase in messages sent to your company. This makes the message easier for your company to identify and entries in your content filter lists easier to manage, and increases the reliability of content filtering overall. Avoid entering words and phrases that are arbitrary. Instead choose keywords and phrases specific to why you are blocking the message and that won’t be mistakenly identified in legitimate messages. This reduces the amount of false positives and processing power needed by the content filter.

Configuring the Exceptions List

The next item in the Content Filter Properties window is the Exceptions tab. The Exceptions tab is used to define email addresses for those you do not want to filter their messages by content. For example, a company might include the human resources’, attorneys’, or system administrator’s mailbox because they might need to view these messages to fulfill the duties of their jobs, whereas the same is not true for the rest of the organization’s employees. To configure exceptions, within the Exchange Management Console, do the following:

1.
In the Content Filter Properties window, select the Exceptions tab.

2.
In the Don’t Filter Messages Sent to the Following Recipients field, enter the full email address of the account.

3.
Click Add to include the entry in the list.

4.
To remove an entry, highlight it, and click the Delete button.

5.
To edit the email address of an entry, highlight it, and click the Edit button.

6.
Click Apply to save your changes or OK to save changes and close the Content Filter.

Note

The exception list is restricted to a maximum of 100 entries.


Setting the Action Tab of the Content Filtering Agent

The last tab of the Content Filtering Agent is the Action tab. The Action tab stores the configuration for what actions should be taken on a message based on the calculated SCL. The SCL can range from 0 to 9; 9 designates a high confidence level that the message is spam or contains a match to a block list, and 0 designates a high confidence level the message is valid or contains a match to an allowed list.

In the Content Filtering Agent, an action of Delete takes priority over the action of Reject, which takes priority over the action of Quarantine. For example, when all three actions are enabled with a threshold of Delete if SCL is 8 or higher, Reject if SCL is 6 or higher, and Quarantine if 4 or higher, a message with an SCL of 9 would get deleted even though it technically is higher than the other thresholds, and a message with an SCL of 5 would get quarantined. This hierarchy is by design. At least one but not all actions need to be enabled to use content filtering.

Other -----------------
- Implementing Edge Services for an Exchange 2010 Environment : Utilizing SenderID on an Edge Transport Server
- Implementing Edge Services for an Exchange 2010 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange 2010 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Exchange Server 2010 : Installing and Configuring the Edge Transport Server Components
- Installing Exchange Server 2010
- Preparing Your Environment for Exchange Server 2010
- Windows Server 2008 R2 : DirectAccess Scenario (part 6) - Monitoring the DirectAccess Server
- Windows Server 2008 R2 : DirectAccess Scenario (part 5) - Testing DirectAccess
- Windows Server 2008 R2 : DirectAccess Scenario (part 4) - Configuring DirectAccess Feature
- Windows Server 2008 R2 : DirectAccess Scenario (part 3) - Certificate Autoenrollment & IP-HTTP Certificate
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
Celebrity Style, Fashion Trends, Beauty and Makeup Tips.
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server