Manage content filtering
Applies to: Exchange Server 2013
Content filtering is provided by the Content Filter agent. The Content Filter agent filters all messages that come through all Receive connectors on the Exchange server. Only messages that come from non-authenticated sources are filtered.
Estimated time to complete each procedure: 10 minutes
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Anti-spam feature" entry in the Anti-spam and anti-malware permissions topic.
You can only use the Shell to perform this procedure.
By default, anti-spam features aren't enabled in the Transport service on a Mailbox server. Typically, you only enable the anti-spam features on a Mailbox server if your Exchange organization doesn't do any prior anti-spam filtering before accepting incoming messages. For more information, see Enable anti-spam functionality on Mailbox servers.
For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.
Tip
Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server.
To disable content filtering, run the following command:
Set-ContentFilterConfig -Enabled $false
To enable content filtering, run the following command:
Set-ContentFilterConfig -Enabled $true
Note
When you disable content filtering, the underlying Content Filter agent is still enabled. To disable the Content Filter agent, run the command: Disable-TransportAgent "Content Filter Agent"
.
To verify that you have successfully enabled or disabled content filtering, do the following:
Run the following command:
Get-ContentFilterConfig | Format-List Enabled
Verify the value of the Enabled property that's displayed.
By default, content filtering functionality is enabled for external messages.
To disable content filtering for external messages, run the following command:
Set-ContentFilterConfig -ExternalMailEnabled $false
To enable content filtering for external messages, run the following command:
Set-ContentFilterConfig -ExternalMailEnabled $true
To verify that you have successfully enabled or disabled content filtering for external messages, do the following:
Run the following command:
Get-ContentFilterConfig | Format-List ExternalMailEnabled
Verify the value of the ExternalMailEnabled property that's displayed.
As a best practice, you should not filter messages from trusted partners or from inside your organization. When you run anti-spam filters, there's always a chance that the filters will detect false positives. To reduce the chance that filters will mishandle legitimate email messages, you should enable anti-spam agents to run only on messages from potentially untrusted and unknown sources.
To enable content filtering for internal messages, run the following command:
Set-ContentFilterConfig -InternalMailEnabled $true
To disable content filtering for internal messages, run the following command:
Set-ContentFilterConfig -InternalMailEnabled $false
To verify that you have successfully enabled or disabled content filtering for internal messages, do the following:
Run the following command:
Get-ContentFilterConfig | Format-List InternalMailEnabled
Verify the value of the InternalMailEnabled property that's displayed.
To replace the existing values, run the following command:
Set-ContentFilterConfig -BypassedRecipients <recipient1,recipient2...> -BypassedSenders <sender1,sender2...> -BypassedSenderDomains <domain1,domain2...>
This example configures the following exceptions in content filtering:
The recipients laura@contoso.com and julia@contoso.com aren't checked by content filtering.
The senders steve@fabrikam.com and cindy@fabrikam.com aren't checked by content filtering.
All senders in the domain nwtraders.com and all subdomains aren't checked by content filtering.
Set-ContentFilterConfig -BypassedRecipients laura@contoso.com,julia@contoso.com -BypassedSenders steve@fabrikam.com,cindy@fabrikam.com -BypassedSenderDomains *.nwtraders.com
To add or remove entries without modifying any existing values, run the following command:
Set-ContentFilterConfig -BypassedRecipients @{Add="<recipient1>","<recipient2>"...; Remove="<recipient1>","<recipient2>"...} -BypassedSenders @{Add="<sender1>","<sender2>"...; Remove="<sender1>","<sender2>"...} -BypassedSenderDomains @{Add="<domain1>","<domain2>"...; Remove="<domain1>","<domain2>"...}
This example configures the following exceptions in content filtering:
Add tiffany@contoso.com and chris@contoso.com to the list of existing recipients who aren't checked by content filtering.
Add joe@fabrikam.com and michelle@fabrikam.com to the list of existing senders who aren't checked by content filtering.
Add blueyonderairlines.com to the list of existing domains whose senders aren't checked by content filtering.
Remove the domain woodgrovebank.com and all subdomains from the list of existing domains whose senders aren't checked by content filtering.
Set-ContentFilterConfig -BypassedRecipients @{Add="tiffany@contoso.com","chris@contoso.com"} -BypassedSenders @{Add="joe@fabrikam.com","michelle@fabrikam.com"} -BypassedSenderDomains @{Add="blueyonderairlines.com"; Remove="*.woodgrovebank.com"}
To verify that you have successfully configured the recipient and sender exceptions, do the following:
Run the following command:
Get-ContentFilterConfig | Format-List Bypassed*
Verify the values displayed match the settings you specified.
To add allowed and blocked words and phrases, run the following command:
Add-ContentFilterPhrase -Influence GoodWord -Phrase <Phrase> -Influence BadWord -Phrase <Phrase>
This example allows all messages that contain the phrase "customer feedback".
Add-ContentFilterPhrase -Influence GoodWord -Phrase "customer feedback"
This example blocks all messages that contain the phrase "stock tip".
Add-ContentFilterPhrase -Influence BadWord -Phrase "stock tip"
To remove allowed or blocked phrases, run the following command:
Remove-ContentFilterPhrase -Phrase <Phrase>
This example removes the phrase "stock tip":
Remove-ContentFilterPhrase -Phrase "stock tip"
To verify that you have successfully configured the allowed and block phrases, do the following:
Run the following command:
Get-ContentFilterPhrase | Format-List Influence,Phrase
Verify the values displayed match the settings you specified.
To configure the spam confidence level (SCL) thresholds and actions, run the following command:
Set-ContentFilterConfig -SCLDeleteEnabled <$true | $false> -SCLDeleteThreshold <Value> -SCLRejectEnabled <$true | $false> -SCLRejectThreshold <Value> -SCLQuarantineEnabled <$true | $false> -SCLQuarantineThreshold <Value>
Note
The Delete action takes precedence over the Reject action, and the Reject action takes precedence over the Quarantine action. Therefore, the SCL threshold for the Delete action should be greater than the SCL threshold for the Reject action, which in turn should be greater than the SCL threshold for the Quarantine action. Only the Reject action is enabled by default, and it has the SCL threshold value 7.
This example configures the following values for the SCL thresholds:
The Delete action is enabled and the corresponding SCL threshold is set to 9.
The Reject action is enabled and the corresponding SCL threshold is set to 8.
The Quarantine action is enabled and the corresponding SCL threshold is set to 7.
Set-ContentFilterConfig -SCLDeleteEnabled $true -SCLDeleteThreshold 9 -SCLRejectEnabled $true -SCLRejectThreshold 8 -SCLQuarantineEnabled $true -SCLQuarantineThreshold 7
To verify that you have successfully configured the SCL thresholds, do the following:
Run the following command:
Get-ContentFilterConfig | Format-List SCL*
Verify the values displayed match the settings you specified.
When the Reject action is enabled, you can customize the rejection response that's sent to the message sender. The rejection response can't exceed 240 characters.
To configure a custom rejection response, run the following command:
Set-ContentFilterConfig -RejectionResponse "<Custom Text>"
This example configures the Content Filter agent to send a customized rejection response.
Set-ContentFilterConfig -RejectionResponse "Your message was rejected because it appears to be SPAM."
To verify that you have successfully configured the rejection response, do the following:
Run the following command:
Get-ContentFilterConfig | Format-List *Reject*
Verify the values displayed match the settings you specified.
Outlook Email Postmarking validation is a computational proof that Microsoft Outlook applies to outgoing messages to help recipient messaging systems distinguish legitimate email from junk email. Postmarking is available in Outlook 2007 or newer. Postmarking helps reduce false positives. Outlook Email Postmarking is enabled by default.
To disable Outlook Email Postmarking, run the following command:
Set-ContentFilterConfig -OutlookEmailPostmarkValidationEnabled $false
To enable Outlook Email Postmarking, run the following command:
Set-ContentFilterConfig -OutlookEmailPostmarkValidationEnabled $true
To verify that you have successfully configured Outlook Email Postmarking, do the following:
Run the following command:
Get-ContentFilterConfig | Format-List OutlookEmailPostmarkValidationEnabled
Verify the value displayed matches the setting you specified.