Spam filtering??
Please excuse my ignorance on this as I've just inherited this configuration. Appears the client has one Edge, two CAS/HUBs, and a Mail server all running Exchange 2007 of course. I'm fairly new to this, but I'm just trying to figure out why
people aren't receiving emails from certain senders. The Edge server shows all Anti-spam filters to be Disabled. And their Junk Mail is turned off thru Outlook. So I assume it should be wide open then? And if a sender/domain is blocked
do the senders receive a rejection? Maybe I'm not looking in the correct place.
Thanks!!! :)
August 6th, 2010 5:17pm
Hi,
Have you checked your receive connectors.
Also check your MX records and PTR records.
I hope this will help you.
Regards.
Shafaquat Ali.M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2, Phone: +923008210320
Free Windows Admin Tool Kit Click here and download it now
August 6th, 2010 5:20pm
You need an NDR from the sender to confirm it is your server which is the cause of the problem.
Message tracking will show you if the email went through Exchange. It could also be an overaggressive antivirus filter.
If you aren't doing antispam on Edge, either native or third party, then I don't see the point in having it. Two HUB/CAS and a single mailbox server? Madness. I would use the Edge licence to build another mailbox server, spread the load. If you want something
in a DMZ, then a standard Windows 2003 machine with some third party tools will do the job a lot better than Exchange Edge.
Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
August 6th, 2010 7:34pm
No NDR was received by the sender. Yeah, that's how they have it configured. The mail server is the only physical, the rest are vm's.
Edge server shows:
Anti-spam - All filtering Disabled.
Receive Connectors - Default internal... all ip's etc.
Send Connectors, Transport Rules and Accepting Domains have no entries.
So.. I'm not sure if the Edge is doing anything. But of course it's registered as the edge transport on the mail server.
My main question is, given this configuration how am I to check and modify the blocked senders or blacklists/whitelists. I don't see anything anywhere.. except for the Anti-spam filter on Edge which is disabled. I can't confidently tell the users
this email address is being blocked by Outlook, Exchange, or even reaching Exchange in the first place.
Thanks!
Free Windows Admin Tool Kit Click here and download it now
August 6th, 2010 8:31pm
On Fri, 6 Aug 2010 17:31:47 +0000, AJ1100 wrote:
>
>
>No NDR was received by the sender. Yeah, that's how they have it configured. The mail server is the only physical, the rest are vm's.
>
>Edge server shows: Anti-spam - All filtering Disabled. Receive Connectors - Default internal... all ip's etc. Send Connectors, Transport Rules and Accepting Domains have no entries.
>
>So.. I'm not sure if the Edge is doing anything. But of course it's registered as the edge transport on the mail server.
>
>
>
>My main question is, given this configuration how am I to check and modify the blocked senders or blacklists/whitelists. I don't see anything anywhere.. except for the Anti-spam filter on Edge which is disabled. I can't confidently tell the users this
email address is being blocked by Outlook, Exchange, or even reaching Exchange in the first place.
The SMTP protocol logs will show you what happened. If the edge server
rejected the message (which it should not if, as you say, every
Anti-Spam agent is disabled) you'll see that. The log file on the HT
will show you if the message was delivered (and accepted) for
delivery. The message tracking logs will show you if the message was
delivered.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
August 7th, 2010 2:36am
Thanks Rich. Good call. We have SMTP relays and when searching those logs I see 20 or so emails from this sender. But when doing a message track on the HT's there are only showing 4 delivered. Kinda strange. Is there anywhere
else I can check. Or a way to directly see the whitelist/blacklist?
Free Windows Admin Tool Kit Click here and download it now
August 8th, 2010 6:50am
On Sun, 8 Aug 2010 03:50:00 +0000, AJ1100 wrote:
>
>
>Thanks Rich. Good call. We have SMTP relays and when searching those logs I see 20 or so emails from this sender. But when doing a message track on the HT's there are only showing 4 delivered. Kinda strange. Is there anywhere else I can check. Or a way
to directly see the whitelist/blacklist?
Just to be clear, you see 20 messages in the edge's SMTP logs and you
see those same 20 messages in the HT's SMTP log (as being received
from the edge server)?
If the messages make it to the HT and you use message tracking to
follow thier progress you see only four of them (not just four being
delivered, but no traces of the other 16 in message tracking)?
One possibility, not so far-fetched, is that the message-id on the
messages are all the same. They'd still show up in the message
tracking logs, but you'd see an event that said something like
"duplicate":
http://technet.microsoft.com/en-us/library/dd577073(EXCHG.80).aspx
http://msexchangeteam.com/archive/2004/07/14/183132.aspx
If you're running Exchange 2007 SP2 you can disable duplicate
detection:
http://support.microsoft.com/kb/975990
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
August 8th, 2010 7:29pm