5. Enabling Anti-Spam Features
By default, Edge Transport servers have anti-spam
features enabled and Hub Transport servers do not. In an Exchange
organization with Edge Transport servers, this is the desired
configuration: you want your Edge Transport servers to run anti-spam
filters on messages before they are routed into the Exchange
organization. After Edge Transport servers have filtered messages, you
don't need to filter them again—which is why Hub Transport servers have
this feature disabled.
If your organization doesn't use Edge Transport servers and has only Hub Transport servers, you should enable the anti-spam
features on Hub Transport servers that receive messages from the
Internet. In this way, you can filter incoming messages for spam. You
can enable or disable anti-spam
features on Hub Transport servers using the Set-TransportServer cmdlet.
To enable these features, set the –AntispamAgentsEnabled parameter to
$true. To disable these features, set the –AntispamAgentsEnabled
parameter to $false.
The following example shows how you can enable anti-spam features on a Hub Transport server named CorpSvr127:
Set-TransportServer -Identity 'CorpSvr127' -AntispamAgentsEnabled $true
You then need to restart the Microsoft Exchange Transport service on
the server. If you exit and restart the Exchange Management Console,
you'll then see the Antispam tab in the details pane. (Expand the
Server Configuration node, and then select the Hub Transport node.)
When you turn on anti-spam features, a
transport server can automatically get updates for spam signatures, IP
reputation, and anti-spam definitions through automatic updates, provided that you've done the following:
-
Conformed to Microsoft's licensing requirements
-
Enabled Automatic Updates for use on the server
-
Specifically enabled and configured anti-spam updates
To obtain anti-spam updates through automatic updates, Microsoft
requires an Exchange Enterprise Client Access License (CAL) for each
mailbox user or the purchase of Microsoft Forefront Protection for
Exchange Server 2010. You can configure automatic updates by using the
Windows Update utility in Control Panel. Click Start, click Control
Panel\Security, and then click Windows Update to start this utility.
You can also configure Automatic Updates through Group Policy. After
you've ensured that automatic updates are enabled, you can check a
transport server's anti-spam update configuration by completing the
following steps:
-
Start the Exchange Management Console. On an Edge Transport server,
select Edge Transport. On a Hub Transport server, expand the Server
Configuration node, and then select the Hub Transport node.
-
Right-click the transport server for which you are configuring
anti-spam updates and then select Enable Anti-Spam Updates. This starts
the Enable Anti-Spam Updates Wizard, shown in Figure 2.
-
Under Update Mode, select Automatic to ensure the server automatically retrieves and applies available updates.
-
Generally, you'll want a server to retrieve updates for both spam
signatures and IP reputation. However, if you don't use IP allow or
block lists or other features that use IP reputation details, you might
not want to retrieve this information.
-
The wizard enables the server to download and install anti-spam definition updates using Microsoft Update.
-
Click Enable and then click Finish.
In the Exchange Management Shell, you can use the
Get-AntispamUpdates, Enable-AntispamUpdates, and
Disable-AntispamUpdates cmdlets to view settings or enable or disable
anti-spam updates.
