Hi all, I want to raise three issues I'm having in my system. I have Exchange 2007 SP1 with Windows 2003 R2. 1. The Spam Content Filter block some real messages, even though I put SCL very low (3). I put their Mail IP Address to IP Allow List, but it doesn't seem to work.Is there any possibility to exclude scanning based on sender email address. 2. When I give a user SendAs, or Full access, I can have access immediately, but when I want to send on behalf, it takes at least 24 hours to work. I there any way speed it up, or something is wrong with my system. 3. When I create a Dynamic Distribution Group, and I put a condition to include only Users with Exchange mailboxes, and when I check in Preview, everything seems OK, only users that has to be there are shown, but when we send email to that group, it goes to external users (contacts) as well. Your help is highly appreciated.

Hi, 1)change this to 7 or 8, you now will block all messages with a SCL of 3 or higher which is very low. 2)try to force replicate the AD maybe this solves the issue 3)try the following command in Powershell and check this gives the correct output: Get-DistributionGroup -Identity "Distribution Group1" | Format-List Regards, Johan visit my site: www.johanveldhuis.nl

Hi, For #1 SCL settings: Please understand that SCL delete threshold, SCL reject threshold, SCL quarantine threshold, SCL Junk E-mail folder threshold. if you set the SCL delete threshold to 8, the SCL reject threshold to 7, the SCL quarantine threshold to 6, and the SCL Junk E-mail folder threshold to 5, all e-mail with an SCL of 5 or lower will be delivered to the user's Inbox. We recommend that you set the organization-wide SCL thresholds on the content filter configuration on the Edge Transport server. If you run anti-spam agents on the Hub Transport server, set the organization-wide SCL thresholds on the Hub Transport server. Adjusting the Spam Confidence Level Threshold http://technet.microsoft.com/en-us/library/aa995744(EXCHG.80).aspx For #2 Send on behalf settings: Please try to use the below cmdlt to add send as to permission. Add-ADPermission main_user user alt_user AccessRights extendedright ExtendedRight send-as Add-ADPermission http://technet.microsoft.com/en-us/library/bb124403(EXCHG.80).aspx http://www.exchangeninjas.com/allaboutadpermissiontasks If theres several dc in your environment,it may need time to do dc replication. For #3 dynamic distribution group: Please follow the below article to check the member of dynamic distribution group. How to View Members of a Dynamic Distribution Group http://technet.microsoft.com/en-us/library/bb232019(EXCHG.80).aspx cmdlt example: $MarketingDepartment = Get-DynamicDistributionGroup -Identity "Marketing Department" Get-Recipient -Filter $MarketingDepartment.RecipientFilter How to Create a New Dynamic Distribution Group http://technet.microsoft.com/en-us/library/aa996561(EXCHG.80).aspx Hope it helps. Xiu

Thank you forreplies, 1. I realized my mistake of putting SCL that low, however is there any possiblity to exclude spam scanning based on sender mail address. 2. I have a DC in a different site, but replication doesn't take that long to there. I tried even forcing replication, but doesn't speed up. Can it be problem of resource consumption of Exchange Server, and it needs that long time to act, or... 3. If I check members, in Condition /Preview, it is fine, but when we send mail out, it works differently. Just to add that it happens when I use a Dynamic Distribution Group to send to all oraganization, it has to include all domain, as a Organizational Unit, exampledomain.com, but when I add an OU example IT, and I have external contacts there, it works just fine. Can it be problem including all domain as a OU?...

Hi, #1. Anti spam has a lot of agent. Recipient Filter agent, Sender Filter agent, sender ID Filter, Sender Reputation etc. If you do not want to filter sender email address, then you can select not to enable these agent. Besides, if you just do not want to scan some sender, then you can also specify senders and sender domains that you do not want to be filtered by the Content Filter agent. Managing Anti-Spam and Antivirus Features http://technet.microsoft.com/en-us/library/aa996604(EXCHG.80).aspx #2. Please refer to the below article: Mailbox Size Limits Are Not Enforced in a Reasonable Period of Time http://technet.microsoft.com/en-us/library/bb684892.aspx #3. A dynamic distribution group includes any recipient in the ActiveDirectorydirectory service with attributes that match its filter. Please confirm that external Contact is not the mailbox in your network. Besides, please decrease the recipient scope if your organization is very big so that you can accurately obtain what you need. Hope it helps. Xiu

Thank you again for reply. 1. I didn't know that exceptions works both for Sender and Recipients (since it writes Do not filter content in messages addressed to the following recipients). Thank you for the link, it is now clear to me. 2. It tells update after2 hours time, but I have more than 24 hours. I don't know whether memory usage can cause this delays (I didn't limit memory usage, so it is using as per MS recommendation). 3. All contacts in question are External Contacts, ex. when I create one, Mail Contact /New Mail Contact.... and... user@gmail.com.

Hi, Yes. By default, Exchange Server caches this information for a period of two hours (Mailbox Cache Age Limit is 120 minutes by default), after which it re-reads the information in Active Directory. You can restart Information Store service to quick refresh. Besides, you can override Mailbox Cache Age Limit registry value. Mailbox Cache Age Limit has been set http://technet.microsoft.com/en-us/library/aa998523(EXCHG.80).aspx For #3 I would like to know what is your scenario now. Exchange 2007 or Exchange 2003,one Exchange with several domains or just one domain one Exchange organization. A dynamic distribution group includes any recipient in Active Directory that has attributes that match the group's filter at the time a message is sent. When you create dynamic distribution group, please try to give proper organization unit, it could be yourdomian.com/users by default. I dont understand all domain in one OU. If possible, please try to use management shell with cmdlt to create the dynamic group. Understanding Recipients http://technet.microsoft.com/en-us/library/bb201680(EXCHG.80).aspx Hope it helps. Xiu

Just for follow-up 2. After installing updates, and restarting Mail Server, I tried to give SendAs permission to users, and try. It worked in matter of minutes (assuming needed time for replications between DCs). My assumption is (maybe wrong) resource consumption of Mail Server. I didn't do any memory optimization, it is using all available. 3. I couldn't afford to try send to all in organizations, since we have lot of external contacts, and some people would be unhappy for this to happen again. I reorganized AD OU creating top OU for all organization, including other departments in different sub-OU, and leaving external contacts out. I hope it'll work now without any problem.