@Brian Anderson: yes, it is possible by using ORF in combination with Exchange Content Filtering, though ORF can be configured to tag _all_ blacklisted emails (instead of rejecting them) or none, so this means you can no longer use Before Arrival (and therefore Greylisting) for the rest of the users.
In ORF:
1. Start the ORF Administration Tool
2. Expand Configuration / Tests / Tests in the left navigation pane
3. Assign all blacklist tests possible to On Arrival, disable Greylisting if you have it enabled
4. Expand Configuration / Filtering – On Arrival / Actions
5. Click the Actions button and select “Accept email and perform further actions”
6. Check “Tag email subject with the text below” and enter [SPAM]
7. Click OK and save your settings by pressing Ctrl+S.
In Exchange:
I. Ensure ORF runs before Content Filter:
1. Start the Exchange Management Shell
2. Enter the following command:
Get-TransportAgent | Format-List
3. As you will see, ORF has two agents, the "Vamsoft ORF Routing Agent" and the "Vamsoft ORF Receive Agent". To change the priority of the filtering agent of ORF (e.g. to 4, if you want ORF to run before the Content Filter of Exchange), run the following commands:
Set-TransportAgent -Identity "Vamsoft ORF Receive Agent" -Priority 4
4. Finally, restart the MSExchangeTransport Service to apply the changes:
Restart-Service MSExchangeTransport
II. Configure Exchange to reject or delete emails tagged by ORF except for this particular recipient
1. Start the Exchange Management Console
2. Expand Organization Configuration > Hub Transport and select the Transport Rules tab
3. Select Action | New Transport rule in the menu
4. Name the rule (e.g. “Reject and delete ORF-tagged emails”). You can add a comment as well. Click Next.
5. In the Conditions page, select the condition to trigger this rule: “When the subject field contains specific words”
6. Set the “specific word” to [SPAM] (the tag we will use in ORF). Click Next.
7. In the Actions page, select the action “Send rejection message to sender with enhances status code” The latter should be "5.7.1" the rejection message is up to you (e.g., "Message classified as spam. If this is a mistake, call us at 1 234 5678 ext 9."). Optionally, you can enable the delete action as well (not sure what happens if you enable both). Click Next.
8. On the Exceptions page, select "except when the message is sent to people". Set the user who wishes to receive all spam. Click Next.
9. Click New, then click Finish.
III. Create another rule to set the SCL score of ORF-tagged emails for this particular recipient
1. Start the Exchange Management Console
2. Expand Organization Configuration > Hub Transport and select the Transport Rules tab
3. Select Action | New Transport rule in the menu
4. Name the rule (e.g. “Set SCL of ORF-tagged spam for ”). You can add a comment as well. Click Next.
5. In the Conditions page, select the condition to trigger this rule: “When the subject field contains specific words”
6. Set the “specific word” to [SPAM] (the tag we will use in ORF).
7. Enable the "sent to people" condition and select the user. Click Next.
6. In the Actions page, select the action “Set the spam confidence level to value”
7. In the rule description, click on the 0 link and add a value that’s above the user's SCLJunkThreshold (see below), e.g. 6, and click Next
8. On the Exceptions page, click Next again
9. Click New, then click Finish.
IV. Configure the SCL thresholds for this user
Exchange has 4 kinds of SCL Thresholds, read about them at http://technet.microsoft.com/en-us/library/aa995744.aspx
Basically, the Per-Mailbox thresholds rules override the global settings
http://technet.microsoft.com/en-us/library/bb123981.aspx
1. Start the Exchange Management Shell
2. Enter the following command (example):
Set-Mailbox -Identity -SCLDeleteEnabled $false -SCLRejectEnabled $false -SCLQuarantineEnabled $false -SCLJunkEnabled $true SCLJunkThreshold 5
' selects the mailbox of the user, the rest of the parameters ensures no emails are deleted or rejected or quarantined, and that emails with SCL score above 5 will be redirected to the Junk folder.
In ORF:
1. Start the ORF Administration Tool
2. Expand Configuration / Tests / Tests in the left navigation pane
3. Assign all blacklist tests possible to On Arrival, disable Greylisting if you have it enabled
4. Expand Configuration / Filtering – On Arrival / Actions
5. Click the Actions button and select “Accept email and perform further actions”
6. Check “Tag email subject with the text below” and enter [SPAM]
7. Click OK and save your settings by pressing Ctrl+S.
In Exchange:
I. Ensure ORF runs before Content Filter:
1. Start the Exchange Management Shell
2. Enter the following command:
Get-TransportAgent | Format-List
3. As you will see, ORF has two agents, the "Vamsoft ORF Routing Agent" and the "Vamsoft ORF Receive Agent". To change the priority of the filtering agent of ORF (e.g. to 4, if you want ORF to run before the Content Filter of Exchange), run the following commands:
Set-TransportAgent -Identity "Vamsoft ORF Receive Agent" -Priority 4
4. Finally, restart the MSExchangeTransport Service to apply the changes:
Restart-Service MSExchangeTransport
II. Configure Exchange to reject or delete emails tagged by ORF except for this particular recipient
1. Start the Exchange Management Console
2. Expand Organization Configuration > Hub Transport and select the Transport Rules tab
3. Select Action | New Transport rule in the menu
4. Name the rule (e.g. “Reject and delete ORF-tagged emails”). You can add a comment as well. Click Next.
5. In the Conditions page, select the condition to trigger this rule: “When the subject field contains specific words”
6. Set the “specific word” to [SPAM] (the tag we will use in ORF). Click Next.
7. In the Actions page, select the action “Send rejection message to sender with enhances status code” The latter should be "5.7.1" the rejection message is up to you (e.g., "Message classified as spam. If this is a mistake, call us at 1 234 5678 ext 9."). Optionally, you can enable the delete action as well (not sure what happens if you enable both). Click Next.
8. On the Exceptions page, select "except when the message is sent to people". Set the user who wishes to receive all spam. Click Next.
9. Click New, then click Finish.
III. Create another rule to set the SCL score of ORF-tagged emails for this particular recipient
1. Start the Exchange Management Console
2. Expand Organization Configuration > Hub Transport and select the Transport Rules tab
3. Select Action | New Transport rule in the menu
4. Name the rule (e.g. “Set SCL of ORF-tagged spam for ”). You can add a comment as well. Click Next.
5. In the Conditions page, select the condition to trigger this rule: “When the subject field contains specific words”
6. Set the “specific word” to [SPAM] (the tag we will use in ORF).
7. Enable the "sent to people" condition and select the user. Click Next.
6. In the Actions page, select the action “Set the spam confidence level to value”
7. In the rule description, click on the 0 link and add a value that’s above the user's SCLJunkThreshold (see below), e.g. 6, and click Next
8. On the Exceptions page, click Next again
9. Click New, then click Finish.
IV. Configure the SCL thresholds for this user
Exchange has 4 kinds of SCL Thresholds, read about them at http://technet.microsoft.com/en-us/library/aa995744.aspx
Basically, the Per-Mailbox thresholds rules override the global settings
http://technet.microsoft.com/en-us/library/bb123981.aspx
1. Start the Exchange Management Shell
2. Enter the following command (example):
Set-Mailbox -Identity -SCLDeleteEnabled $false -SCLRejectEnabled $false -SCLQuarantineEnabled $false -SCLJunkEnabled $true SCLJunkThreshold 5
' selects the mailbox of the user, the rest of the parameters ensures no emails are deleted or rejected or quarantined, and that emails with SCL score above 5 will be redirected to the Junk folder.
Krisztian Fekete (Vamsoft)
(5 months ago)
in response to this post
in response to this post
Please forgive if this is a stupid question, but I have never had a request from a user to actually get all of the spam.
Thanks!
Brian