Content filtering can be used for more than just
identifying the content of messages in reviewing whether content is
considered spam or whether the content is appropriate for the users of
an organization. The content filtering function can be used to delete,
reject, or quarantine messages based on an SCL rating where the
fine-tuning of the SCL helps keep unwanted messages out of the
organization’s email system, yet minimizes the potential of false
positives where messages are deleted or quarantined even when they are
being sent by legitimate senders. This section covers the fine-tuning of
content filtering on an Edge Transport server.
Configuring
Content Filtering Actions
Several options are
available in the Content Filter properties that can be configured. The
following goes through the configuration options and notes what the
various settings do. To configure content filtering, do the following:
1. | In the Content Filter Properties window, select the
Action tab.
|
2. | Check the
Delete Messages That Have an SCL Rating Larger or Equal To option, and
set the threshold appropriately. All messages with the respective SCL
are deleted.
|
3. | Check the
Reject Messages That Have an SCL Rating Larger or Equal To option, and
set the threshold appropriately. All messages with the respective SCL
are rejected.
|
4. | Check the
Quarantine Messages That Have an SCL Rating Larger or Equal To option,
and set the threshold appropriately. All messages with the respective
SCL are quarantined.
Note
A
quarantine mailbox must first be defined. A prompt appears if it is not
and the action cannot be enabled.
|
5. | To disable
an action, uncheck the box next to it.
|
6. | To change the corresponding SCL threshold of an action,
either enter a new number in the box or use the up/down arrows to
change the value.
|
7. | Click
Apply to save your changes or OK to save changes and close the Content
Filter.
|
Using the Exchange
Management Shell to Configure Content Filtering
Content filtering
can also be configured through the Exchange Management Shell. Each shell
command has its own parameters you can set based on the action(s)
performed by the command. There are four commands: Get, Add,
Remove, and Set. Each command works with one or more
content-filtering components.
The Get-
command is used to retrieve the configuration of a component. For
example, entering Get-ContentFilterConfig
displays the Content Filter configuration on the local system.
The Add-ContentFilterPhrase command can be used to add an acceptable or
unacceptable word or phrase to the filter. The following example adds an
unacceptable phrase:
Add-ContentFilterPhrase -Phrase "this is unacceptable" -Influence BadWord
The Remove-ContentFilterPhrase command can be used to remove a blocked or allowed
keyword or phrase. The following example removes an unacceptable
phrase:
Remove-ContentFilterPhrase -Identity "this is unacceptable"
Note
When replacing the
<String> option with a phrase, the phrase must be enclosed with
quotation marks and the phrase must be “influenced” so it gets added to
the correct list.
The Set command allows an administrator to enable
or disable the agent and modify the configuration of the content filter
components. The following example enables the Content Filtering Agent on
email received on External SMTP connections, bypasses scanning of one
domain, enables Outlook 2007 postmark validation, sets the spam
quarantine mailbox, and assigns the thresholds for the different
actions.
Set-ContentFilterConfig -BypassedSenderDomains Microsoft.com -Enabled $true -ExternalMailEnabled $true -OutlookEmailPostmarkValidationEnabled $true
-QuarantineMailbox [email protected] -SCLDeleteEnabled $true -SCLDeleteThreshold 7 -SCLQuarantineEnabled $true -SCLQuarantineThreshold 4] -SCLRejectEnabled $false
Configuring Puzzle
Validation for Content Filtering
Puzzle validation in Exchange Server 2010
works in conjunction with the Outlook 2007 Email Postmark validation
feature to lower the SCL of a message that was sent using the Outlook
2007 client. This helps reduce false positives in email messages
exchanged between organizations running exclusively in Exchange Server
2010 and Outlook 2007 messaging environments. Postmark validation is
disabled by default.
Note
Puzzle validation
can only be configured using the Set-ContentFilterConfig
Exchange Management Shell command.
When Email Postmark
validation is configured for Outlook 2007 clients, and those clients
send an email message, a presolved computational puzzle is inserted into
the message that an Exchange 2010 server running the Content Filtering
Agent with Puzzle Validation enabled will be able to “solve.” If the
message was marked as spam, but contains an Outlook 2007 Postmark
Validation stamp and the Content Filtering Agent was able to
successfully resolve the inserted “puzzle,” then the SCL of the message
will be lowered because the sender’s software has technically been
validated, making the message unlikely to be spam. If the message
contains an invalid Email Postmark validation header or no Email
Postmark validation at all, the SCL will remain unchanged.
To enable or
disable Puzzle Validation and Outlook 2007 Email Postmark validation,
run the following command in the Exchange Management Shell:
Set-ContentFilterConfig -OutlookEmailPostmarkValidationEnabled <$true | $false>
where $true enables puzzle validation
and $false disables puzzle validation.
