This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 91%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWL%3C/text%3E%3C/svg%3E)
Hi,
Our Exchange 2013 Edge server is recently update to the latest CU and it's rejecting emails from our Canon network copier. The Content Filter Agent log shows "550 5.7.1 Message rejected as spam by Content Filtering.,SclAtOrAboveRejectThreshold,8" which means the email's SCL is 8 which is above the default of 7. I think the main issue is the copier is configured the sender and the recipient with the same email address. The reason is that if the copier fails to send the scanned images email to the recipient, the recipient will know what the problem is. This means that I can't use the "-bypasssedenders" and "-bypassedsenderdomains" option from the ContentFilterConfig. I don't know if I want to use the SCL level to 9 because more spams will pass through the filter. Anyone got some ideas how to address the issue. I don't see any option to whitelist the IP address from the ContentFilterConfig. Any suggestions will be greatly appreciated! Thank you!
Will
Ok, in that case it wont work since the Edge Server is not the first server to receive the message from the canon.
I would create a mail flow rule on the Edge Server that will set the SCL to -1 and allow these.
Assuming that every message generated by the canon as this as part of the message ID:
CanonD3E1D3.canoncopier.com
New-TransportRule "Allow Messages From Canon Copier" -HeaderContainsWords "CanonD3E1D3.canoncopier.com" --HeaderContainsMessageHeader Message-ID -SetSCL -1
Thanks, I will try that and see if this works.
Can you tell me what "--HeaderContainsMessageHeader Message-ID" does?
when you create a transport rule like this, you have 2 parts:
So what this does is look at each message and check the Message-ID header. Then it looks at the actual value of that header.
The rule example will look at the Message-ID header, then it will see of the that header contains "CanonD3E1D3.canoncopier.com". if it does, then if will be trusted.
P.S. there is a typo in there. Only one dash. Sorry about that.
So:
New-TransportRule "Allow Messages From Canon Copier" -HeaderContainsWords "CanonD3E1D3.canoncopier.com" -HeaderContainsMessageHeader Message-ID -SetSCL -1
Hi,
Thanks for the solution. This does fix the issue I was having. One more question about the Transportrule, can you have multiple options with the "-HeaderContainsMessageHeader" parameter? For example, can you check the "From" and "Message-ID" using one rule?
Thanks!
Yes, you can do that using one rule.
By the way, I provided the answer, so feel free to mark my answer as accepted. :)
Is it not possible to mark more than one? I honestly don't know.
Yes, you are the first person provided the answer. Can you give me an example of how to use two parameters in one rule. Thanks agian!
If creating a new transport rule:
New-TransportRule "Allow Messages From Canon Copier" -HeaderContainsWords "CanonD3E1D3.canoncopier.com" -HeaderContainsMessageHeader Message-ID -SetSCL -1 -FromAddressContainsWords "User@Company portal .com"
For an existing rule. Example:
Get-TransportRule "Allow Messages From Canon Copier" | Set-TransportRule -FromAddressContainsWords "User@Company portal .com"
Thank you!
I would use Add-IPAllowListEntry and add the Copier IP Addresses there. Is that not working?
Example:
Add-IPAllowListEntry -IPRange 192.168.1.10-192.168.1.15
More info on how to enable and add IP addresses:
https://learn.microsoft.com/en-us/exchange/antispam-and-antimalware/antispam-protection/connection-filtering-procedures?view=exchserver-2019#ip-allow-list-procedures
I don't know if this works but I will try to see if it fixes the issue. The reason that I don't know if this works is because the Canon copier does not send the email directly to our Exchange server. The copier sends the email to an official email server first before it routes to our email server. That email server is already on our trust list of email servers.
Thanks!
Ok, in that case it wont apply here.
If the "official" email server is trusted then it should not be marking it as SPAM then. How is it "trusted"?
The "official" email server has a mx record on the DNS server and in the SPF record as well. This is what I don't know why the Exchange 2013 Edge server is blocking it now but not before. The only differences is I upgrade the Edge server to the latest CU 23. I don't know if Microsoft change how the ContentFilter works with the latest CU.
Here is an example from the agentlog file:
2020-08-10T20:37:07.619Z,08D83B4C44DA2DB2,xx.xx.xx.xx:25,yy.yy.yy.yy:37108,yy.yy.yy.yy,<20200810133708.0001.CanonTxNo.2997@CanonD3E1D3.canoncopier.com>,recipient@keyman .com,recipient@keyman .com;,recipient@keyman .com,1,Content Filter Agent,OnEndOfData,RejectMessage,550 5.7.1 Message rejected as spam by Content Filtering.,SclAtOrAboveRejectThreshold,8,DV:3.3.5705.600;SID:SenderIDStatus Pass,69d9128e-41fb-44f3-26a5-08d83d6d263d,,Incoming
What is the "official" email server? Is that mx record pointing to the Edge Servers? If so, then my original answer applies.
So here is the setup:
2013 Edge (mx record)<-->Other Linux based email server (mx record)<--Canon copier.
So your suggestion is to set Add-IPAllowListEntry -IPRange 192.168.1.10-192.168.1.15 on the 2013 Edge server, right? How come the 2013 Edge server cares about the original sender IP as the email is coming from an offical email server? Thanks again!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 22%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
Hi WillLin,
Please run the following command to create the transport rule. This transport rule is that when the from in the header field of the email is CanonD3E1D3.canoncopier.com, the SCL value of this email is set to -1. -1 means from a trusted sender, so the message bypasses spam filtering.
New-TransportRule "Test1" -HeaderContainsWords "CanonD3E1D3.canoncopier.com" -HeaderContainsMessageHeader From -SetSCL -1
For more information you could refer to: New-TransportRule and Antispam stamps
The following is my test in the environment. Because user7 is an internal user, the default SCL value is -1, so I set the SCL value of the email from user7 is set to 3.
New-TransportRule "Test2" -HeaderContainsWords "user7@contoso.com" -HeaderContainsMessageHeader From -SetSCL 3
When I use ExRCA to analysis the mail from user7, I can see that the SCL of the mail has been successfully set to 3.
Hi LucasLiu,
Thanks for the solution. This does fix the issue I was having. One more question about the Transportrule, can you have multiple options with the "-HeaderContainsMessageHeader" parameter? For example, can you check the "From" and "Message-ID" using one rule?
Thanks!
Hi WillLin,
Yes, you could do this. According to your example, you can run the following command to achieve.
New-TransportRule "Test1" -HeaderContainsWords "CanonD3E1D3.canoncopier.com" -HeaderContainsMessageHeader Message-ID -FromAddressContainsWords <> -SetSCL -1
For more information, you can refer to the New-TransportRule link provided above.
Thank you very much for your help!