Called safelist aggregation, it is a feature that basically collects data from the Safe Senders and Safe Recipients lists, which can be found under the Junk E-Mail Options in Outlook 20
Trang 13 Set up delegation if you’re going to open the mailbox as an additional mailbox under your primary mailbox account
4 On the Edge Transport server, open the EMS, type Set-ContentFilterConfi g
-QuarantineMailbox <SmtpAddress>, and press Enter.
All quarantined messages will now be sent to the specifi ed e-mail address, so be sure to check it for any false positives on a regular basis When you fi nd a false positive, you can resend it to the
original recipient by opening the message and clicking Resend.
In addition, you can create a list of words and/or phrases that won’t be blocked no matter the
SCL rating of the particular message (the Content Filter will assign an SCL rating of 0 to messages
including these words and/or phrases) You can also create a list of words and/or phrases that should
be blocked no matter the SCL rating (see Figure 7.43)
Figure 7.43 The Custom Word List on the Content-Filtering Properties Page
Trang 2If for some reason you don’t want to block any messages destined for a particular SMTP address, you can add the address to an exceptions list (see Figure 7.44)
Figure 7.44 The Exceptions List on the Content-Filtering Properties Page
Safelist Aggregation
The content-fi ltering agent includes another antispam feature that isn’t visible in the EMC GUI
Called safelist aggregation, it is a feature that basically collects data from the Safe Senders and Safe
Recipients lists, which can be found under the Junk E-Mail Options in Outlook 2007 (see Figure 7.45)
Trang 3Figure 7.45 The Safe Senders List in Outlook 2007
The e-mail addresses and/or domains that the end users in your Exchange organization have
added to the Safe Senders and/or Safe Recipients list are stored on the respective mailbox servers
on which a mailbox is located and can from here be pushed to Active Directory service, where the
lists can be stored on each user object If you use the EdgeSync service, these lists will, as part of
the recipient data, be replicated from Active Directory to the ADAM store on the edge transport
server
Trang 4To reduce the number of false positives on the Edge Transport server, the Content Filtering agent can, using safelist aggregation, let the e-mail addresses and domains confi gured on the Safe Sender list
be allowed to pass through to end users’ mailboxes without additional processing by the rest of the
fi ltering agents If you enable Also trust e-mail from my Contacts on the Safe Senders tab in
Outlook 2007, shown in Figure 7.45, all Outlook contacts in user mailboxes will be allowed to pass through the fi ltering agents as well Pretty neat, right?
Even though you have enabled the Content Filtering agent, you still need to enable and confi gure the safelist aggregation feature before you can use it To do so, perform the following steps:
1 Log on to the Exchange 2007 server that has the Mailbox server role installed and open
the EMS.
2 To read the Safelist collection from each user’s mailbox and then hash and write it to the
respective user objects in Active Directory, you will need to run the Update-Safelist CMDlet When using the Update-Safelist CMDlet, you are expected to provide the identity for the mailbox you want to run the CMDlet on Since you want to run the Update-Safelist
CMDlet on all mailbox users on the mailbox server, you will need to use piping To run
Update-Safelist for all mailbox users, type “get-mailbox | where {$_.RecipientType -eq
[Microsoft.Exchange.Data.Directory.Recipient.RecipientType]::MailboxUser } | update-safelist” and then press Enter.
3 Since the Update-Safelist CMDlet is a onetime-only command, you need to use the
Windows Scheduler to schedule the CMDlet to run, let’s say, once every 24 hours To do so, create a batch fi le with the following code:
“C:\Program Files\Windows Powershell\v1.0\Powershell.exe” -psconsolefi le
“C:\Program Files\Microsoft\Exchange Server\bin\exshell.psc1” -command
“Get-Mailbox | where {$_.RecipientType -eq [Microsoft.Exchange.Data.
Directory.Recipient.RecipientType]::MailboxUser } | Update-Safelist”
4 Save the batch fi le as Update-Safelist.bat or something similar (Remember to change
Notepad to all fi les instead of txt fi les.)
5 Now schedule this batch fi le to be run every 24th hour (for example, at 00.00) To do this, open a command prompt window (or use the Windows Scheduler, which can be
found in the Control Panel), type AT 00.00 /every:M,T,W,Th,F,S,SU cmd /c
“C:\Update-Safelist.bat” , and press Enter.
6 To see whether Update-Safelist has updated the respective Active Directory user objects,
you can check the msExchSafeRecipientsHash and msExchSafeSendersHash attributes for
a couple of user objects using ADSI Edit or a similar tool If these attributes have a value
of <Not Set>, they haven’t been updated, but if they instead have a value similar to 0xac
0xbd 0x03 0xca, the user objects have been updated.
Trang 5To use ADSI Edit, you need to install the Windows Server 2003 Support Tools on the respective Exchange 2007 server
To see whether safelist aggregation works as expected on the edge transport server, try to add a custom word or phrase to the Custom Words block list, which is found on the Properties page of the Content Filter Now add the e-mail address of the private e-mail account (such as a Hotmail) to the Safe Senders list of your mailbox in Outlook 2007 Finally, send an e-mail message containing the
word or phrase you added to the block list to your Exchange 2007 Mailbox user account If the
message appears in your mailbox, the safelist aggregation feature works as expected
Outlook E-mail Postmark Validation
In addition to the safelist aggregation feature, the Content Filtering agent includes one more feature that will help reduce the number of false positives in your Exchange organization The feature, called Outlook E-Mail Postmark Validation, is a computational proof that Outlook applies to all outbound messages to help recipient messaging systems distinguish legitimate e-mail messages from junk With Outlook E-Mail Postmark Validation enabled, the Content Filtering agent will parse all inbound
messages for a computational postmark header If a valid as well as solved computational postmark
header is present in a message, it means that the client computer that generated the message solved
the computational postmark The result of a postmark validation will be used when the overall SCL rating for an inbound message is calculated
NOTE
If no computational postmark header exists or if the header is invalid, the SCL rating will not be changed
On a default installation of the Edge Transport server role, the Outlook
E-Mail Postmark Validation feature is enabled by default, but to verify that the
feature indeed is enabled on your system, you can open the EMC and type
Get-ContentFilterConfi g (see Figure 7.46).