Export (0) Print
Expand All

How to Configure Sender ID Actions

 

Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007

Topic Last Modified: 2012-04-26

This topic explains how to use the Exchange Management Shell to configure Sender ID actions. You can configure the Sender ID agent to take action when the agent detects evidence of domain spoofing or a transient error. The Sender ID evaluation process generates the following Sender ID status codes for spoofed messages or for transient error messages:

  • Fail   This Sender ID status indicates that the IP address for the purported responsible address (PRA) is in the not permitted set. This means that the IP address of the sending server is not listed as an authoritative Simple Mail Transfer Protocol (SMTP) sending server in the Domain Name System (DNS) sender policy framework (SPF) record, and the message is likely spoofed.

  • TempError   This is a transient error, such as an unavailable DNS server.

You can configure Sender ID to take one of the following actions when Sender ID determines that a message is spoofed or when a transient error is returned:

  • Stamp message with Sender ID result and continue processing:   This option is the default action. The Sender ID status is included in the metadata of all inbound messages to your organization. This metadata is evaluated by the Content Filter agent when a spam confidence level (SCL) is calculated. Additionally, sender reputation uses the message metadata when it calculates a sender reputation level (SRL) for the sender of the message.

  • Reject message   This option rejects the message and sends an SMTP error response to the sending server. The SMTP error response is a 5xx level protocol response with text that corresponds to the Sender ID status.

  • Delete message   This option deletes the message without informing the sending server of the deletion. In fact, the computer that has the Edge Transport server role installed sends a fake "OK" SMTP command to the sending server and then deletes the message. Because the sending server assumes that the message was sent, the sending server will not retry sending the message in the same session.

To perform the following procedures on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.

Also, before you perform these procedures, confirm the following:

To set an action for instances when a message is spoofed, you can use the Exchange Management Console or the Exchange Management Shell.

  1. In the Exchange Management Console, click Edge Transport.

  2. In the work pane, click the Anti-spam tab, and then select Sender ID.

  3. In the action pane, click Properties, and then click the Action tab.

  4. Select the action to take if the Sender ID check fails.

    noteNote:
    Stamp message by using Sender ID result and continue processing: is the default setting.
  5. Click OK to save your changes and close the dialog box, or click Apply to save your changes without closing the dialog box.

  • Run the following command:

    Set-SenderIDConfig -SpoofedDomainAction <StampStatus | Reject 
    

    For example, to reject spoofed messages, run the following command:

    Set-SenderIDConfig -SpoofedDomainAction Reject
    
    noteNote:
    StampStatus is the default value.

To set an action for instances when a transient error is returned, you must use the Set-SenderIdConfig command in the Exchange Management Shell. You cannot set the action in the Exchange Management Console.

  • Run the following command:

    Set-SenderIDConfig -TempErrorAction <StampStatus | Reject 
    
    noteNote:
    StampStatus is the default value.

For detailed syntax and parameter information, see Set-SenderIdConfig.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft