Read time 4 minutes

Summary: This article emphasizes the importance of anti-spam and anti-malware protection in Microsoft Exchange Servers. It discusses how to enable these defenses through various transport agents and provides step-by-step instructions for their installation. Neglecting these protections can lead to data corruption issues. The article also mentions the use of Kernel for Exchange Server software for database recovery and message retrieval.

The Exchange Server plays a pivotal role in managing a deluge of emails within business organizations, while also facilitating outbound communication. It falls upon the Exchange Administrator to ensure the safety of their mail recipients, shielding them from a gamut of external threats including spam, phishing, virus incursions, and hacking endeavors. Microsoft offers built-in defenses such as anti-malware and anti-spam functionalities, which can be skillfully configured to fortify data security.

  • Anti-spam protection is a feature available in several transport agents like Content Filter Agent, Sender Filter Agent, Sender ID Agent, and Protocol Analysis agent. You need to manually enable them at mailbox server to activate anti-spam protection.
    NOTE: These agents are by default ‘Enabled’ on Edge Transport Servers.
  • Anti-malware protection was introduced with the Malware Agent since Exchange Server 2013 and is in ‘Enabled’ state by default on the Exchange Mailbox Servers. So, there is no need to enable it manually.

Let’s delve into the intricacies of enabling anti-spam protection through the utilization of diverse transport agents. Before we proceed, it’s essential to grasp their operational mechanisms and how they safeguard valuable data.

Anti-Spam agent for mailbox servers

Under typical circumstances, the Exchange Administrator must activate the anti-spam agents on Mailbox Servers when either an Edge Transport server is absent, or the organization lacks a comprehensive anti-spam protection application. These agents are assigned priority values, with lower values signifying higher precedence. To establish the default agent priority sequence for message processing within the mailbox, consider the following order:

  1. Sender Filter Agent: In compares the sender server to a list of servers domains which are blocked by your organization.
  2. Sender ID Agent: It checks the IP address of the sending Server. It also checks the Purported Responsible Address (PRA) to check whether the sending message is clean or not.
  3. Content Filter Agent: It provides a particular spam confidence level (SCL) to every message to check its legitimacy. It also saves a legitimate message from being recognized as spam messages.
  4. Protocol Analysis Agent: It checks and provides a sender reputation level to each sender who his sending the message. The sender reputation tells the Administrator about the type of incoming message and whether it is a spam or not.
Installing Anti-spam Agents on mailbox servers

You can install all these agents using an Exchange Management Shell script only and here is its whole procedure in a stepwise manner.

  1. Start the Exchange Management Shell on Exchange Server and run the following script.
    & $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1

    When the script runs successfully, it will ask you to restart the Exchange Server.

  2. Restart the Microsoft Exchange Transport services with the command.
    Restart-Service MSExchangeTransport
  3. Now, mention the incoming SMTP servers which you want to ignore by the sender ID agent. You can specify multiple numbers of SMTP servers, but you need to specify at least one server necessarily.
    Set-TransportConfig -InternalSMTPServers @{Add=”IP address1″,”IP address2”,}

    Example

    Set-TransportConfig -InternalSMTPServers @{Add=”10.0.21.21″,”10.0.21.22″, “10.0.21.23” }

    To verify the presence of SMTP server in the configuration list, run the command –

    Get-TransportConfig | Format-List InternalSMTPServers
  4. Install all the agent with this command.
    Get-TransportAgent

    And

    Get-ContentFilterConfig | Format-Table Name,Enabled; Get-SenderFilterConfig | Format-Table Name,Enabled; Get-SenderIDConfig | Format-Table Name,Enabled; Get-SenderReputationConfig | Format-Table Name,Enabled

    Check the status of each agent by running following commands one by one.

    Get-ContentFilterConfig | Format-List *Enabled,RejectionResponse,*Postmark*,Bypassed*,Quarantine*;
    Get-SenderFilterConfig | Format-List *Enabled,*Block*
    Get-SenderIDConfig | Format-List *Enabled*,*Action,Bypassed*
    Get-SenderReputationConfig | Format-List *Enabled*,*Proxy*,*Block*,*Ports*

All of these agents operate within the mailbox server environment, necessitating manual installation and configuration. However, it is worth noting that a significant number of administrators tend to underestimate the critical role of anti-spam protection, often leading to substantial corruption problems within the Exchange. Fortunately, there exists an in-built utility known as ESEUTIL, equipped with multiple switches designed for repairing the Exchange Server database. Nevertheless, it is important to exercise caution, as some of these switches have the potential to delete corrupt data rather than facilitating its recovery.

Conclusion

Introducing the Kernel for Exchange Server software, your ultimate solution for EDB Recovery. This specialized software is designed to effectively tackle any form of corruption within your Exchange database, ensuring the seamless retrieval of all your valuable data. Moreover, it empowers you to effortlessly recover accidentally deleted messages, giving you the flexibility to store them in your preferred destination.