Content filtering is provided by the Content Filter agent. The Content Filter agent filters all messages that come through all Receive connectors on the Exchange server. Only messages that come from non-authenticated sources are filtered.
What do you need to know before you begin?
Estimated time to complete each procedure: 10 minutes
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Anti-spam feature" entry in the Anti-spam and anti-malware permissions topic.
You can only use the Shell to perform this procedure.
By default, anti-spam features aren't enabled in the Transport service on a Mailbox server. Typically, you only enable the anti-spam features on a Mailbox server if your Exchange organization doesn't do any prior anti-spam filtering before accepting incoming messages. For more information, see Enable anti-spam functionality on Mailbox servers.
Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server.
Use the Shell to enable or disable content filtering
To disable content filtering, run the following command:
Set-ContentFilterConfig -Enabled $false
To enable content filtering, run the following command:
Set-ContentFilterConfig -Enabled $true
Note
When you disable content filtering, the underlying Content Filter agent is still enabled. To disable the Content Filter agent, run the command: Disable-TransportAgent "Content Filter Agent".
How do you know this worked?
To verify that you have successfully enabled or disabled content filtering, do the following:
Run the following command:
Get-ContentFilterConfig | Format-List Enabled
Verify the value of the Enabled property that's displayed.
Use the Shell to enable or disable content filtering for external messages
By default, content filtering functionality is enabled for external messages.
To disable content filtering for external messages, run the following command:
Verify the value of the ExternalMailEnabled property that's displayed.
Use the Shell to enable or disable content filtering for internal messages
As a best practice, you should not filter messages from trusted partners or from inside your organization. When you run anti-spam filters, there's always a chance that the filters will detect false positives. To reduce the chance that filters will mishandle legitimate email messages, you should enable anti-spam agents to run only on messages from potentially untrusted and unknown sources.
To enable content filtering for internal messages, run the following command:
The Delete action takes precedence over the Reject action, and the Reject action takes precedence over the Quarantine action. Therefore, the SCL threshold for the Delete action should be greater than the SCL threshold for the Reject action, which in turn should be greater than the SCL threshold for the Quarantine action. Only the Reject action is enabled by default, and it has the SCL threshold value 7.
This example configures the following values for the SCL thresholds:
The Delete action is enabled and the corresponding SCL threshold is set to 9.
The Reject action is enabled and the corresponding SCL threshold is set to 8.
The Quarantine action is enabled and the corresponding SCL threshold is set to 7.
To verify that you have successfully configured the SCL thresholds, do the following:
Run the following command:
Get-ContentFilterConfig | Format-List SCL*
Verify the values displayed match the settings you specified.
Use the Shell to configure the rejection response
When the Reject action is enabled, you can customize the rejection response that's sent to the message sender. The rejection response can't exceed 240 characters.
To configure a custom rejection response, run the following command:
This example configures the Content Filter agent to send a customized rejection response.
Set-ContentFilterConfig -RejectionResponse "Your message was rejected because it appears to be SPAM."
How do you know this worked?
To verify that you have successfully configured the rejection response, do the following:
Run the following command:
Get-ContentFilterConfig | Format-List *Reject*
Verify the values displayed match the settings you specified.
Use the Shell to enable or disable Outlook Email Postmarking
Outlook Email Postmarking validation is a computational proof that Microsoft Outlook applies to outgoing messages to help recipient messaging systems distinguish legitimate email from junk email. Postmarking is available in Outlook 2007 or newer. Postmarking helps reduce false positives. Outlook Email Postmarking is enabled by default.
To disable Outlook Email Postmarking, run the following command:
This module examines how to manage Safe Attachments in your Microsoft 365 tenant by creating and configuring policies and using transport rules to disable a policy from taking effect in certain scenarios. MS-102