Applies to: Exchange Server 2010

Topic Last Modified: 2011-03-19

Use the Set-AttachmentFilterListConfig cmdlet to modify the configuration of the Attachment Filter agent on the computer running Microsoft Exchange Server 2010 that has the Edge Transport server role installed.

set-attachmentfilterlistconfig [-Action <Reject | Strip | SilentDelete>] [-AdminMessage <String>] [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-ExceptionConnectors <MultiValuedProperty>] [-RejectResponse <String>] [-WhatIf [<SwitchParameter>]]

Parameter Required Type Description




The Action parameter specifies how the Attachment Filter agent handles an attachment that matches an entry on the attachment filter list. The default value is Reject. You can use one of the following values:

  • Reject   This value prevents both the e-mail message and attachment from being delivered to the recipient and issues a non-delivery report (NDR) to the sender.
  • Strip   This value removes the offending attachment from the e-mail message and allows the message and other attachments that don't match an entry on the attachment filter list through. A notification that the attachment was removed is added to the e-mail message.
  • SilentDelete   This value prevents both the e-mail message and the attachment from being delivered to the recipient. No notification that the e-mail message and attachment were blocked is sent to the sender.




The AdminMessage parameter specifies the content of a text file that replaces attachments removed by the Attachment Filter agent. The AdminMessage parameter only appears when the Attachment Filter agent is configured to remove an attachment that's been identified as bad.




The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.




The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory. The DomainController parameter isn't supported on the Edge Transport server role. The Edge Transport server role writes only to the Active Directory Lightweight Directory Services (AD LDS) instance.




The ExceptionConnectors parameter specifies a list of connectors that should be excluded from attachment filtering. Attachment filters aren't applied to e-mail messages received through these connectors. You must use the connector GUID to specify the ExceptionConnectors parameter value.




The RejectResponse parameter specifies the message body that you want delivered in the NDR to senders whose messages contain an attachment that's blocked. The RejectResponse parameter is required only if you set the Action parameter to Reject. Don't exceed 240 characters in the parameter argument. When you pass an argument, you must enclose the RejectResponse parameter value in quotation marks (") if the phrase contains spaces, for example: "Message rejected". The default setting is Message rejected due to unacceptable attachments.




The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

The Attachment Filter agent can block attachments from entering the Exchange 2010 organization based on the content type or the file name of the attachment. The Set-AttachmentFilterListConfig cmdlet modifies the configuration of the Attachment Filter agent and manages how attachments are processed.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Anti-spam features" entry in the Transport Permissions topic.

This example modifies the action that the Attachment Filter agent takes on an attachment that matches an entry on the attachment filter list so that both the e-mail message and attachment aren't delivered to the recipient, and an NDR is sent to the sender.

Set-AttachmentFilterListConfig -Action Reject