Setup Anti-Malware and Anti-Spam in Exchange Server 2016/2019

Aftab Alam
Aftab Alam linkedin | Updated On - November 10, 2022 |

Read time 4 minutes

Exchange Server receives a vast number of emails in business organizations, in addition to sending many emails outside the organization. And Exchange Administrator must secure its mail recipients from external threats like spamming, phishing, virus attacks, and hacking attempts. Microsoft has some inbuilt protection like anti-malware and anti-spam feature which you can configure to safeguard the data.

  • Anti-spam protection is a feature available in several transport agents like Content Filter Agent, Sender Filter Agent, Sender ID Agent, and Protocol Analysis agent. You need to manually enable them at mailbox server to activate anti-spam protection.
    NOTE: These agents are by default ‘Enabled’ on Edge Transport Servers.
  • Anti-malware protection was introduced with the Malware Agent since Exchange Server 2013 and is in ‘Enabled’ state by default on the Exchange Mailbox Servers. So, there is no need to enable it manually.

Let’s dig deep and learn how we can enable the anti-spam protection using various transport agents. But first, understand how they work and protect the data.

Anti-Spam agent for Mailbox Servers

In the typical condition, the Exchange Administrator needs to enable the anti-spam agents on Mailbox Servers when there is no Edge Transport server, or the organization does not have a robust anti-spam protection application. These agents have a priority value, and a lower value indicates a higher priority. Based on the default priority value, here is the order of agents in which they are applied to the messages of the mailbox –

  1. Sender Filter Agent.
    In compares the sender server to a list of servers domains which are blocked by your organization.
  2. Sender ID Agent.
    It checks the IP address of the sending Server. It also checks the Purported Responsible Address (PRA) to check whether the sending message is clean or not.
  3. Content Filter Agent.
    It provides a particular spam confidence level (SCL) to every message to check its legitimacy. It also saves a legitimate message from being recognized as spam messages.
  4. Protocol Analysis Agent.
    It checks and provides a sender reputation level to each sender who his sending the message. The sender reputation tells the Administrator about the type of incoming message and whether it is a spam or not.
Installing Anti-spam Agents on Mailbox Servers

You can install all these agents using an Exchange Management Shell script only and here is its whole procedure in a stepwise manner.

  1. Start the Exchange Management Shell on Exchange Server and run the following script.
    & $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1

    When the script runs successfully, it will ask you to restart the Exchange Server.

  2. Restart the Microsoft Exchange Transport services with the command.
    Restart-Service MSExchangeTransport
  3. Now, mention the incoming SMTP servers which you want to ignore by the sender ID agent. You can specify multiple numbers of SMTP servers, but you need to specify at least one server necessarily.
    Set-TransportConfig -InternalSMTPServers @{Add=”IP address1″,”IP address2”,}

    Example

    Set-TransportConfig -InternalSMTPServers @{Add=”10.0.21.21″,”10.0.21.22″, “10.0.21.23” }

    To verify the presence of SMTP server in the configuration list, run the command –

    Get-TransportConfig | Format-List InternalSMTPServers
  4. Install all the agent with this command.
    Get-TransportAgent

    And

    Get-ContentFilterConfig | Format-Table Name,Enabled; Get-SenderFilterConfig | Format-Table Name,Enabled; Get-SenderIDConfig | Format-Table Name,Enabled; Get-SenderReputationConfig | Format-Table Name,Enabled

    Check the status of each agent by running following commands one by one.

    Get-ContentFilterConfig | Format-List *Enabled,RejectionResponse,*Postmark*,Bypassed*,Quarantine*;
    Get-SenderFilterConfig | Format-List *Enabled,*Block*
    Get-SenderIDConfig | Format-List *Enabled*,*Action,Bypassed*
    Get-SenderReputationConfig | Format-List *Enabled*,*Proxy*,*Block*,*Ports*

All these agents work on the mailbox server, and you need to install and configure them manually. But many administrators overlook the importance of anti-spam protection and face severe corruption issues in the Exchange. There is an in-built utility called ESEUTIL to repair the Exchange Server database using multiple switches, but they can further delete the corrupt data rather than recovering it.

Conclusion

Here comes the Kernel for Exchange Server software at your rescue. Exchange Recovery software is a specialized data recovery software which can handle any corruption from the Exchange database and bring all the data back to you. It also recovers the accidentally deleted messages and saves them at any desired destination.