Thursday, November 7, 2013

How to enable and configure spam filter on exchange 2013

In Microsoft Exchange Server 2013, the following anti-spam agents are available in the Transport service on Mailbox servers, but they are not installed by default:
  • Content Filter agent
  • Sender ID agent
  • Sender Filter agent
  • Recipient Filter agent
  • Protocol Analysis agent for sender reputation
You can install these anti-spam agents on a Mailbox server using a script in the Exchange Management Shell.

1. Instalation


Use the shell to run Install-AntispamAgent.ps1 script

& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1

Then close power shell, restart Transport Service and open power shell again.

Specify SMTP servers of your organization

Set-TransportConfig -InternalSMTPServers @{Add="<ip address1>","<ip address2>"...}
example:

Set-TransportConfig -InternalSMTPServers @{Add="10.0.1.22","10.0.1.23"}

check servers list:

Get-TransportConfig | Format-List InternalSMTPServers

InternalSMTPServers : {10.0.1.22, 10.0.1.23)

to clear list set it to $null

Set-TransportConfig -InternalSMTPServers $null

to remove item from list:

Set-TransportConfig -InternalSMTPServers @{Remove="10.0.1.23"}


2. Sender filtering configuration

2.1 Sender block list

Set-SenderFilterConfig -Enabled $true

senders can be blocked on tree different block lists

  • blocked senders
  • blocked domains
  • blocked domains and subdomains
Set-SenderFilterConfig -BlockedSenders @{Add="spammer@domain.com",spammer2@domain.com} -BlockedDomains @{Add="spammers.com"}

check bloked senders list

Get-SenderFilterConfig | fl BlockedSenders, BlockedDomains

you should get somthing similar to:

BlockedSenders : {spammer@domain.com, spammer2@domain.com}
BlockedDomains : {spammers.com}

2.2 Empty sender blocking


Set-SenderFilterConfig -BlankSenderBlockingEnabled $true

this is usually used to block NDR, received from internet.

 

3. Recipient filtering

Set-RecipientFilterConfig -Enabled $true

Then enable feature of recipient filter config

Set-RecipientFilterConfig -BlockListEnabled $true

Populate blocked recipients list

Set-RecipientFilterConfig -BlockedRecipients @{Add="internal@domain.com", "internal2@domain.com"}

Check that list populated:

Get-RecipientFilterConfig | fl BlockedRecipients

BlockedRecipients : {internal@domain.com, internal2@domain.com}

3.1 Block recipients that is not listed in global address book.

Set-RecipientFilterConfig -RecipientValidationEnabled $true

that blocks all mails to non existing users, but it could expose all directory emails for spammers that use directory harvesting. To protect from directory harvesting we can set delay between send email requests.

get list of receive connectors:

Get-ReceiveConnectors

get tarpit interval of connector:

Get-ReceiveConnector "WIN2012-TEST\Default Frontend WIN2012-TEST" | fl tar*

TarpitInteval : 00:00:05

Set interval to 6 seconds

Set-ReceiveConnector "WIN2012-TEST\Default Frontend WIN2012-TEST" -TarpitInterval 00:00:06







No comments:

Post a Comment