In Exchange 2010 when you enabled the Anti Spam plugin you could then manage the various add ons in the Exchange 2010 EMC, this has been discontinued in Exchange 2013 and Exchange 2016 so that you can only manage the Anti Spam agents from power-shell. Here I will show you how to enable and configure Anti Spam in Exchange 2013 and Exchange 2016. If you would like to use a third party product as well then check out this SPAMFighter review.
Exchange 2013 / Exchange 2016 Enable Anti-Spam
As mention to enable the Anti Spam agent we must do it from power-shell, the command is below.
This command maps to the scripts path and runs the antispamagents script. You will notice once ran you need to restart the Microsoft Exchange Transport Service. to do so run this command.
We then need to tell the anti spam agents about our Exchange servers. Simply use the command below while replacing my ip address with yours.
Set-TransportConfig -InternalSMTPServers 192.168.1.1
If you have multiple Exchange servers then you will need to set multiple -InternalSMTPServers. The command is s below.
Set-TransportConfig -InternalSMTPServers 192.168.1.1, 192.168.1.2
I only have one Exchange 2013 server as you can see.Once done the agent is ready to be configured.
Exchange 2013/2016 IP Block List Provider
This is the same process as process as Exchange 2010, read my article here on setting up the IP Block List Provider.
Exchange 2016/2013 Email Whitelists
Again this is the same process as setting up a white-list in exchange 2010, read the article here.
Exchange 2013 / 2016 Configure Anti Spam Logging
Here we setup the Anti Spam logging feature to keep track of what the agents are doing.
set-TransportService Mailboxserver -AgentLogPath "D:\spamlogs" -AgentLogMaxFileSize 30MB -AgentLogMaxDirectorySize 250MB -AgentLogMaxAge 7.00:00:00
Above we specify our logging folder to be “spamlogs” on the D drive, we set a maximum log file size of 30mb for each log and then a maximum log folder size of 250mb. These logs are kept for 7 days then overwrote.
Exchange 2013 /2016 SCL level configuration
This was simple in Exchange 2013, now its a pain. SCL stands for Spam Confidence Level, with 9 being no doubt 100% a spammy email and 0 being 100% a valid email.
We have 4 SCL commands;
SCL delete threshold – we specify when we delete an email.
SCL reject threshold – we specify when we reject an email into the organization.
SCL quarantine threshold – we specify when we quarantine an email for inspection by an admin.
SCL Junk Email folder threshold – we specify when we dump the email to the users junk-mail folder.
Now these are NOT recommendations below, As each organization is different. However to configure these thresholds do the following.
First enable content filtering
Set-ContentFilterConfig -Enabled $true
If the Anti Spam agents cause a problem, disable them like so.
Set-ContentFilterConfig -Enabled $false
To run the Content Filtering on External only run this command
Set-ContentFilterConfig -ExternalMailEnabled $true
To run theContent Filtering on internal emails only run this command
Set-ContentFilterConfig -InternalMailEnabled $true
Here we configure the SCL ratings
Set-ContentFilterConfig -SCLDeleteEnabled $true -SCLDeleteThreshold 9 SCLRejectEnabled $true -SCLRejectThreshold 7 -SCLQuarantineEnabled $true -SCLQuarantineThreshold 6
So above we delete emails with an SCL of 8 as they are obvious spam, we send a rejection to emails of an SCL of 7 ( I normally don’t enable this as it sends an NDR ) and we quarantine the emails at an SCL rating of 6, all other emails pass fine. I would personally replace the SCJreject email with SCLJunkThreshold so it pops it in the users mailbox.
Finally if you want to send a message to people where the email has been stopped as spam do the below, replacing the test as required.
Set-ContentFilterConfig -RejectionResponse "hey Mr that email was spammy!"