Attachment filtering on Edge Transport servers

 

Applies to: Exchange Server 2016

Topic Last Modified: 2016-04-20

Learn how attachment filtering in Exchange 2016 evaluates attachments in email messages, and what you can do.

In Exchange Server 2016, you can use attachment filtering on Edge Transport servers to control the attachments that users receive in email messages. Attachment filtering is performed by the Attachment Filtering agent, which is available only on Edge Transport servers, and is basically unchanged from Exchange Server 2010.

To configure the attachment filtering options, see Attachment filtering procedures on Edge Transport servers.

You can use the following types of attachment filtering to control attachments that enter or leave your organization through an Edge Transport server:

  • Filtering based on file name or file name extension   You specify the exact file name or file name extension that you want to filter. For example, BadFileName.exe or *.exe.

  • Filtering based on file MIME content type   You specify the MIME content type value that you want to filter. The MIME content type value indicates what the attachment is—for example, a JPEG image, an executable file, or a Microsoft Excel file. Content types are expressed as <type>/<subtype>. For example, a JPEG image file is expressed as image/jpeg.

    To view a complete list of file name extensions and content types that attachment filtering can detect, run the following command in the Exchange Management Shell on the Edge Transport server:

    Get-AttachmentFilterEntry | Format-Table -Auto Type,Name
    

After you define the files to look for, you can configure the action to take on messages that contain these attachments. You can't specify different actions for different types of attachments. You configure one of the following actions for all the messages that match any of the attachment filters:

  • Reject (block) the message   The message is blocked. The sender receives a non-delivery report (also known as an NDR, delivery status notification, DSN, or bounce message) that explains that the message wasn't delivered because it contained an unacceptable attachment. You can customize the text in the NDR. The default text is: Message rejected due to unacceptable attachments.

  • Strip the attachment but allow the message through   The attachment is removed from the message. However, the message itself and any other attachments that don't match the filter are allowed through. If an attachment is stripped, it's replaced with a text file that explains why the attachment was removed. This is the default action.

  • Silently delete the message   The message is deleted. Neither the sender nor the recipient receives notification.

For more information, see Attachment filtering procedures on Edge Transport servers.

noteNote:
You can't retrieve messages that have been blocked or attachments that have been stripped. When you configure attachment filters, carefully examine all possible file name matches and verify that legitimate attachments won't be affected by the filter.
If you remove attachments from digitally signed, encrypted, or rights-protected messages, you invalidate the digital signature, which makes encrypted and rights-protected messages unreadable. A way to avoid this problem for outbound messages is to sign or encrypt the messages after they've been processed by the Attachment Filtering agent.

The default attachments that are defined in attachment filtering are described in the following table.

 

Type Name

ContentType

application/hta

ContentType

application/javascript

ContentType

application/msaccess

ContentType

application/prg

ContentType

application/x-javascript

ContentType

application/x-msdownload

ContentType

ContentType

message/partial

ContentType

text/javascript

ContentType

text/scriptlet

ContentType

x-internet-signup

FileName

*.ade

FileName

*.adp

FileName

*.app

FileName

*.asx

FileName

*.bas

FileName

*.bat

FileName

*.chm

FileName

*.cmd

FileName

*.com

FileName

*.cpl

FileName

*.crt

FileName

*.csh

FileName

*.exe

FileName

*.fxp

FileName

*.hlp

FileName

*.hta

FileName

*.inf

FileName

*.ins

FileName

*.isp

FileName

*.js

FileName

*.jse

FileName

*.ksh

FileName

*.lnk

FileName

*.mda

FileName

*.mdb

FileName

*.mde

FileName

*.mdt

FileName

*.mdw

FileName

*.mdz

FileName

*.msc

FileName

*.msi

FileName

*.msp

FileName

*.mst

FileName

*.ops

FileName

*.pcd

FileName

*.pif

FileName

*.prf

FileName

*.prg

FileName

*.ps1

FileName

*.ps1xml

FileName

*.ps11

FileName

*.ps11xml

FileName

*.ps2

FileName

*.ps2xml

FileName

*.psc1

FileName

*.psc2

FileName

*.reg

FileName

*.scf

FileName

*.scr

FileName

*.sct

FileName

*.shb

FileName

*.shs

FileName

*.url

FileName

*.vb

FileName

*.vbe

FileName

*.vbs

FileName

*.wsc

FileName

*.wsf

FileName

*.wsh

FileName

*.xnk

 
Show: