Attachment filtering procedures on Edge Transport servers
Attachment filtering in Exchange Server is provided by the Attachment Filter agent that's available only on Edge Transport servers. Attachment filtering can help prevent files in email messages from entering your organization. You can configure one or more attachment filter entries to filter attachments either by content type or by file name.
What do you need to know before you begin?
Estimated time to complete each procedure: 5 minutes.
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Antispam features" entry in the Antispam and antimalware permissions and the "Transport agents" entry in the Mail flow permissions topic.
Configuration changes that you make to attachment filtering on an Edge Transport server are made only to the local computer. If you have multiple Edge Transport servers in your perimeter network, you need to configure attachment filtering on each Edge Transport server separately.
You can only use PowerShell to perform this procedure. To learn how to open the Exchange Management Shell in your on-premises Exchange organization, see Open the Exchange Management Shell.
For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.
Tip
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.
Use the Exchange Management Shell to enable or disable attachment filtering
When you enable or disable the Attachment Filtering agent, the change takes effect after you restart the Microsoft Exchange Transport service. When you restart the Microsoft Exchange Transport service on an Edge Transport server, mail flow on the server is temporarily interrupted.
To disable attachment filtering, run the following command:
Disable-TransportAgent "Attachment Filtering Agent"
To enable attachment filtering, run the following command:
Enable-TransportAgent "Attachment Filtering Agent"
After you enable or disable attachment filtering, restart the Microsoft Exchange Transport service by running the following command:
Restart-Service MSExchangeTransport
How do you know this worked?
To verify that you successfully enabled or disabled attachment filtering, run the following command to verify the Enabled property value:
Get-TransportAgent "Attachment Filtering Agent"
Use the Exchange Management Shell to view and find attachment filtering entries
Attachment filtering entries define the message attachments that you want to keep out of your organization. To view the attachment filtering entries that are used by the Attachment Filtering agent, run the following command:
Get-AttachmentFilterEntry | Format-Table -Auto Type,Name
To find a specific MIME content type entry, use the following syntax:
Get-AttachmentFilterEntry ContentType:<MIMEContentType>
For example, to see if there's a MIME content type entry for JPEG images, run the following command:
Get-AttachmentFilterEntry ContentType:image/jpeg
If you receive the error, Couldn't find the specified identity., then the MIME content type isn't defined in the attachment filtering entries.
To view a specific file name or file name extension entry, use the following syntax:
Get-AttachmentFilterEntry FileName:<FileName or FileNameExtension>
For example, to see if there's a file name extension entry for JPEG attachments, run the following command:
Get-AttachmentFilterEntry FileName:*.jpg
If you receive the error, Couldn't find the specified identity., then the file name or file name extension isn't defined in the attachment filtering entries.
For more information, see Get-AttachmentFilterEntry.
Use the Exchange Management Shell to add attachment filtering entries
To add an attachment filtering entry that filters attachments by MIME content type, use the following syntax:
Add-AttachmentFilterEntry -Name <MIMEContentType> -Type ContentType
The following example adds a MIME content type entry that filters JPEG images.
Add-AttachmentFilterEntry -Name image/jpeg -Type ContentType
To add an attachment filtering entry that filters attachments by file name or file name extension, use the following syntax:
Add-AttachmentFilterEntry -Name <FileName or FileNameExtension> -Type FileName
The following example filters attachments that have the .jpg file name extension.
Add-AttachmentFilterEntry -Name *.jpg -Type FileName
For more information, see Add-AttachmentFilterEntry.
How do you know this worked?
To verify that you successfully added an attachment filtering entry, send a test message that contains the prohibited attachment from an external mailbox to an internal recipient and verify that the message and the attachment are processed as you expect.
Use the Exchange Management Shell to remove attachment filtering entries
To remove an attachment filtering entry that filters attachments by MIME content type, use the following syntax:
Remove-AttachmentFilterEntry ContentType:<ContentType>
The following example removes the MIME content type entry for JPEG images.
Remove-AttachmentFilterEntry ContentType:image/jpeg
To remove an attachment filtering entry that filters attachments by file name or file name extension, use the following syntax:
Remove-AttachmentFilterEntry FileName:<FileName or FileNameExtension>
The following example removes the file name entry for the .jpg file name extension.
Remove-AttachmentFilterEntry FileName:*.jpg
For more information, see Remove-AttachmentFilterEntry.
How do you know this worked?
To verify that you successfully removed an attachment filtering entry, send a test message that contains the allowed attachment from an external mailbox to an internal recipient, and verify that the message was successfully delivered with the attachment.
Use the Exchange Management Shell to view the attachment filtering action
To view the attachment filtering action that's used when a prohibited attachment is detected in a message, run the following command:
Get-AttachmentFilterListConfig | Format-List Action,AdminMessage,RejectResponse,ExceptionConnectors
Use the Exchange Management Shell to configure the attachment filtering action
To configure the attachment filtering action that's used when a prohibited attachment is detected in a message, use the following syntax:
Set-AttachmentFilterListConfig [-Action <Reject | Strip | SilentDelete>] [-RejectResponse "<Message text>"] [-AdminMessage "<Replacement file text>"] [-ExceptionConnectors <ConnectorGUID>]
This example makes the following changes to the attachment filtering configuration:
Reject (block) messages that have prohibited attachments. Note that you can't specify different actions for different types of attachments.
Use a custom response for rejected messages.
Set-AttachmentFilterListConfig -Action Reject -RejectResponse "This message contains a prohibited attachment. Your message can't be delivered. Please resend the message without the attachment."
For more information, see Set-AttachmentFilterListConfig.
How do you know this worked?
To verify that you successfully configured the attachment filtering action, send a test message that contains a prohibited attachment from an external mailbox to an internal recipient and verify that the message and the attachment are processed as you expect.