Configuring Sender Filtering
Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3
This topic explains how to use the Exchange Management Console or the Exchange Management Shell to configure the Sender Filter agent. This topic also provides an overview of how to configure the Sender Filter agent. For basic configuration, see the procedures in this topic. For more information about how the Sender Filter agent works, see Sender Filtering.
When you configure the Sender Filter agent, you must follow these steps:
Enable the Sender Filter agent.
Add blocked senders and domains.
Enable blank sender blocking.
Specify the blocking action.
Configuration changes that you make to the Sender Filter agent by using the Exchange Management Console or the Exchange Management Shell are made only to the local computer that has the Edge Transport server role installed. If multiple instances of the Edge Transport server role are running in your organization, you must apply sender reputation configuration changes to each computer.
Using the Sender Filter Agent to Block Messages
By default, sender filtering is enabled on the computer that has the Edge Transport server role installed for inbound messages that come from the Internet but are not authenticated. These messages are handled as external messages. You can disable the Sender Filter agent in individual computer configurations by using the Exchange Management Console or the Exchange Management Shell.
When you enable the Sender Filter agent on a computer, the Sender Filter agent filters all messages that come through all Receive connectors on that computer. As noted earlier in this topic, only messages that come from external sources are filtered. External sources are defined as non-authenticated sources. These are considered anonymous Internet sources.
For more information about how to configure Receive connectors and how message source categories are determined, see Receive Connectors.
As a best practice, you should not filter e-mail messages from trusted partners or from inside your organization. When you run anti-spam filters, there is always a chance that the filters will detect false positives. You should enable anti-spam agents to run only on messages from potentially untrusted and unknown sources. This will reduce the chance that anti-spam filters will mishandle legitimate messages. You can enable and disable the Sender Filter agent to run on messages from any source by using the Exchange Management Shell. For more information, see Set-SenderFilterConfig.
You can configure the Sender Filter agent to block inbound messages that do not specify a sender and domain in the MAIL: FROM SMTP header. You can use this feature to prevent non-delivery report (NDR) attacks on the Exchange server. Most legitimate SMTP messages come from SMTP servers that provide a sender and domain in the MAIL FROM SMTP command.
Specifying the Block Action
After you have specified blocked senders and domains, you must specify how you want the Sender Filter agent to act on messages from blocked senders and domains. We recommend that you reject the messages. When you use the Sender Filter agent, on which all blocked e-mail addresses and domains are specified by the Edge Transport server administrator, the chance of false positives is relatively less than when you use other anti-spam agents. For example, the Content Filter agent is an anti-spam agent that relies on many different variables to determine whether a message is spam.
There are only two scenarios in which legitimate messages may be rejected by the Sender Filter agent:
If you mistype an e-mail address or domain name, the wrong sender may be blocked.
If a domain name is reregistered to a legitimate company after you add the domain to your Blocked Senders list, you will unintentionally block legitimate messages.
In either of these cases, it may still make sense to reject the messages.
For More Information
For more information about how to configure sender filtering by using the Exchange Management Shell, see the following topics:
For more information about the Sender Filter agent, see Sender Filtering.
For more information about how to configure the Sender Filter agent, see the following topics: