Filtering Messages

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

You can manage messages in queues by using the Exchange Queue Viewer graphical user interface and commands in the Exchange Management Shell in Microsoft Exchange Server 2007. The list of messages can be very large, depending on current mail flow. The list of messages changes when messages enter and leave the server.

When you filter messages by message properties, you can adjust your search to specific criteria and locate messages that may be causing a mail flow problem or are suspected spam. You can then perform operations that modify the status of those messages.

Message Filtering Scenarios

Filtering generates different views of the messages in queues. By specifying filter criteria, you can quickly locate messages and take action on them. When an e-mail message is sent to multiple recipients, the message may be located in multiple queues. When you filter by message properties, you can locate messages across all queues. The following scenarios are examples of how you might use message filtering to manage mail flow:

• The Submission queue on the computer that has the Edge Transport server role installed has a high volume of messages that are queued for delivery. Many of the messages have the same subject. Therefore, you suspect that spam is being sent to your organization. You can create a filter to view all the messages that meet the subject criteria. If you determine that the messages are spam, you can select them all and delete them from the delivery queue without sending a non-delivery report (NDR).

• A user reports that mail flow is slow. You examine the queues and see that many messages that have random subjects appear to be coming from a single domain. You can create a filter to view all the queued messages from that domain. If you determine that the messages are spam, you can select them all and delete them from the queues without sending an NDR.

Message Properties to Use When Filtering Messages

You can use message properties to create a filter and locate messages that meet specified criteria. Table 1 lists the message properties by which you can filter and the values that are associated with those properties.

Table 1   Message properties

Queue Viewer message property	Exchange Management Shell message property	Property type	Value
Date Received	DateReceived	DateTime	This value specifies the time stamp when the message was received by the server that holds the queue in which the message is located.
Expiration Time	ExpirationTime	DateTime	This value specifies the time stamp when the message will expire and be deleted from the queue if the message cannot be delivered.
From Address	FromAddress	SMTP Address	This value specifies the Simple Mail Transfer Protocol (SMTP) address of the sender of the message.
Identity	Identity	Integer	This value is an integer that represents a particular message. The message identity is assigned by the queuing database when the message is received for processing. You can include an optional server and queue identity to identify a unique instance of the message. This value can be expressed as follows: Server\QueueId\MessageId Server\Poison\MessageId MessageId Server\MessageId
Internet Message ID	InternetMessageId	String	The value of the Message-ID: message header field that is located in the message header. The value of this property is expressed as a GUID followed by the SMTP address of the sending server, as in this example: 67D754D6103DC4FB3BA6BC7205DACABA61231@exchange.contoso.com
Last Error	LastError	String	A text string of the last error that was recorded for a message.
Message Source Name	MessageSourceName	String	A text string of the name of the component that submitted this message to the queue.
Queue ID	Queue	QueueIdentity	The value of this property specifies the identity of the queue that holds the message. Enter the queue identity in the form of Server\destination, where destination is a remote domain, mailbox server, persistent queue name, or the queuing database identifier. The database identifier is represented as an integer and can be determined by viewing the message properties.
Retry Count	RetryCount	Integer	The number of times that delivery of a message to a destination was tried.
SCL	SCL	Integer	The value of the spam confidence level (SCL) property specifies the SCL of the message. Valid SCL entries are integers 0 through 9. An empty SCL property value indicates that the message hasn't been processed by the Content Filter agent.
Size (KB)	Size	ByteQuantifiedSize	The size of the message.
Source IP	SourceIP	IP Address	The IP address of the external server that submitted the message to the Exchange organization. Note If Exchange Server 2007 Service Pack 1 (SP1) is deployed on a computer that is running Windows Server 2008, you can enter IP addresses and IP address ranges in the Internet Protocol Version 4 (IPv4) format, Internet Protocol Version 6 (IPv6) format, or both formats. A default installation of Windows Server 2008 enables support for IPv4 and IPv6. For more information about Exchange 2007 SP1 support for IPv6 addresses, see IPv6 Support in Exchange 2007 SP1 and SP2.
Status	Status	Enumeration	The current message status. A message can have one of the following status values: Active   If the message is in a delivery queue, the message is being delivered to its destination. If the message is in the Submission queue, the message is being processed by the Categorizer. Suspended   The message was suspended by the administrator. PendingRemove   The message was deleted by the administrator, but was already in delivery. The message will be deleted if the delivery ends in an error that causes the message to re-enter the queue. Otherwise, delivery will continue. PendingSuspend   The message was suspended by the administrator, but was already in delivery. The message will be suspended if the delivery ends in an error that causes the message to re-enter the queue. Otherwise, delivery will continue. Ready   The message is waiting in the queue and is ready to be processed. Retry   The last connection attempt for the queue in which this message is located failed. The message is waiting for the next queue retry.
Subject	Subject	String	The subject of a message is expressed as a text string.

Operators to Use When Filtering Messages

When you create a message filter, you must include an operator for the property value to match. Table 2 shows the comparison operators that you can use in a filter expression and how each operator functions.

Table 2   Filter expression operators

Operator	Exchange Management Shell value	Function	Exchange Management Shell code example
Equals	-eq	This operator is used to specify that the results must exactly match the property value that is supplied in the expression.	To display a list of all messages that have a status of Retry: Get-message -filter {status -eq "retry"}
Does Not Equal	-ne	This operator is used to specify that the results should not match the property value that is supplied in the expression.	To display a list of all messages that do not have a status of Active: Get-message -filter {status -ne "active"}
Greater Than	-gt	This operator is used with properties where the value is expressed as an integer. The filter results only include messages where the value of the specified property is greater than the value that is supplied in the expression.	To display a list of messages that currently have a retry count that is more than 3: Get-message -filter {retrycount -gt 3}
Greater Than or Equals	-ge	This operator is used with properties where the value is expressed as an integer. The filter results only include messages where the value of the specified property is greater than or equal to the value that is supplied in the expression.	To display a list of messages that currently have a retry count that is 3 or more: Get-message -filter {retrycount -ge 3}
Less Than	-lt	This operator is used with properties where the value is expressed as an integer. The filter results only include messages where the value of the specified property is less than the value that is supplied in the expression.	To display a list of messages that have an SCL that is less than 6: Get-message -filter {SCL -lt 6}
Less Than or Equals	-le	This operator is used with properties where the value is expressed as an integer. The filter results only include messages where the value of the specified property is less than or equal to the value that is supplied in the expression.	To display a list of messages that have an SCL that is 6 or less: Get-message -filter {SCL -le 6}
Contains	-like	This operator is used with properties where the value is expressed as a text string. The filter results only include messages where the value of the specified property contains the text string that is supplied in the expression. You can include the * wildcard character in a -like statement that is applied to a text string field, but not a field that has the enumeration type.	To display a list of messages that have a subject that contains the text "payday loan" : Get-messages -filter {subject -like "*payday loan*"}

You can specify a filter that evaluates multiple expressions by using the -and comparison operator in the Exchange Management Shell or by adding multiple expressions in the Queue Viewer. To be included in the result set, messages must meet all conditions of the filter. For example, the results of the following command will display a list of messages that are sent from any e-mail address that has a domain name that ends in Contoso.com and that have an SCL that is greater than 5:

Get-message -Filter {FromAddress -like "*Contoso.com*" -and SCL -gt 5}

For more information about how to use comparison operators in the Exchange Management Shell, run the following command:

Help about_comparison_operator

For More Information

For more information about managing and filtering messages, see the following topics:

• Managing Queues

• How to Filter Messages

• Using the Exchange Management Shell to Manage Queues

• Queue Cmdlets

• How to View Queues

• How to View Messages

• How to Suspend Queues

• How to Suspend Messages

• How to Resume Queues

• How to Resume Messages

• How to Remove Messages from Queues

• How to Export Messages from Queues

• How to Resubmit Messages in Queues

• How to Export and Resubmit Messages